Change Details

@JoshStrobl Just wondering whether it's a good idea to have the pubkey on the same server with the rest of the stuff. But first things first. Please look over the output and confirm or deny the authenticity of the download. ```[user@pc ~]$ rm -rf .gnupg [user@pc ~]$ cd Downloads [user@pc Downloads]$ gpg --verify Solus-4.4-Plasma.iso.sha256sum.sign Solus-4.4-Plasma.iso.sha256sum gpg: directory '/home/user/.gnupg' created gpg: keybox '/home/user/.gnupg/pubring.kbx' created gpg: Signature made Thu 06 Jul 2023 05:13:15 PM EEST gpg: using RSA key F5F6685CAF5559771D9CCB92618EB3600BD32D59 gpg: issuer "releng@getsol.us" gpg: Can't check signature: No public key [user@pc Downloads]$ gpg --import solus-releng-pub.gpg gpg: /home/user/.gnupg/trustdb.gpg: trustdb created gpg: key 618EB3600BD32D59: public key "Solus (Release & Engineering) <releng@getsol.us>" imported gpg: Total number processed: 1 gpg: imported: 1 [user@pc Downloads]$ gpg --list-keys /home/user/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2023-07-02 [SC] F5F6685CAF5559771D9CCB92618EB3600BD32D59 uid [ unknown] Solus (Release & Engineering) <releng@getsol.us> sub rsa4096 2023-07-02 [E] [user@pc Downloads]$ gpg --verify Solus-4.4-Plasma.iso.sha256sum.sign Solus-4.4-Plasma.iso.sha256sum gpg: Signature made Thu 06 Jul 2023 05:13:15 PM EEST gpg: using RSA key F5F6685CAF5559771D9CCB92618EB3600BD32D59 gpg: issuer "releng@getsol.us" gpg: Good signature from "Solus (Release & Engineering) <releng@getsol.us>" [unknown] gpg: WARNING: The key's User ID is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F5F6 685C AF55 5977 1D9C CB92 618E B360 0BD3 2D59 [user@pc Downloads]$ sha256sum -c Solus-4.4-Plasma.iso.sha256sum Solus-4.4-Plasma.iso: OK [user@pc Downloads]$ sha256sum Solus-4.4-Plasma.iso 5b43ea5c99ed880bcf3822b1668f980b41fbc688a5cddca13aaba0c5989d4b57 Solus-4.4-Plasma.iso [user@pc Downloads]$ b2sum Solus-4.4-Plasma.iso 669a41cffe1df715c5642b79b214dc8316d24a80d2907b8c33a4cd09f74d6305955cd1a412233d57f340eff1eb140849327e98e24dad658d82465e8cdd1a1a09 Solus-4.4-Plasma.iso [user@pc Downloads]$``` Is that what it should look like? Much appreciated in advance.

Just wondering whether it's a good idea to have the pubkey on the same server with the rest of the stuff. But first things first. Please look over the output and confirm or deny the authenticity of the download. ``` [user@pc ~]$ rm -rf .gnupg [user@pc ~]$ cd Downloads [user@pc Downloads]$ gpg --verify Solus-4.4-Plasma.iso.sha256sum.sign Solus-4.4-Plasma.iso.sha256sum gpg: directory '/home/user/.gnupg' created gpg: keybox '/home/user/.gnupg/pubring.kbx' created gpg: Signature made Thu 06 Jul 2023 05:13:15 PM EEST gpg: using RSA key F5F6685CAF5559771D9CCB92618EB3600BD32D59 gpg: issuer "releng@getsol.us" gpg: Can't check signature: No public key [user@pc Downloads]$ gpg --import solus-releng-pub.gpg gpg: /home/user/.gnupg/trustdb.gpg: trustdb created gpg: key 618EB3600BD32D59: public key "Solus (Release & Engineering) <releng@getsol.us>" imported gpg: Total number processed: 1 gpg: imported: 1 [user@pc Downloads]$ gpg --list-keys /home/user/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2023-07-02 [SC] F5F6685CAF5559771D9CCB92618EB3600BD32D59 uid [ unknown] Solus (Release & Engineering) <releng@getsol.us> sub rsa4096 2023-07-02 [E] [user@pc Downloads]$ gpg --verify Solus-4.4-Plasma.iso.sha256sum.sign Solus-4.4-Plasma.iso.sha256sum gpg: Signature made Thu 06 Jul 2023 05:13:15 PM EEST gpg: using RSA key F5F6685CAF5559771D9CCB92618EB3600BD32D59 gpg: issuer "releng@getsol.us" gpg: Good signature from "Solus (Release & Engineering) <releng@getsol.us>" [unknown] gpg: WARNING: The key's User ID is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F5F6 685C AF55 5977 1D9C CB92 618E B360 0BD3 2D59 [user@pc Downloads]$ sha256sum -c Solus-4.4-Plasma.iso.sha256sum Solus-4.4-Plasma.iso: OK [user@pc Downloads]$ sha256sum Solus-4.4-Plasma.iso 5b43ea5c99ed880bcf3822b1668f980b41fbc688a5cddca13aaba0c5989d4b57 Solus-4.4-Plasma.iso [user@pc Downloads]$ b2sum Solus-4.4-Plasma.iso 669a41cffe1df715c5642b79b214dc8316d24a80d2907b8c33a4cd09f74d6305955cd1a412233d57f340eff1eb140849327e98e24dad658d82465e8cdd1a1a09 Solus-4.4-Plasma.iso [user@pc Downloads]$``` Is that what it should look like? Much appreciated in advance.

@JoshStrobl Just wondering whether it's a good idea to have the pubkey on the same server with the rest of the stuff. But first things first. Please look over the output and confirm or deny the authenticity of the download. ``` ```[user@pc ~]$ rm -rf .gnupg [user@pc ~]$ cd Downloads [user@pc Downloads]$ gpg --verify Solus-4.4-Plasma.iso.sha256sum.sign Solus-4.4-Plasma.iso.sha256sum gpg: directory '/home/user/.gnupg' created gpg: keybox '/home/user/.gnupg/pubring.kbx' created gpg: Signature made Thu 06 Jul 2023 05:13:15 PM EEST gpg: using RSA key F5F6685CAF5559771D9CCB92618EB3600BD32D59 gpg: issuer "releng@getsol.us" gpg: Can't check signature: No public key [user@pc Downloads]$ gpg --import solus-releng-pub.gpg gpg: /home/user/.gnupg/trustdb.gpg: trustdb created gpg: key 618EB3600BD32D59: public key "Solus (Release & Engineering) <releng@getsol.us>" imported gpg: Total number processed: 1 gpg: imported: 1 [user@pc Downloads]$ gpg --list-keys /home/user/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2023-07-02 [SC] F5F6685CAF5559771D9CCB92618EB3600BD32D59 uid [ unknown] Solus (Release & Engineering) <releng@getsol.us> sub rsa4096 2023-07-02 [E] [user@pc Downloads]$ gpg --verify Solus-4.4-Plasma.iso.sha256sum.sign Solus-4.4-Plasma.iso.sha256sum gpg: Signature made Thu 06 Jul 2023 05:13:15 PM EEST gpg: using RSA key F5F6685CAF5559771D9CCB92618EB3600BD32D59 gpg: issuer "releng@getsol.us" gpg: Good signature from "Solus (Release & Engineering) <releng@getsol.us>" [unknown] gpg: WARNING: The key's User ID is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F5F6 685C AF55 5977 1D9C CB92 618E B360 0BD3 2D59 [user@pc Downloads]$ sha256sum -c Solus-4.4-Plasma.iso.sha256sum Solus-4.4-Plasma.iso: OK [user@pc Downloads]$ sha256sum Solus-4.4-Plasma.iso 5b43ea5c99ed880bcf3822b1668f980b41fbc688a5cddca13aaba0c5989d4b57 Solus-4.4-Plasma.iso [user@pc Downloads]$ b2sum Solus-4.4-Plasma.iso 669a41cffe1df715c5642b79b214dc8316d24a80d2907b8c33a4cd09f74d6305955cd1a412233d57f340eff1eb140849327e98e24dad658d82465e8cdd1a1a09 Solus-4.4-Plasma.iso [user@pc Downloads]$``` Is that what it should look like? Much appreciated in advance.