Problems with verifying iso sigs and creating live usb  [Solved]

When you run into problems installing MX Linux XFCE
Forum rules
Post Reply
Message
Author
LearningMX
Posts: 15
Joined: Fri Feb 11, 2022 1:03 pm

Problems with verifying iso sigs and creating live usb  [Solved]

#1 Post by LearningMX »

I'm currently on Ubuntu 20.04 and want to switch to MX Linux. When veryfing the sigs on the iso I get:

Code: Select all

gpgv --keyring ~/.gnupg/pubring.kbx  MX-21_KDE_x64.iso.sig MX-21_KDE_x64.iso

gpgv: can't allocate lock for '/home/user/.gnupg/pubring.kbx'


I did run this before:

Code: Select all

gpg --keyserver hkps://keys.openpgp.org --recv-keys 409C71B3BCFDED0A 70938C780679EE98 9B68A1E8B9B6375C 13C74A22892C32F1 A80582E000067FDD

gpg: key A80582E000067FDD: "anticapitalista (change of address) <anticapitalista@riseup.net>" not changed
gpg: key 13C74A22892C32F1: "Steven K Pusser <stevopusser@gmail.com>" not changed
gpg: key 9B68A1E8B9B6375C: "Dolphin Oracle (mxlinux) <dolphinoracle@gmail.com>" not changed
gpg: key 70938C780679EE98: "Adrian <adrian@mxlinux.org>" not changed
gpg: key 409C71B3BCFDED0A: "Michael Pavletich <m_pav10-4@thepavs.net.nz>" not changed
gpg: Total number processed: 5
gpg:              unchanged: 5
Thinking if this is an Ubuntu issue I will create a live usb of MX and then check the sigs of the ISO while running the live MX instance. So I downloaded live-usb-maker-qt-21.11.glibc2.28-x86_64.AppImage.zip but when executing it I get:

Code: Select all

➜  Downloads ./live-usb-maker-qt-21.11.glibc2.28-x86_64.AppImage 
➜  Downloads Python path configuration:
  PYTHONHOME = '/tmp/.mount_live-uFfCPNv/usr/'
  PYTHONPATH = '/tmp/.mount_live-uFfCPNv/usr/share/pyshared/:'
  program name = '/usr/bin/python3'
  isolated = 0
  environment = 1
  user site = 1
  import site = 1
  sys._base_executable = '/usr/bin/python3'
  sys.base_prefix = '/tmp/.mount_live-uFfCPNv/usr'
  sys.base_exec_prefix = '/tmp/.mount_live-uFfCPNv/usr'
  sys.executable = '/usr/bin/python3'
  sys.prefix = '/tmp/.mount_live-uFfCPNv/usr'
  sys.exec_prefix = '/tmp/.mount_live-uFfCPNv/usr'
  sys.path = [
    '/tmp/.mount_live-uFfCPNv/usr/share/pyshared/',
    '',
    '/tmp/.mount_live-uFfCPNv/usr/lib/python38.zip',
    '/tmp/.mount_live-uFfCPNv/usr/lib/python3.8',
    '/tmp/.mount_live-uFfCPNv/usr/lib/python3.8/lib-dynload',
  ]
Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding
Python runtime state: core initialized
ModuleNotFoundError: No module named 'encodings'

Current thread 0x00007fa7f2175740 (most recent call first):
<no Python frame>
Any help will be much appreciated. :hug:
Top
User avatar
fehlix
Developer
Posts: 12700
Joined: Wed Apr 11, 2018 5:09 pm

Re: Problems with verifying iso sigs and creating live usb

#2 Post by fehlix »

LearningMX wrote: Sun Feb 13, 2022 6:17 am I'm currently on Ubuntu 20.04 and want to switch to MX Linux. When veryfing the sigs on the iso I get:

Code: Select all

gpgv --keyring ~/.gnupg/pubring.kbx  MX-21_KDE_x64.iso.sig MX-21_KDE_x64.iso

gpgv: can't allocate lock for '/home/user/.gnupg/pubring.kbx'
And what is your question?
The important point is, whether the signature verification succeeded or not?
Was the signature verification successful?
The "can't allocate a lock" message is secondary and only cosmetic, and probably something within gpgv itself, b/c
a lock is not needed for readonly signature verifications. Someone would need to raise a "bug"-report for this at the upstream gpgv-provider, to get rid of this cosmetic not needed warning.
Top
LearningMX
Posts: 15
Joined: Fri Feb 11, 2022 1:03 pm

Re: Problems with verifying iso sigs and creating live usb

#3 Post by LearningMX »

fehlix wrote: Sun Feb 13, 2022 6:34 am
LearningMX wrote: Sun Feb 13, 2022 6:17 am I'm currently on Ubuntu 20.04 and want to switch to MX Linux. When veryfing the sigs on the iso I get:

Code: Select all

gpgv --keyring ~/.gnupg/pubring.kbx  MX-21_KDE_x64.iso.sig MX-21_KDE_x64.iso

gpgv: can't allocate lock for '/home/user/.gnupg/pubring.kbx'
And what is your question?
The important point is, whether the signature verification succeeded or not?
Was the signature verification successful?
The "can't allocate a lock" message is secondary and only cosmetic, and probably something within gpgv itself, b/c
a lock is not needed for readonly signature verifications. Someone would need to raise a "bug"-report for this at the upstream gpgv-provider, to get rid of this cosmetic not needed warning.
gpgv gets stuck at this cosmetic warning and never finishes, I have to CTRL + C to end the program. Does this mean the signature was verified successfully ? I guess I was waiting for an explicit msg confirming that the sigs are indeed valid ..
Top
User avatar
fehlix
Developer
Posts: 12700
Joined: Wed Apr 11, 2018 5:09 pm

Re: Problems with verifying iso sigs and creating live usb

#4 Post by fehlix »

LearningMX wrote: Sun Feb 13, 2022 7:46 am gpgv gets stuck at this cosmetic warning and never finishes, I have to CTRL + C to end the program. Does this mean the signature was verified successfully ? I guess I was waiting for an explicit msg confirming that the sigs are indeed valid ..
Ahh ok, that is highly unusual. It should proceed and should show the verification result message,
like this one:

Code: Select all

gpgv --keyring ~/.gnupg/pubring.kbx  MX-21_KDE_x64.iso.sig MX-21_KDE_x64.iso 
gpgv: Signature made Tue Oct 19 21:34:43 2021 EDT
gpgv:                using RSA key F27753A18E92E3937E6335E770938C780679EE98
gpgv: Good signature from "Adrian <adrian@mxlinux.org>"
In case of an invalid signature varification it should show this:

Code: Select all

gpgv --keyring ~/.gnupg/pubring.kbx  MX-21_KDE_x64.iso.sig MX-21_KDE_x64.iso 
gpgv: Signature made Tue Oct 19 21:34:43 2021 EDT
gpgv:                using RSA key F27753A18E92E3937E6335E770938C780679EE98
gpgv: BAD signature from "Adrian <adrian@mxlinux.org>"
which would indicate a corrupted or manipulated ISO.

Let' see, whether the full gpg would do better.
Please run this in terminal, within the same directory:

Code: Select all

gpg --verify  MX-21_KDE_x64.iso.sig MX-21_KDE_x64.iso
In case of successful signature verification it would show this:

Code: Select all

gpg: Signature made Tue Oct 19 21:34:43 2021 EDT
gpg:                using RSA key F27753A18E92E3937E6335E770938C780679EE98
gpg: Good signature from "Adrian <adrian@mxlinux.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F277 53A1 8E92 E393 7E63  35E7 7093 8C78 0679 EE98
which tells you, the signature from the sig-file fits to the given iso.
The warning tells you, the signature key, was not yet, marked as trusted from you
The important thing here is, even without explicite trust is the primary fingerprint is unique.
And should match the one shown above also available in the wiki-page.
Top
LearningMX
Posts: 15
Joined: Fri Feb 11, 2022 1:03 pm

Re: Problems with verifying iso sigs and creating live usb

#5 Post by LearningMX »

fehlix wrote: Sun Feb 13, 2022 8:11 am
LearningMX wrote: Sun Feb 13, 2022 7:46 am gpgv gets stuck at this cosmetic warning and never finishes, I have to CTRL + C to end the program. Does this mean the signature was verified successfully ? I guess I was waiting for an explicit msg confirming that the sigs are indeed valid ..
Ahh ok, that is highly unusual. It should proceed and should show the verification result message,
like this one:

Code: Select all

gpgv --keyring ~/.gnupg/pubring.kbx  MX-21_KDE_x64.iso.sig MX-21_KDE_x64.iso 
gpgv: Signature made Tue Oct 19 21:34:43 2021 EDT
gpgv:                using RSA key F27753A18E92E3937E6335E770938C780679EE98
gpgv: Good signature from "Adrian <adrian@mxlinux.org>"
In case of an invalid signature varification it should show this:

Code: Select all

gpgv --keyring ~/.gnupg/pubring.kbx  MX-21_KDE_x64.iso.sig MX-21_KDE_x64.iso 
gpgv: Signature made Tue Oct 19 21:34:43 2021 EDT
gpgv:                using RSA key F27753A18E92E3937E6335E770938C780679EE98
gpgv: BAD signature from "Adrian <adrian@mxlinux.org>"
which would indicate a corrupted or manipulated ISO.

Let' see, whether the full gpg would do better.
Please run this in terminal, within the same directory:

Code: Select all

gpg --verify  MX-21_KDE_x64.iso.sig MX-21_KDE_x64.iso
In case of successful signature verification it would show this:

Code: Select all

gpg: Signature made Tue Oct 19 21:34:43 2021 EDT
gpg:                using RSA key F27753A18E92E3937E6335E770938C780679EE98
gpg: Good signature from "Adrian <adrian@mxlinux.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F277 53A1 8E92 E393 7E63  35E7 7093 8C78 0679 EE98
which tells you, the signature from the sig-file fits to the given iso.
The warning tells you, the signature key, was not yet, marked as trusted from you
The important thing here is, even without explicite trust is the primary fingerprint is unique.
And should match the one shown above also available in the wiki-page.
Ok this one is on me somewhat, I thought it was stuck and I cancelled it when I saw the error msg when in fact it just ran for a while and eventually finished by verifying the signature as valid :number1:
Top
Post Reply

Return to “Installation”