Re:Use the script already there.. Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign?

From: Bhaskar Chowdhury
Date: Wed Aug 05 2020 - 21:54:47 EST


On 20:59 Wed 05 Aug 2020, David Niklas wrote:
Hello,
I downloaded the kernel sources from kernel.org using curl, then
opera, and finally lynx (to rule out an html parsing bug). I did the same
with the sign and I keep getting:

% gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
gpg: Signature made Mon Aug 3 00:19:13 2020 EDT
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: BAD signature from "Greg Kroah-Hartman
<gregkh@xxxxxxxxxxxxxxxxxxx>" [unknown]

I did refresh all the keys just in case.
I believe this is important so I'm addressing this to the signer and only
CC'ing the list.

If I'm made some simple mistake, feel free to send SIG666 to my terminal.
I did re-read the man page just in case.

Thanks,
David

You should be using this script to download and verify kernel from
kernel.org ...it there for a reason , please use it...which take away
all the manual labor ..

Here is pointer to get the script :

https://git.kernel.org/pub/scm/linux/kernel/git/mricon/korg-helpers.git/tree/get-verified-tarball

Thanks,
Bhaskar

Attachment: signature.asc
Description: PGP signature