blob: 807d38cc402e50ffbbd2f5e11637484693cbe1c4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
---
title: 'Release media signatures'
navtitle: 'Signatures'
nav1: downloads
nav2: signatures
nav2-show: true
---
<p>
Our current releases are signed with either of these keys <strong>or any sub keys:</strong>
</p>
<br>
<table class="table table-striped">
<tr>
<th>Key fingerprint</th>
<th>Gentoo package</th>
<th>Description</th>
<th>Created</th>
<th>Expiry</th>
</tr>
<tr>
<td><kbd>13EBBDBEDE7A12775DFDB1BABB572E0E2D182910</kbd></td>
<td>sec-keys/openpgp-keys-gentoo-release</td>
<td>Gentoo Linux Release Engineering (Automated Weekly Release Key)</td>
<td>2009-08-25</td>
<td>2024-07-01</td>
</tr>
<tr>
<td><kbd>DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D</kbd></td>
<td>sec-keys/openpgp-keys-gentoo-release</td>
<td>Gentoo ebuild repository signing key (Automated Signing Key)</td>
<td>2011-11-25</td>
<td>2024-07-01</td>
</tr>
<tr>
<td><kbd>EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72</kbd></td>
<td>sec-keys/openpgp-keys-gentoo-release</td>
<td><a rel='external' href='https://github.com/gentoo-mirror/'>Gentoo repository mirrors (GitHub)</a> (automated git signing key)</td>
<td>2018-05-28</td>
<td>2024-07-01</td>
</tr>
<tr>
<td><kbd>D99EAC7379A850BCE47DA5F29E6438C817072058</kbd></td>
<td>sec-keys/openpgp-keys-gentoo-release</td>
<td>Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)</td>
<td>2004-07-20</td>
<td>2025-07-01</td>
</tr>
<tr>
<td><kbd>ABD00913019D6354BA1D9A132839FE0D796198B1</kbd></td>
<td>sec-keys/openpgp-keys-gentoo-auth</td>
<td>Gentoo Authority Key L1</td>
<td>2019-04-01</td>
<td>2024-07-01</td>
</tr>
<tr>
<td><kbd>18F703D702B1B9591373148C55D3238EC050396E</kbd></td>
<td>sec-keys/openpgp-keys-gentoo-auth</td>
<td>Gentoo Authority Key L2 for Services</td>
<td>2019-04-01</td>
<td>2024-07-01</td>
</tr>
<tr>
<td><kbd>2C13823B8237310FA213034930D132FF0FF50EEB</kbd></td>
<td>sec-keys/openpgp-keys-gentoo-auth</td>
<td>Gentoo Authority Key L2 for Developers</td>
<td>2019-04-01</td>
<td>2024-07-01</td>
</tr>
</table>
<br>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><span class="fa fa-fw fa-check-circle-o"></span> Verifying files</h3>
</div>
<div class="panel-body">
<p>To verify downloaded files are not tampered with, the <tt>.asc</tt> signature file matching the release and the matching key from the table above are needed.</p>
<p>Fetch the key:</p>
<p><kbd>gpg --keyserver hkps://keys.gentoo.org --recv-keys <key fingerprint></kbd></p>
<p>Alternatively, fetch a bundle containing all listed keys:</p>
<p><kbd>wget -O - https://qa-reports.gentoo.org/output/service-keys.gpg | gpg --import</kbd></p>
<p>Alternatively, use the Gentoo <tt>sec-keys/openpgp-keys-gentoo-release</tt> package:</p>
<p><kbd>gpg --import /usr/share/openpgp-keys/gentoo-release.asc</kbd></p>
<p>Verify the signature:</p>
<p><kbd>gpg --verify <foo.asc></kbd></p>
<br>
<div class="alert alert-info">
Detailed instructions are available in the <a href="https://wiki.gentoo.org/wiki/Handbook:Main_Page" class="alert-link">Gentoo Handbook</a>.
</div>
</div>
</div>
|