[systemd-devel] Verify the gpg signature of the given tag
Greg KH
gregkh at linuxfoundation.org
Wed May 11 08:36:44 UTC 2016
On Wed, May 11, 2016 at 09:57:05AM +0200, poma wrote:
>
> $ git tag --verify v229
> object 95adafc428b5b4be0ddd4d43a7b96658390388bc
> type commit
> tag v229
> tagger Lennart Poettering <lennart at poettering.net> 1455208658 +0100
>
> systemd 229
> gpg: Signature made Thu 11 Feb 2016 05:37:38 PM CET using RSA key ID 9C3485B0
> gpg: Good signature from "Lennart Poettering <lennart at poettering.net>"
> gpg: aka "Lennart Poettering <lennart at poettering.de>"
> gpg: aka "Lennart Poettering (Red Hat) <lpoetter at redhat.com>"
> gpg: aka "Lennart Poettering (Sourceforge.net) <poettering at users.sourceforge.net>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 63CD A1E5 D3FC 22B9 98D2 0DD6 327F 2695 1A01 5CC4
> Subkey fingerprint: 16B1 C4EE C0BC 021A C777 F681 B63B 2187 9C34 85B0
>
>
> How to do this without "gpg: WARNING:" part?
That's on your end, not the repo's end. I suggest reading up on gpg
trust models if you wish for this to be able to be resolved on your
system.
good luck!
greg k-h
More information about the systemd-devel
mailing list