I’m getting a “Bad signature” when trying to verify alma9 checksums.
Is there any problem with the checksum files?
Followed instructions here: Generic Cloud (Cloud-init) | AlmaLinux Wiki
$ gpg --verify CHECKSUM.asc CHECKSUM
gpg: Signature made mié 02 nov 2022 18:08:28 CET
gpg: using RSA key BF18AC2876178908D6E71267D36CB86CB86B3716
gpg: BAD signature from “AlmaLinux OS 9 packager@almalinux.org” [unknown]
are you trying to verify the cloud image or the live or iso image?
this now works - CHECKSUM sync issue or something:
curl -s https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-9 -O
gpg --with-subkey-fingerprints RPM-GPG-KEY-AlmaLinux-9
gpg --import RPM-GPG-KEY-AlmaLinux-9
curl -s https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/CHECKSUM -O
curl -s https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/CHECKSUM.asc -O
gpg --verify CHECKSUM.asc CHECKSUM
curl -s https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-latest.x86_64.qcow2 -O
sha256sum -c CHECKSUM 2>&1 | grep OK
Thanks! Issue resolved. The new signature works as expected
1 Like