Hello,
I'm trying to verify the downloaded Python 3.9.1 files before I install them...
I created a new folder and downloaded these two files to it:
Python-3.9.1.tar.xz
Python-3.9.1.tar.xz.asc
I also downloaded and imported the public key to verify the files.
According to the Python website in order to verify the download I need to run this command:
gpg --verify Python-3.9.1.tar.xz.asc
I get the following message when I run the command:
gpg: Signature made Mon 07 Dec 2020 03:37:32 PM MST
gpg: using RSA key E3FF2839C048B25C084DEBE9B26995E310250568
gpg: Can't check signature: No public key
When I run gpg --list-keys I see this key info:
pub rsa4096 2015-05-11 [SC] [expires: 2025-05-11]
E3FF2839C048B25C084DEBE9B26995E310250568
uid [ unknown] Łukasz Langa (GPG langa.pl) <
[email protected]>
uid [ unknown] Łukasz Langa (Work e-mail account) <
[email protected]>
uid [ unknown] [jpeg image of size 24479]
sub rsa4096 2015-05-11 [E] [expires: 2025-05-11]
Can you someone please explain to me why I'm getting the gpg: Can't check signature: No public key error?
Thank you
I'm still not able to figure out how to verify these files so any help would be greatly appreciated. Thanks.
Get public key.
G:\div_code
λ gpg --recv-keys B26995E310250568
gpg: requesting key 10250568 from hkp server keys.gnupg.net
gpg: key 10250568: public key "\xc5\x81ukasz Langa (GPG langa.pl) <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Test.
G:\div_code
λ gpg --verify Python-3.9.1.tgz.asc
gpg: assuming signed data in `Python-3.9.1.tgz'
gpg: Signature made Mon Dec 7 23:37:32 2020 using RSA key ID 10250568
gpg: Good signature from "\xc5\x81ukasz Langa (GPG langa.pl) <[email protected]>"
gpg: aka "\xc5\x81ukasz Langa <[email protected]>"
gpg: aka "\xc5\x81ukasz Langa (Work e-mail account) <[email protected]>"
gpg: aka "[jpeg image of size 24479]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E3FF 2839 C048 B25C 084D EBE9 B269 95E3 1025 0568
Get a warning,but it's okay look at fingerprint.
So this dos not work for me to get public key from the specified server,that's why get warning.
But method over is okay.
G:\div_code
λ gpg --keyserver https://keybase.io/ambv/ --recv-keys B26995E310250568
gpg: requesting key 10250568 from https server keybase.io
gpgkeys: no key data found for https://keybase.io/ambv/
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: key not found
gpg: keyserver communications error: bad public key
gpg: keyserver receive failed: bad public key
Can let pyenv do all install,then it download directly from
python.org/ftp/python
pyenv Simple Python Version Management
snippsat Wrote:# Install
tom@tom:~$ pyenv install 3.8.1
Downloading Python-3.8.1.tar.xz...
-> https://www.python.org/ftp/python/3.8.1/Python-3.8.1.tar.xz
Installing Python-3.8.1...
Installed Python-3.8.1 to /home/tom/.pyenv/versions/3.8.1
# Set as system wide version
tom@tom:~$ pyenv global 3.8.1
# Test
tom@tom:~$ python
Python 3.8.1 (default, Feb 11 2020, 09:18:58)
[GCC 7.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> print(walrus := True)
True
>>> exit()
Verified and installed - thank you...
(Dec-30-2020, 05:19 PM)snippsat Wrote: [ -> ]Get public key.
G:\div_code
λ gpg --recv-keys B26995E310250568
gpg: requesting key 10250568 from hkp server keys.gnupg.net
gpg: key 10250568: public key "\xc5\x81ukasz Langa (GPG langa.pl) <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Test.
G:\div_code
λ gpg --verify Python-3.9.1.tgz.asc
gpg: assuming signed data in `Python-3.9.1.tgz'
gpg: Signature made Mon Dec 7 23:37:32 2020 using RSA key ID 10250568
gpg: Good signature from "\xc5\x81ukasz Langa (GPG langa.pl) <[email protected]>"
gpg: aka "\xc5\x81ukasz Langa <[email protected]>"
gpg: aka "\xc5\x81ukasz Langa (Work e-mail account) <[email protected]>"
gpg: aka "[jpeg image of size 24479]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E3FF 2839 C048 B25C 084D EBE9 B269 95E3 1025 0568
Get a warning,but it's okay look at fingerprint.
So this dos not work for me to get public key from the specified server,that's why get warning.
But method over is okay.
G:\div_code
λ gpg --keyserver https://keybase.io/ambv/ --recv-keys B26995E310250568
gpg: requesting key 10250568 from https server keybase.io
gpgkeys: no key data found for https://keybase.io/ambv/
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: key not found
gpg: keyserver communications error: bad public key
gpg: keyserver receive failed: bad public key
Can let pyenv do all install,then it download directly from python.org/ftp/python
pyenv Simple Python Version Management
snippsat Wrote:# Install
tom@tom:~$ pyenv install 3.8.1
Downloading Python-3.8.1.tar.xz...
-> https://www.python.org/ftp/python/3.8.1/Python-3.8.1.tar.xz
Installing Python-3.8.1...
Installed Python-3.8.1 to /home/tom/.pyenv/versions/3.8.1
# Set as system wide version
tom@tom:~$ pyenv global 3.8.1
# Test
tom@tom:~$ python
Python 3.8.1 (default, Feb 11 2020, 09:18:58)
[GCC 7.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> print(walrus := True)
True
>>> exit()