Page MenuHomeSolus
Create Task
Maniphest T7107

Unable to verify Solus-3.9999-Budgie.sha256sum: WARNING: not a detached signature
Closed, ResolvedPublic
Actions

Description

When setting up a new Solus virtual machine with the new 3.9999 iso, I couldn't verify the Solus-3.9999-Budgie.sha256sum:

$ gpg --verify Solus-3.9999-Budgie.sha256sum.sign 
gpg: Signature made Thu 20 Sep 2018 16:10:18 BST
gpg:                using RSA key 96B4A0291094A86A2B7E3367DD672FE9A2BE5892
gpg: Good signature from "Joshua Strobl (Personal) <joshua@stroblindustries.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 96B4 A029 1094 A86A 2B7E  3367 DD67 2FE9 A2BE 5892
gpg: WARNING: not a detached signature; file 'Solus-3.9999-Budgie.sha256sum' was NOT verified!

Event Timeline

Schteve created this task.Oct 27 2018, 3:55 PM
JoshStrobl claimed this task.Oct 28 2018, 9:02 AM
JoshStrobl triaged this task as Needs More Info priority.
JoshStrobl added a subscriber: JoshStrobl.

@Schteve Have you imported the GPG key as per our documentation prior to running the gpg verify?

Schteve added a comment.Oct 28 2018, 12:48 PM

Yes. This is also discussed more fully by someone more knowledgeable on an issue here on GitHub.

JoshStrobl closed this task as Resolved.Oct 29 2018, 2:57 PM

Should now be resolved with new .sign files. The instructions should now work as intended: https://getsol.us/articles/installation/preparing-to-install/en/#verify-sha256sums-file-signature

Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.