Verify new iso EoS error

maximusXX70 · December 18, 2021, 8:40pm

I downloaded the new iso but when it tries to do the verification by importing the key:
gpg --keyserver keys.gnupg.net --recv-keys CB23504F
I get: reception from keyserver failed: no name

is this normal or is there something wrong?

ricklinux · December 18, 2021, 8:44pm

I not familiar with all the methods to check the keys signature. I use the sha512 sum method.

Edit: It’s explained all on this page below the links for the ISO.

https://endeavouros.com/latest-release/

pebcak · December 18, 2021, 8:50pm

Perhaps try with another keyserver?

gpg --keyserver keyserver.ubuntu.com --recv-keys CB23504F

or

gpg --keyserver pgp.mit.edu --recv-keys CB23504F

joekamprad · December 18, 2021, 8:53pm

keys.gnupg.net
isn’ t this one from the sks pool and not used anymore?
i need to check … but the server is still active…
but you do not need to specify a keyserver at all and use default one:
gpg --recv-keys CB23504F
the command is from the time where these SKS keyserver issues where up…

maximusXX70 · December 18, 2021, 8:54pm

At the bottom of the page you linked me it says (and it’s also the instructions I’ve always followed to download isos):
To check the ISO file with gpg signature import our key and verify it.

(Don’t forget to trust our key after validating it)

gpg --keyserver keys.gnupg.net --recv-keys CB23504F

gpg --verify EndeavourOS_Atlantis_neo-21_5.iso.sig

And it is just when I try to import the key that I get the error

maximusXX70 · December 18, 2021, 9:01pm

I have always used umea university even for previous iso’s and never had any problems.

I used the same server this time as well but compared to before I got the error.

I also tried with GitHub and it is the same

joekamprad · December 18, 2021, 9:02pm

get the key:

gpg --recv-keys CB23504F

set trust (follow the output):

gpg --edit-key CB23504F

verify ISO signature:

gpg --verify EndeavourOS_Atlantis_neo-21_5.iso.sig

2021-12-18_22-04

ricklinux · December 18, 2021, 9:05pm

What do you do with set trust?

joekamprad · December 18, 2021, 9:10pm

set trust into that the key is really the one from EndeavourOS
Usually, you would share keys in person so you know it was really me giving you my key.

ricklinux · December 18, 2021, 9:11pm

I don’t undertsand how it works because i just tried it and it didn’t work the way i thought it would?
Edit: I download the key. No issue
But what do i do with trust as i run it and it wants what?
If i verify the ISO it doesn’t. work. Can’t find…

joekamprad · December 18, 2021, 9:14pm

you need to be in the same folder as the ISO and sig file

ricklinux · December 18, 2021, 9:15pm

Do you have to download the key to the same folder also?

maximusXX70 · December 18, 2021, 9:16pm

Yes, I download both iso and key in the same folder

joekamprad · December 18, 2021, 9:16pm

no the key is in your users keyring and gets read by gpg…

set trust:

gpg --edit-key CB23504F
gpg (GnuPG) 2.2.32; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/003DB8B0CB23504F
     created: 2019-06-06  expires: never       usage: SC  
     trust: undefined     validity: unknown
ssb  rsa2048/B78C8A586ADF9E73
     created: 2019-06-06  expires: never       usage: E   
[ unknown] (1). EndeavourOS <info@endeavouros.com>

gpg> trust
sec  rsa2048/003DB8B0CB23504F
     created: 2019-06-06  expires: never       usage: SC  
     trust: undefined     validity: unknown
ssb  rsa2048/B78C8A586ADF9E73
     created: 2019-06-06  expires: never       usage: E   
[ unknown] (1). EndeavourOS <info@endeavouros.com>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

sec  rsa2048/003DB8B0CB23504F
     created: 2019-06-06  expires: never       usage: SC  
     trust: ultimate      validity: unknown
ssb  rsa2048/B78C8A586ADF9E73
     created: 2019-06-06  expires: never       usage: E   
[ unknown] (1). EndeavourOS <info@endeavouros.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> quit

ricklinux · December 18, 2021, 9:16pm

Am i not supposed to do this?

[ricklinux@eos-kde Downloads]$ gpg --recv-keys CB23504F
gpg: key 003DB8B0CB23504F: "EndeavourOS <info@endeavouros.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
[ricklinux@eos-kde Downloads]$ gpg --edit-key CB23504F
gpg (GnuPG) 2.2.32; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  rsa2048/003DB8B0CB23504F
     created: 2019-06-06  expires: never       usage: SC  
     trust: unknown       validity: unknown
sub  rsa2048/B78C8A586ADF9E73
     created: 2019-06-06  expires: never       usage: E   
[ unknown] (1). EndeavourOS <info@endeavouros.com>

gpg>

joekamprad · December 18, 2021, 9:17pm

type trust and hit enter

ricklinux · December 18, 2021, 9:18pm

It stops at gpg>

maximusXX70 · December 18, 2021, 9:19pm

The solution proposed by @ joekamprad works!

Instead following the directions of the site does not

joekamprad · December 18, 2021, 9:19pm

that’s the gpg programs prompt

joekamprad · December 18, 2021, 9:20pm

I do just updated the release website also