| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:references:to:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=yLLhAIDFiekN8BIe | |
| uLr1XFCIbv/C/N6LK/hS5uLJMr3lA0hyTnvBqflxvtie2cjl4G7FEG6LYow2OpuB | |
| EZiof3zdQu5PF/gBvzB6YiboCvML8bakb/NVeQXweTFC/9PsKm+VwyA6D6c7JEdn | |
| OuPejYP8JzDT0V+o8HWhrd5Q7m0= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:references:to:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=N42CZZXpv509+FnNiuYvze | |
| DrPFY=; b=i5lFj5MIaorLgj52Mu8wbw7IwpX4eEkbGfaFer+c93Zo0wSLWjK8ZI | |
| OQ9r325eWwysPUvI4R/nnvh4HnNZcKpLAWRrz/jIBmTz6CFkMGleyqT4xbCU1sZ1 | |
| 3C6h/xGinwT2cuX39WtbfF2kvjJguC7LXHwG5cY1YrjKPreuSO550= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=3.3 required=5.0 tests=AWL,BAYES_50,EXECUTABLE_URI,KAM_EXEURI,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=2016-09-29, userid, H*RU:64.59.134.12, Hx-spam-relays-external:64.59.134.12 |
| X-HELO: | smtp-out-no.shaw.ca |
| X-Authority-Analysis: | v=2.2 cv=JOx5iICb c=1 sm=1 tr=0 a=WqCeCkldcEjBO3QZneQsCg==:117 a=WqCeCkldcEjBO3QZneQsCg==:17 a=w_pzkKWiAAAA:8 a=IkcTkHD0fZMA:10 a=zGGjxxUDAAAA:8 a=Q-wW1a7ankSrvAYKVx8A:9 a=7Zwj6sZBwVKJAoWSPKxL6X1jA+E=:19 a=5JUVm3fbaY58p7yF:21 a=FMASf0mfamzu5Vkf:21 a=QEXdDO2ut3YA:10 a=YQIJh5dqO5EA:10 a=sRI3_1zDfAgwuvI8zelB:22 a=t77UKEx5sq5RR-Q8SVSL:22 |
| Reply-To: | Brian DOT Inglis AT SystematicSw DOT ab DOT ca |
| Subject: | Re: URGENT: BAD signature from "Cygwin <cygwin AT cygwin DOT com>" |
| References: | <B0BF22335C47694D8CF77683CF7C809C8451E464 AT TWHQ-MAIL1 DOT trellisware DOT com> <125363965 DOT 20160929001342 AT yandex DOT ru> <B0BF22335C47694D8CF77683CF7C809C8451E60E AT TWHQ-MAIL1 DOT trellisware DOT com> |
| To: | cygwin AT cygwin DOT com |
| From: | Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca> |
| Message-ID: | <64b6c7d3-2f24-0bb0-d36c-04d4badf37d9@SystematicSw.ab.ca> |
| Date: | Wed, 28 Sep 2016 22:08:36 -0600 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <B0BF22335C47694D8CF77683CF7C809C8451E60E@TWHQ-MAIL1.trellisware.com> |
| X-CMAE-Envelope: | MS4wfJaWSR2H1rHxJPM35+XyeKA/JzLLTnBv5RPS2Nrrb1yNzEPNPnoFQzc1brojxa7HqXJF/tgBFf/dY6PekuIZL9yjxr5Hf2WTQKT5yOViie2qQVVekgbs lXeUkbigUH74gv26h+usMSK6mTaGTnn5rwawQx+GE50Zpy+VazcmTJl0kC+7/SRrrIBHkR4Uh92HFA== |
| X-IsSubscribed: | yes |
On 2016-09-28 16:58, Thomas Sanders wrote:
> ###
> wget -q http://cygwin.com/setup-x86.exe -O ${DESTINATION}/setup-x86.exe
> wget -q http://cygwin.com/setup-x86.exe.sig -O ${DESTINATION}/setup-x86.exe.sig
> wget -q http://cygwin.com/setup-x86_64.exe -O ${DESTINATION}/setup-x86_64.exe
> wget -q http://cygwin.com/setup-x86_64.exe.sig -O ${DESTINATION}/setup-x86_64.exe.sig
> wget -q http://cygwin.com/key/pubring.asc -O ${DESTINATION}/pubring.asc
>
> if [ $(gpg --list-keys | grep -c 'cygwin AT cygwin DOT com') != 1 ]
> then
> gpg --import ${DESTINATION}/pubring.asc
> fi
>
> echo "testing ${DESTINATION}/setup-x86.exe"
> gpg --verify ${DESTINATION}/setup-x86.exe.sig ${DESTINATION}/setup-x86.exe
> if [ ${?} -gt 0 ]
> then
> mv ${DESTINATION}/setup-x86.exe ${DESTINATION}/setup-x86.exe.DONT_USE-BAD_SIGNATURE
> fi
>
> echo "testing ${DESTINATION}/setup-x86_64.exe"
> gpg --verify ${DESTINATION}/setup-x86_64.exe.sig ${DESTINATION}/setup-x86_64.exe
> if [ ${?} -gt 0 ]
> then
> mv ${DESTINATION}/setup-x86_64.exe ${DESTINATION}/setup-x86_64.exe.DONT_USE-BAD_SIGNATURE
> fi ###
> Here is the output:
> testing /tftpboot/PXE/mirrors/cygwin//setup-x86.exe
> gpg: Signature made Fri 09 Sep 2016 02:20:02 AM PDT using DSA key ID 676041BA
> gpg: BAD signature from "Cygwin <cygwin AT cygwin DOT com>"
>
> testing /tftpboot/PXE/mirrors/cygwin//setup-x86_64.exe
> gpg: Signature made Fri 09 Sep 2016 02:20:05 AM PDT using DSA key ID 676041BA
> gpg: Good signature from "Cygwin <cygwin AT cygwin DOT com>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 1169 DF9F 2273 4F74 3AA5 9232 A9A2 62FF 6760 41BA
IIRC to suppress BAD and WARNING (it's been a while since I did this)
you install gnupg package, then generate your own key:
[following edited to obscure local details; I edited the details using
the example provided in gpg; skip this step if you have already done it
with your own details]
$ gpg --gen-key
gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `~/.gnupg' created
gpg: new configuration file `~/.gnupg/gpg.conf' created
gpg: WARNING: options in `~/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `~/.gnupg/secring.gpg' created
gpg: keyring `~/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Fri 28 Sep 2018 09:17:14 PM GMT
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh AT duesseldorf DOT de>"
Real name: Heinrich Heine
Email address: heinrichh AT duesseldorf DOT de
Comment: Der Dichter
You selected this USER-ID:
"Heinrich Heine (Der Dichter) <heinrichh AT duesseldorf DOT de>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
[*open another terminal and run "find / >& /dev/null &"; then do a Windows
File Explorer search for e; browse the web and wave the mouse around;
type junk into other windows; until the following messages stop appearing:
may take a few minutes unless your system is running background work*]
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 264 more bytes)
............+++++
....+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 86 more bytes)
.....+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 128 more bytes)
............+++++
gpg: ~/.gnupg/trustdb.gpg: trustdb created
gpg: key FFFFFFFF marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2018-09-29
pub 2048R/FFFFFFFF 2016-09-29 [expires: 2018-09-29]
Key fingerprint = FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF
uid Heinrich Heine (Der Dichter) <heinrichh AT duesseldorf DOT de>
sub 2048R/FFFFFFFF 2016-09-29 [expires: 2018-09-29]
$ gpg --list-keys
~/.gnupg/pubring.gpg
----------------------------
pub 2048R/FFFFFFFF 2016-09-29 [expires: 2018-09-29]
uid Heinrich Heine (Der Dichter) <heinrichh AT duesseldorf DOT de>
sub 2048R/FFFFFFFF 2016-09-29 [expires: 2018-09-29]
$
Only then can you add the Cygwin key to your key ring:
$ gpg --keyserver keys.gnupg.net --recv-keys 676041BA
then make it good by running:
$ gpg --keyserver keys.gnupg.net --edit-key 676041BA
gpg (GnuPG) 1.4.21; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 1024D/676041BA created: 2008-06-13 expires: never usage: SC
sub 1024g/A1DB7B5C created: 2008-06-13 expires: never usage: E (1). Cygwin <cygwin AT cygwin DOT com>
gpg> trust
pub 1024D/676041BA created: 2008-06-13 expires: never usage: SC
sub 1024g/A1DB7B5C created: 2008-06-13 expires: never usage: E (1). Cygwin <cygwin AT cygwin DOT com>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5 [or maybe 4?]
gpg> q
$
Now your gpg --verify should succeed with a good key.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |