Debian package signature verification fails #1612

ian-m-carr · 2024-05-11T10:48:16Z

ian-m-carr
May 11, 2024

I am trying to follow the instructions for verifying the signature of the debian install package.

I have the signature .gpg and policy file set up (Seem to be correct!)

When I run the signature verification on any of the packages since 2.4.0 and up to 2.5.0

> debsig-verify -v gcm-linux_amd64.2.4.0.deb
I get:

debsig: Starting verification for: gcm-linux_amd64.2.4.0.deb
debsig: Using policy directory: /etc/debsig/policies/3C853823978B07FA
debsig:   Parsing policy file: /etc/debsig/policies/3C853823978B07FA/generic.pol
debsig:     Checking Selection group(s).
debsig:       Processing 'origin' key...
debsig:     Selection group(s) passed, policy is usable.
debsig: Using policy file: /etc/debsig/policies/3C853823978B07FA/generic.pol
debsig:     Checking Verification group(s).
debsig:       Processing 'origin' key...
debsig:     Verification group failed checks.
debsig: Failed verification for gcm-linux_amd64.2.4.0.deb.

If I try an earlier say 2.3.2 the key appears to have changed:

debsig-verify -v gcm-linux_amd64.2.3.2.deb 
debsig: Starting verification for: gcm-linux_amd64.2.3.2.deb
debsig: Could not find Origin directory for EB3E94ADBE1229CF

Any ideas? Is the signature bad? the download corrupt? or something else?

Installed on Debian - Bookworm (12)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Debian package signature verification fails #1612

{{title}}

Replies: 0 comments

Select a reply

Debian package signature verification fails #1612

ian-m-carr May 11, 2024

Replies: 0 comments

ian-m-carr
May 11, 2024