Loading ...
Sorry, an error occurred while loading the content.

Re: md5sum of source file

Expand Messages
  • Robert Lopez
    Now that I know what it is, searching for gpg postfix I keep reading of others who never got it to work (rsa or not discussion etc). I have yet to find a
    Message 1 of 6 , Apr 1 2:27 PM
    • 0 Attachment
      Now that I know what it is, searching for "gpg postfix" I keep reading of others who never got it to work (rsa or not discussion etc). I have yet to find a posting of it working.

      For myself, my gpg stuff works well for what I use it (Google Apps) but is apparently broken for importing new keys:
      $ gpg -v --import wietse.pgp
      gpg: can't open `wietse.pgp': No such file or directory
      gpg: Total number processed: 0
       $ gpg --verify postfix-2.10.0.tar.gz.sig postfix-2.10.0.tar.gz
      gpg: Signature made Mon 11 Feb 2013 09:19:00 AM MST using RSA key ID C12BCD99
      gpg: Can't check signature: public key not found


      On Mon, Apr 1, 2013 at 2:18 PM, /dev/rob0 <rob0@...> wrote:
      On Mon, Apr 01, 2013 at 02:11:53PM -0600, Robert Lopez wrote:
      > How do I get the md5sum for postfix-2.10.0.tar.gz out of the
      > postfix-2.10.0.tar.gz.sig file?

      The sig file is a GPG signature. Get the public key and verify the
      signature:

      gpg postfix-2.10.0.tar.gz.sig

      (with postfix-2.10.0.tar.gz in the same directory)

      You don't need md5sum, in fact, I'd think that the GPG signature
      should give you greater assurance than md5sum.
      --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:



      --
      Robert Lopez
      Unix Systems Administrator
      Central New Mexico Community College (CNM)
      525 Buena Vista SE
      Albuquerque, New Mexico 87106
    • Wietse Venema
      ... Do you have the `wietse.pgp file? I have a copy linked from the Postfix source code download page. Wietse
      Message 2 of 6 , Apr 1 4:18 PM
      • 0 Attachment
        Robert Lopez:
        > For myself, my gpg stuff works well for what I use it (Google Apps) but is
        > apparently broken for importing new keys:
        > $ gpg -v --import wietse.pgp
        > gpg: can't open `wietse.pgp': No such file or directory

        Do you have the `wietse.pgp' file? I have a copy linked from
        the Postfix source code download page.

        Wietse
      • Robert Lopez
        Wietse, No I did not! Now I have. Thanks. Is this sufficient to know all is ok: # gpg --verify postfix-2.10.0.tar.gz.sig postfix-2.10.0.tar.gz gpg: Signature
        Message 3 of 6 , Apr 2 11:51 AM
        • 0 Attachment
          Wietse, No I did not!  Now I have. Thanks.

          Is this sufficient to know all is ok:

          # gpg --verify postfix-2.10.0.tar.gz.sig postfix-2.10.0.tar.gz
          gpg: Signature made Mon 11 Feb 2013 09:19:00 AM MST using RSA key ID C12BCD99
          gpg: Good signature from "Wietse Venema <wietse@...>"
          gpg: WARNING: This key is not certified with a trusted signature!
          gpg:          There is no indication that the signature belongs to the owner.
          Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E  A4 EF AD BF 48 34 E1 BB
          # echo $?
          0



          On Mon, Apr 1, 2013 at 5:18 PM, Wietse Venema <wietse@...> wrote:
          Robert Lopez:
          > For myself, my gpg stuff works well for what I use it (Google Apps) but is
          > apparently broken for importing new keys:
          > $ gpg -v --import wietse.pgp
          > gpg: can't open `wietse.pgp': No such file or directory

          Do you have the `wietse.pgp' file? I have a copy linked from
          the Postfix source code download page.

                  Wietse



          --
          Robert Lopez
          Unix Systems Administrator
          Central New Mexico Community College (CNM)
          525 Buena Vista SE
          Albuquerque, New Mexico 87106
        • Wietse Venema
          ... That looks right, however email is not secure enough to authenticate a PGP public key. Since the key has no other signature, yould have to meet me in
          Message 4 of 6 , Apr 2 1:02 PM
          • 0 Attachment
            Robert Lopez:
            > Wietse, No I did not! Now I have. Thanks.
            >
            > Is this sufficient to know all is ok:
            >
            > # gpg --verify postfix-2.10.0.tar.gz.sig postfix-2.10.0.tar.gz
            > gpg: Signature made Mon 11 Feb 2013 09:19:00 AM MST using RSA key ID
            > C12BCD99
            > gpg: Good signature from "Wietse Venema <wietse@...>"
            > gpg: WARNING: This key is not certified with a trusted signature!
            > gpg: There is no indication that the signature belongs to the
            > owner.
            > Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB

            That looks right, however email is not secure enough to authenticate
            a PGP public key. Since the key has no other signature, yould have
            to meet me in person. I don't seem to have a copy that was signed
            by other people.

            Wietse
          Your message has been successfully submitted and would be delivered to recipients shortly.