Loading ...
Sorry, an error occurred while loading the content.

md5sum of source file

Expand Messages
  • Robert Lopez
    How do I get the md5sum for postfix-2.10.0.tar.gz out of the postfix-2.10.0.tar.gz.sig file? -- Robert Lopez Unix Systems Administrator Central New Mexico
    Message 1 of 6 , Apr 1, 2013
    • 0 Attachment
      How do I get the md5sum for postfix-2.10.0.tar.gz out of the postfix-2.10.0.tar.gz.sig file?

      --
      Robert Lopez
      Unix Systems Administrator
      Central New Mexico Community College (CNM)
      525 Buena Vista SE
      Albuquerque, New Mexico 87106
    • /dev/rob0
      ... The sig file is a GPG signature. Get the public key and verify the signature: gpg postfix-2.10.0.tar.gz.sig (with postfix-2.10.0.tar.gz in the same
      Message 2 of 6 , Apr 1, 2013
      • 0 Attachment
        On Mon, Apr 01, 2013 at 02:11:53PM -0600, Robert Lopez wrote:
        > How do I get the md5sum for postfix-2.10.0.tar.gz out of the
        > postfix-2.10.0.tar.gz.sig file?

        The sig file is a GPG signature. Get the public key and verify the
        signature:

        gpg postfix-2.10.0.tar.gz.sig

        (with postfix-2.10.0.tar.gz in the same directory)

        You don't need md5sum, in fact, I'd think that the GPG signature
        should give you greater assurance than md5sum.
        --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      • Robert Lopez
        Now that I know what it is, searching for gpg postfix I keep reading of others who never got it to work (rsa or not discussion etc). I have yet to find a
        Message 3 of 6 , Apr 1, 2013
        • 0 Attachment
          Now that I know what it is, searching for "gpg postfix" I keep reading of others who never got it to work (rsa or not discussion etc). I have yet to find a posting of it working.

          For myself, my gpg stuff works well for what I use it (Google Apps) but is apparently broken for importing new keys:
          $ gpg -v --import wietse.pgp
          gpg: can't open `wietse.pgp': No such file or directory
          gpg: Total number processed: 0
           $ gpg --verify postfix-2.10.0.tar.gz.sig postfix-2.10.0.tar.gz
          gpg: Signature made Mon 11 Feb 2013 09:19:00 AM MST using RSA key ID C12BCD99
          gpg: Can't check signature: public key not found


          On Mon, Apr 1, 2013 at 2:18 PM, /dev/rob0 <rob0@...> wrote:
          On Mon, Apr 01, 2013 at 02:11:53PM -0600, Robert Lopez wrote:
          > How do I get the md5sum for postfix-2.10.0.tar.gz out of the
          > postfix-2.10.0.tar.gz.sig file?

          The sig file is a GPG signature. Get the public key and verify the
          signature:

          gpg postfix-2.10.0.tar.gz.sig

          (with postfix-2.10.0.tar.gz in the same directory)

          You don't need md5sum, in fact, I'd think that the GPG signature
          should give you greater assurance than md5sum.
          --
            http://rob0.nodns4.us/ -- system administration and consulting
            Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:



          --
          Robert Lopez
          Unix Systems Administrator
          Central New Mexico Community College (CNM)
          525 Buena Vista SE
          Albuquerque, New Mexico 87106
        • Wietse Venema
          ... Do you have the `wietse.pgp file? I have a copy linked from the Postfix source code download page. Wietse
          Message 4 of 6 , Apr 1, 2013
          • 0 Attachment
            Robert Lopez:
            > For myself, my gpg stuff works well for what I use it (Google Apps) but is
            > apparently broken for importing new keys:
            > $ gpg -v --import wietse.pgp
            > gpg: can't open `wietse.pgp': No such file or directory

            Do you have the `wietse.pgp' file? I have a copy linked from
            the Postfix source code download page.

            Wietse
          • Robert Lopez
            Wietse, No I did not! Now I have. Thanks. Is this sufficient to know all is ok: # gpg --verify postfix-2.10.0.tar.gz.sig postfix-2.10.0.tar.gz gpg: Signature
            Message 5 of 6 , Apr 2, 2013
            • 0 Attachment
              Wietse, No I did not!  Now I have. Thanks.

              Is this sufficient to know all is ok:

              # gpg --verify postfix-2.10.0.tar.gz.sig postfix-2.10.0.tar.gz
              gpg: Signature made Mon 11 Feb 2013 09:19:00 AM MST using RSA key ID C12BCD99
              gpg: Good signature from "Wietse Venema <wietse@...>"
              gpg: WARNING: This key is not certified with a trusted signature!
              gpg:          There is no indication that the signature belongs to the owner.
              Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E  A4 EF AD BF 48 34 E1 BB
              # echo $?
              0



              On Mon, Apr 1, 2013 at 5:18 PM, Wietse Venema <wietse@...> wrote:
              Robert Lopez:
              > For myself, my gpg stuff works well for what I use it (Google Apps) but is
              > apparently broken for importing new keys:
              > $ gpg -v --import wietse.pgp
              > gpg: can't open `wietse.pgp': No such file or directory

              Do you have the `wietse.pgp' file? I have a copy linked from
              the Postfix source code download page.

                      Wietse



              --
              Robert Lopez
              Unix Systems Administrator
              Central New Mexico Community College (CNM)
              525 Buena Vista SE
              Albuquerque, New Mexico 87106
            • Wietse Venema
              ... That looks right, however email is not secure enough to authenticate a PGP public key. Since the key has no other signature, yould have to meet me in
              Message 6 of 6 , Apr 2, 2013
              • 0 Attachment
                Robert Lopez:
                > Wietse, No I did not! Now I have. Thanks.
                >
                > Is this sufficient to know all is ok:
                >
                > # gpg --verify postfix-2.10.0.tar.gz.sig postfix-2.10.0.tar.gz
                > gpg: Signature made Mon 11 Feb 2013 09:19:00 AM MST using RSA key ID
                > C12BCD99
                > gpg: Good signature from "Wietse Venema <wietse@...>"
                > gpg: WARNING: This key is not certified with a trusted signature!
                > gpg: There is no indication that the signature belongs to the
                > owner.
                > Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB

                That looks right, however email is not secure enough to authenticate
                a PGP public key. Since the key has no other signature, yould have
                to meet me in person. I don't seem to have a copy that was signed
                by other people.

                Wietse
              Your message has been successfully submitted and would be delivered to recipients shortly.