Note
The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "GPG Signatures"
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
<tr><th>GPG key name/email</th><th>GPG comment</th><th>GPG Key ID</th><th>Fingerprint</th><th>GPG Key Type</th><th>Used for</th></tr> | <tr><th>GPG key name/email</th><th>GPG comment</th><th>GPG Key ID</th><th>Fingerprint</th><th>GPG Key Type</th><th>Used for</th></tr> | ||
<tr><td>Daniel Robbins {{c|drobbins@funtoo.org}}</td><td>{{c|metro:node}}</td><td>{{c|11FD00FD}}</td><td>{{c|70AC BB6B FEE7 BC57 2A89 41D1 9266 C4FA 11FD 00FD}}</td><td>4096-bit RSA (no expiry)</td><td>Generic and Intel builds</td></tr> | <tr><td>Daniel Robbins {{c|drobbins@funtoo.org}}</td><td>{{c|metro:node}}</td><td>{{c|11FD00FD}}</td><td>{{c|70AC BB6B FEE7 BC57 2A89 41D1 9266 C4FA 11FD 00FD}}</td><td>4096-bit RSA (no expiry)</td><td>Generic and Intel builds</td></tr> | ||
<tr><td>Daniel Robbins {{c|drobbins@funtoo.org}}</td><td>{{c|metro:excavator}}</td><td>{{c|683A2F8A}}</td><td>{{c|E8C5 7481 5DC1 74AF 5A9E 8385 3AA5 CA5E 683A 2F8A}}</td><td>4096-bit RSA (no expiry)</td><td>Most AMD builds</td></tr> | <tr><td>Daniel Robbins {{c|drobbins@funtoo.org}}</td><td>{{c|metro:excavator}}</td><td>{{c|4FF347DD}} (Sign)<br>{{c|683A2F8A}} (Primary)</td><td>{{c|3C56 18FB C28A B2FE 90C8 B9EB E510 18CD 4FF3 47DD}} (Sign)<br>{{c|E8C5 7481 5DC1 74AF 5A9E 8385 3AA5 CA5E 683A 2F8A}} (Primary)</td><td>4096-bit RSA (no expiry)</td><td>Most AMD builds</td></tr> | ||
<tr><td>Daniel Robbins {{c|drobbins@funtoo.org}}</td><td>{{c|metro:jaguar}}</td><td>{{c|BEA87CD2}}</td><td>{{c|6DDA E857 2788 8A7C A50E 2122 A902 1CE4 BEA8 7CD2}}</td><td>4096-bit RSA (no expiry)</td><td>AMD Jaguar builds</td></tr> | <tr><td>Daniel Robbins {{c|drobbins@funtoo.org}}</td><td>{{c|metro:jaguar}}</td><td>{{c|BEA87CD2}}</td><td>{{c|6DDA E857 2788 8A7C A50E 2122 A902 1CE4 BEA8 7CD2}}</td><td>4096-bit RSA (no expiry)</td><td>AMD Jaguar builds</td></tr> | ||
<tr><td>Daniel Robbins {{c|drobbins@funtoo.org}}</td><td>{{c|metro:odroid-xu4}}</td><td>{{c|EEE54A43}}</td><td>{{c|38E8 4AD5 3B01 590B A678 5E88 2A7B 0B2E EEE5 4A43}}</td><td>4096-bit RSA (no expiry)</td><td>ARM 32-bit builds</td></tr> | <tr><td>Daniel Robbins {{c|drobbins@funtoo.org}}</td><td>{{c|metro:odroid-xu4}}</td><td>{{c|EEE54A43}}</td><td>{{c|38E8 4AD5 3B01 590B A678 5E88 2A7B 0B2E EEE5 4A43}}</td><td>4096-bit RSA (no expiry)</td><td>ARM 32-bit builds</td></tr> | ||
| Line 16: | Line 16: | ||
{{TableEnd}} | {{TableEnd}} | ||
To verify the integrity of stage3 tarballs using GPG, first download your preferred stage3 taball, and the matching file with the additional {{c|.gpg}} extension in the same directory. Then | To verify the integrity of stage3 tarballs using GPG, first download your preferred stage3 taball, and the matching file with the additional {{c|.gpg}} extension in the same directory. Then, you will want to use the {{c|gpg --recv-key}} command, specifying the ''primary key id'' listed above that is necessary for verification: | ||
{{console|body= | {{console|body= | ||
| Line 25: | Line 25: | ||
}} | }} | ||
You should see output similar to this: | You should see output similar to this, which will specify the ''signing'' GPG key ID: | ||
{{console|body= | {{console|body= | ||
gpg: Signature made Sat 10 Dec 2016 08:46:41 PM MST using RSA key ID 4FF347DD | gpg: Signature made Sat 10 Dec 2016 08:46:41 PM MST using RSA key ID 4FF347DD | ||
Revision as of 06:44, December 26, 2016
Funtoo Linux stage tarballs are signed using GPG by the build server they are built on. Each official Funtoo Linux build server has its own individual key, which can be identified by the GPG comment field. The following keys are used to create detached binary signatures ending in .gpg of each stage tarball:
| GPG key name/email | GPG comment | GPG Key ID | Fingerprint | GPG Key Type | Used for |
|---|---|---|---|---|---|
Daniel Robbins drobbins@funtoo.org | metro:node | 11FD00FD | 70AC BB6B FEE7 BC57 2A89 41D1 9266 C4FA 11FD 00FD | 4096-bit RSA (no expiry) | Generic and Intel builds |
Daniel Robbins drobbins@funtoo.org | metro:excavator | 4FF347DD (Sign)683A2F8A (Primary) | 3C56 18FB C28A B2FE 90C8 B9EB E510 18CD 4FF3 47DD (Sign)E8C5 7481 5DC1 74AF 5A9E 8385 3AA5 CA5E 683A 2F8A (Primary) | 4096-bit RSA (no expiry) | Most AMD builds |
Daniel Robbins drobbins@funtoo.org | metro:jaguar | BEA87CD2 | 6DDA E857 2788 8A7C A50E 2122 A902 1CE4 BEA8 7CD2 | 4096-bit RSA (no expiry) | AMD Jaguar builds |
Daniel Robbins drobbins@funtoo.org | metro:odroid-xu4 | EEE54A43 | 38E8 4AD5 3B01 590B A678 5E88 2A7B 0B2E EEE5 4A43 | 4096-bit RSA (no expiry) | ARM 32-bit builds |
In turn, these public keys are signed by the Funtoo Linux master signing key:
| GPG key name/email | GPG comment | GPG Key ID | Fingerprint | GPG Key Type |
|---|---|---|---|---|
Daniel Robbins drobbins@funtoo.org | BDFL | E986E8EE | D3B9 48F8 2EE8 B402 0A04 1078 9A65 8306 E986 E8EE | 4096-bit RSA (no expiry) |
To verify the integrity of stage3 tarballs using GPG, first download your preferred stage3 taball, and the matching file with the additional .gpg extension in the same directory. Then, you will want to use the gpg --recv-key command, specifying the primary key id listed above that is necessary for verification:
root # gpg --recv-key 11FD00FD root # gpg --recv-key 683A2F8A root # gpg --recv-key BEA87CD2 root # gpg --verify stage3-latest.tar.xz.gpg stage3-latest.tar.xz
You should see output similar to this, which will specify the signing GPG key ID:
gpg: Signature made Sat 10 Dec 2016 08:46:41 PM MST using RSA key ID 4FF347DD gpg: Good signature from "Daniel Robbins (metro:excavator) <drobbins@funtoo.org>" [ultimate]