Pgp verify 5.11 kernel download

User Support
1

i want to upgrade to a 5.11 kernel. it was recommended to me to download them from Index of /r4.1/current-testing/dom0/fc32/rpm/ but there is currently no method to verify a .asc or .digests file from this server. is there anyway to verify these packages? i have found this website https://www.kernel.org/ that include pgp signatures but i do not believe these are the exact same packages as the qubes server. has anyone encountered a similar problem? if a qubes developer will sign two files i need i will accept that. any contributions will be helpful. thx.

2

Pretty sure there isn’t a 5.11 there.
In any case, you should be using standard qubes-dom0-update

If you do manually download a file from the repositories, you can
always check signature with:
rpm -K <package>
The output should show digests (or md5) gpg OK

This assumes you have the PGP key used to sign the package. If you don’t,
then you will see NOT OK or MISSING.

rpm -qpi will show you the KeyID used to sign the package, in the
“Signature” field.
These Qubes packages are signed with the relevant signing key: ID 9e2795e9 -
the Qubes OS Release 4 signing key.
You can get this from a keyserver, github, or the Qubes site, and
install it on the qube where you downloaded the package.

E.G. - go to keyserver.ubuntu.com, and search for 0x9e2795e9
Download the Key in txt format.
Or download from https://keys.qubes-os.org/keys
Or do both

Import the key : rpmkeys --import <key>
Check the signature on the rpm file: rpm -K <package>
You should see digests signatures OK or similar

1 Like
3

i am using ubuntu to fetch and verify the files. this is the errors i receive when attempting to verify

mashka@ubuntu:~/Downloads$ rpm -K kernel-latest-5.11.4-1.fc32.qubes.x86_64.rpm
bash: rpm: command not found
mashka@ubuntu:~/Downloads$ rpm -K '/home/amnesia/Downloads/kernel-latest-5.11.4-1.fc32.qubes.x86_64.rpm' 
bash: rpm: command not found
mashka@ubuntu:~/Downloads$ rpm --import qubes-release-4-signing-key.asc
bash: rpm: command not found

any insights what i am doing incorrectly? i have verified release 4 and qubes master signing key. i am familiar with the regular qubes key signing procedure.

4

command not found - you haven’t installed the rpm package in Ubuntu -

You really don’t have to do this - you can just pull using
qubes-dom0-update or dnf/apt install and the signature will be
automatically checked.