Comments (7)
PhilipHazel
commented on July 17, 2024
I have been trying to upload my public key to GitHub, but (after a lot of tedious cutting and pasting), it fails with the message "We got an error doing that". The key is, I believe, available on keyserver.ubuntu.com and keys.gnupg.net - at least when I search them for my name it finds something. I will continue to pursue this, but I'm not an expert on GnuPG.
from pcre2.
PhilipHazel
commented on July 17, 2024
Yay! I managed to figure out what I was doing wrong. I believe I have now uploaded the key to GitHub.
from pcre2.
alexlevinfr
commented on July 17, 2024
Hi Philip,
Thanks for your efforts so far.
I see the key which is great, but I still fail to verify the signature:
I first removed all keys relating to your uid
curl https://github.com/FullName.gpg -o lib/ph.gph
gpg --import lib/ph.gpg
gpg --check-signatures
~/.gnupg/pubring.kbx
pub rsa2048 2002-10-21 [SC]
45F68D54BBE23FB3039B46E59766E084FB0F43D8
uid [ unknown] Full Name [email protected]
sig!3 9766E084FB0F43D8 2021-03-25 Full Name [email protected]
uid [ unknown] Full Name [email protected]
sig!3 9766E084FB0F43D8 2007-05-02 Full Name [email protected]
sig!3 9766E084FB0F43D8 2006-03-14 Full Name [email protected]
uid [ unknown] Full Name [email protected]
sig!3 9766E084FB0F43D8 2002-10-21 Full Name [email protected]
sig!3 9766E084FB0F43D8 2002-10-21 Full Name [email protected]
uid [ unknown] Full Name [email protected]
sig!3 9766E084FB0F43D8 2002-10-23 Full Name [email protected]
sub rsa2048 2002-10-21 [E]
sig! 9766E084FB0F43D8 2002-10-21 Full Name [email protected]
gpg: 20 good signatures
gpg: 719 signatures not checked due to missing keys
$ gpg --verify libs/pcre2-10.39.tar.gz.sig
gpg: assuming signed data in 'libs/pcre2-10.39.tar.gz'
gpg: Signature made Fri 29 Oct 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: BAD signature from "Full Name [email protected]" [unknown]
I think if you try this on a new system you would be able to reproduce this, and probably that the system used to sign this is using a different private key which doesn't correspond to this one.
from pcre2.
PhilipHazel
commented on July 17, 2024
I'm afraid I am a very naive GPG user, having to consult the manual for my every move. I can check the signatures, for example:
$ gpg --verify Releases/pcre2-10.39.zip.sig Releases/pcre2-10.39.zip
gpg: Signature made Fri Oct 29 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel [email protected]" [ultimate]
gpg: aka "Philip Hazel [email protected]" [ultimate]
gpg: aka "Philip Hazel [email protected]" [ultimate]
gpg: aka "Philip Hazel [email protected]" [ultimate]
This is, of course, using the keys in my keyring on my desktop computer, not the exported one. (The .tar.gz file verifies the same.) I don't have any other systems I can try this on. I wonder if others are having the same problem? Can anyone else who is reading this give advice?
from pcre2.
PhilipHazel
commented on July 17, 2024
I have succeeded in recovering a copy of the file called Public-Key that was on ftp.pcre.org. It is a different, much shorter file than what I get from "gpg export". I don't know how to discover what kind of key it is.
from pcre2.
MatthewVernon
commented on July 17, 2024
I did as follows, and it works for me:
# download key
gpg --keyserver keyserver.ubuntu.com --search-keys [email protected]
gpg: data source: http://162.213.33.9:11371
(1) Philip Hazel <[email protected]>
Philip Hazel <[email protected]>
Philip Hazel <[email protected]>
Philip Hazel <[email protected]>
2048 bit RSA key 9766E084FB0F43D8, created: 2002-10-21
Keys 1-1 of 1 for "[email protected]". Enter number(s), N)ext, or Q)uit > 1
gpg: key 9766E084FB0F43D8: 3 duplicate signatures removed
gpg: key 9766E084FB0F43D8: 116 signatures not checked due to missing keys
gpg: key 9766E084FB0F43D8: public key "Philip Hazel <[email protected]>" imported
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg: imported: 1
# verify
gpg --verify pcre2-10.39.zip.sig pcre2-10.39.zip
gpg: Signature made Fri 29 Oct 2021 17:07:03 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel <[email protected]>" [unknown]
gpg: aka "Philip Hazel <[email protected]>" [unknown]
gpg: aka "Philip Hazel <[email protected]>" [unknown]
gpg: aka "Philip Hazel <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8
from pcre2.
alexlevinfr
commented on July 17, 2024
Downloaded the two files (sig and tar.gz) again, and verifying ok with either the publickey I downloaded yesterday or the ubuntu version. apologies.
C02DC0SHMD6W:web-agents alex.levin$ gpg --import libs/ph.gpg
gpg: key 9766E084FB0F43D8: 65 signatures not checked due to missing keys
gpg: key 9766E084FB0F43D8: public key "Philip Hazel [email protected]" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2025-03-11
C02DC0SHMD6W:web-agents alex.levin$ gpg --verify ~/Downloads/pcre2-10.39.tar.gz.sig ~/Downloads/pcre2-10.39.tar.gz
gpg: Signature made Fri 29 Oct 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8
C02DC0SHMD6W:web-agents alex.levin$ gpg --delete-key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg (GnuPG/MacGPG2) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa2048/9766E084FB0F43D8 2002-10-21 Philip Hazel [email protected]
Delete this key from the keyring? (y/N) y
C02DC0SHMD6W:web-agents alex.levin$ gpg --verify libs/pcre2-10.39.tar.gz.sig libs/pcre2-10.39.tar.gz
gpg: can't open signed data 'libs/pcre2-10.39.tar.gz'
gpg: can't hash datafile: No such file or directory
C02DC0SHMD6W:web-agents alex.levin$ gpg --verify ~/Downloads/pcre2-10.39.tar.gz.sig
gpg: assuming signed data in '/Users/alex.levin/Downloads/pcre2-10.39.tar.gz'
gpg: Signature made Fri 29 Oct 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: key 9766E084FB0F43D8: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
gpg: Can't check signature: No public key
C02DC0SHMD6W:web-agents alex.levin$ gpg --keyserver keyserver.ubuntu.com --search-keys [email protected]
gpg: data source: http://162.213.33.8:11371
(1) Philip Hazel [email protected]
Philip Hazel [email protected]
Philip Hazel [email protected]
Philip Hazel [email protected]
2048 bit RSA key 9766E084FB0F43D8, created: 2002-10-21
Keys 1-1 of 1 for "[email protected]". Enter number(s), N)ext, or Q)uit > 1
gpg: key 9766E084FB0F43D8: 1 duplicate signature removed
gpg: key 9766E084FB0F43D8: public key "Philip Hazel [email protected]" imported
gpg: Total number processed: 1
gpg: imported: 1
C02DC0SHMD6W:web-agents alex.levin$ gpg --verify ~/Downloads/pcre2-10.39.tar.gz.sig
gpg: assuming signed data in '/Users/alex.levin/Downloads/pcre2-10.39.tar.gz'
gpg: Signature made Fri 29 Oct 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8
from pcre2.
Related Issues (20)
- MSVC warnings with 10.43 HOT 1
- Allow unlimited subpattern name length HOT 4
- SunOS-5.11-SPARC - "src/pcre2.h", line 949: warning: no explicit type given HOT 5
- pcre2 makes software crash when GDS mitigation is forced for older CPUs HOT 21
- Invalid size 0 may lead to undefined behavior / infinite loop HOT 1
- Atomic group must not increase stack depth HOT 1
- Probable thread-safety issue in pcre2 10.43+ HOT 9
- No load/store-on-condition 2 facility HOT 4
- How can I get PCRE with version under 8.45? HOT 1
- Lift compile time default maximum pattern length HOT 1
- Support W3C xpath spec. weird newline behavior regarding to DOTALL and MULTILINE HOT 6
- Grapheme cluser (`\X`) selector capturing multiple character HOT 2
- Alternative branch should match shared prefix only once HOT 3
- Might be a problem found during the metamorphosis test HOT 4
- Test suite fails when targeting i686 HOT 7
- Signing of git objects HOT 3
- Quantifier `a{,7}` not supported HOT 2
- Coverity defect: Illegal address computation HOT 5
- PCRE2 10.44 Test 8 (Internal offsets and code size) fails on 32-bit platform HOT 1
- Long-term maintenance of PCRE2 HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pcre2.