i want to upgrade to a 5.11 kernel. it was recommended to me to download them from Index of /r4.1/current-testing/dom0/fc32/rpm/ but there is currently no method to verify a .asc or .digests file from this server. is there anyway to verify these packages? i have found this website https://www.kernel.org/ that include pgp signatures but i do not believe these are the exact same packages as the qubes server. has anyone encountered a similar problem? if a qubes developer will sign two files i need i will accept that. any contributions will be helpful. thx.
Pretty sure there isn’t a 5.11 there.
In any case, you should be using standard
If you do manually download a file from the repositories, you can
always check signature with:
rpm -K <package>
The output should show
digests (or md5) gpg OK
This assumes you have the PGP key used to sign the package. If you don’t,
then you will see NOT OK or MISSING.
rpm -qpi will show you the KeyID used to sign the package, in the
These Qubes packages are signed with the relevant signing key: ID 9e2795e9 -
the Qubes OS Release 4 signing key.
You can get this from a keyserver, github, or the Qubes site, and
install it on the qube where you downloaded the package.
Import the key :
rpmkeys --import <key>
Check the signature on the rpm file:
rpm -K <package>
You should see
digests signatures OK or similar
i am using ubuntu to fetch and verify the files. this is the errors i receive when attempting to verify
mashka@ubuntu:~/Downloads$ rpm -K kernel-latest-5.11.4-1.fc32.qubes.x86_64.rpm bash: rpm: command not found mashka@ubuntu:~/Downloads$ rpm -K '/home/amnesia/Downloads/kernel-latest-5.11.4-1.fc32.qubes.x86_64.rpm' bash: rpm: command not found mashka@ubuntu:~/Downloads$ rpm --import qubes-release-4-signing-key.asc bash: rpm: command not found
any insights what i am doing incorrectly? i have verified release 4 and qubes master signing key. i am familiar with the regular qubes key signing procedure.
command not found - you haven’t installed the rpm package in Ubuntu -
You really don’t have to do this - you can just pull using
dnf/apt install and the signature will be