Issue #185: Bad signature on https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM - centos-infra

centos-infra

#185 Bad signature on https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM

Closed: Fixed Apr 8, 2021 by carlwgeorge. Opened Jan 11, 2021 by oseibertsys11.

Hi there!

I wanted to download your cloud image in https://cloud.centos.org/centos/8-stream/x86_64/images/. When I verified the signature on the CHECKSUM file, it was reported as BAD.

Can you please re-verify the integrity of the downloadable files and then re-sign?

Thanks.

Transcript:

$ wget https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM
--2021-01-08 13:22:30--https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM
Resolving cloud.centos.org (cloud.centos.org)... 94.130.67.19,2a01:4f8:10b:30ac::1
Connecting to cloud.centos.org (cloud.centos.org)|94.130.67.19|:443...
connected.
HTTP request sent, awaiting response... 200 OK
Length: 2488 (2.4K)
Saving to: ‘CHECKSUM’

CHECKSUM
100%[============================================================================>]
  2.43K  --.-KB/s    in 0s

2021-01-08 13:22:31 (83.5 MB/s) - ‘CHECKSUM’ saved [2488/2488]

$ wget https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM.asc
--2021-01-08 13:22:32--https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM.asc
Resolving cloud.centos.org (cloud.centos.org)... 94.130.67.19,2a01:4f8:10b:30ac::1
Connecting to cloud.centos.org (cloud.centos.org)|94.130.67.19|:443...
connected.
HTTP request sent, awaiting response... 200 OK
Length: 812 [text/plain]
Saving to: ‘CHECKSUM.asc’

CHECKSUM.asc
100%[============================================================================>]
    812  --.-KB/s    in 0s

2021-01-08 13:22:33 (27.0 MB/s) - ‘CHECKSUM.asc’ saved [812/812]

$ gpg --verify ./CHECKSUM.asc ./CHECKSUM
gpg: Signature made Tue Dec 22 10:23:34 2020 UTC
gpg:                using RSA key 05B555B38483C65D
gpg: BAD signature from "CentOS (CentOS Official Signing Key)<security@centos.org>" [unknown]

Metadata Update from @arrfab:
- Issue assigned to bstinson
- Issue priority set to: Waiting on Reporter (was: Needs Review)
- Issue tagged with: low-trouble, medium-gain

Jan 11, 2021

Metadata Update from @arrfab:
- Issue tagged with: centos-build-pipeline

Jan 14, 2021

carlwgeorge commented Apr 8, 2021

I don't know when it happened, but this appears to be resolved now.

$ curl -s https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM.asc | gpg --verify
gpg: Signature made Thu Feb 11 20:30:42 2021 UTC
gpg:                using RSA key 05B555B38483C65D
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Good signature from "CentOS (CentOS Official Signing Key) <security@centos.org>" [ultimate]

Metadata Update from @carlwgeorge:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

Apr 8, 2021

Metadata

Assignee

bstinson

Tags

Blocking

None

Depending on

None

Priority

Highest

centos-infra

#185 Bad signature on https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM Closed: Fixed Apr 8, 2021 by carlwgeorge. Opened Jan 11, 2021 by oseibertsys11.

Metadata

centos-build-pipeline low-trouble medium-gain

#185 Bad signature on https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM

Closed: Fixed Apr 8, 2021 by carlwgeorge. Opened Jan 11, 2021 by oseibertsys11.