0

I am running Debian 5.10.0-kali7-amd64 amd compiling kernel linux-5.12-6 when I run

gpg --keyserver subkeys.pgp.net --recv-keys xxxxxxxx....

command

it gives

gpg: keyserver receive failed: No route to host

and when I run

gpg --recv-keys xxxx

it gives following

gpg: key 38DBBDC86092693E: new key but contains no user ID - skipped

gpg: Total number processed: 1

gpg: w/o user IDs: 1

What is above error. on this link it says https://superuser.com/questions/1485213/gpg-cant-import-key-new-key-but-contains-no-user-id-skipped

You are probably using the xxxx.org keyserver, which has an owner approval system it will strip all user IDs unless the owner of the corresponding email address has allowed them to be published.

Or how to verify the kernel

For kernel compiling I am using this tutorial https://www.cyberciti.biz/tips/compiling-linux-kernel-26.html

It also talks about verifying kernel sign with gpg --recv-keys xxxx.... again it also gives

gpg: key 38DBBDC86092693E: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg:           w/o user IDs: 1

how to resolve the above so I get output of gpg --recv-keys xxxxx... something like following

gpg: key xxxx: 7 duplicate signatures removed

gpg: key xxxxx: 172 signatures not checked due to missing keys

gpg: /home/vivek/.gnupg/trustdb.gpg: trustdb created

gpg: key 79BE3E4300411886: public key "Linus Torvalds torvalds@kernel.org" imported

gpg: no ultimately trusted keys found

gpg: Total number processed: 1

gpg: imported: 1

user786
  • 3,902
  • 4
  • 40
  • 72

1 Answers1

0

The instructions for that particular key are given at: https://www.kernel.org/signature.html

I cannot vouch for the security of following those instructions, other than to say that they are hosted on kernel.org and delivered via https.

In case the URL mentioned above breaks (gets moved or deleted), I have the broad strokes of the solution listed below. I've removed the parts that specifically refer to gregkh@kernel.org who is associated with the key (RSA key ID 38DBBDC86092693E) you mentioned

gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org
gpg2 --tofu-policy good <RSAKEY_IN_DOUBT>
gpg2 --trust-model tofu --verify linux-5.12-6.tar.sign
nOw Innovation Inc.
  • 326
  • 1
  • 8
  • I just noticed that Greg Kroah-Hartman (gregkh@kernel.org) is the co-author of the book I've been from O'Reilly entitled "Linux Device Drivers" (available from https://www.oreilly.com/openbook/linuxdrive3/book/). That said, the acrobatics of authenticating signatures as described above still seems bizarre to me. – nOw Innovation Inc. Oct 14 '21 at 11:34