i want to upgrade to a 5.11 kernel. it was recommended to me to download them from Index of /r4.1/current-testing/dom0/fc32/rpm/ but there is currently no method to verify a .asc or .digests file from this server. is there anyway to verify these packages? i have found this website https://www.kernel.org/ that include pgp signatures but i do not believe these are the exact same packages as the qubes server. has anyone encountered a similar problem? if a qubes developer will sign two files i need i will accept that. any contributions will be helpful. thx.
Pretty sure there isn’t a 5.11 there.
In any case, you should be using standard qubes-dom0-update
If you do manually download a file from the repositories, you can
always check signature with:
rpm -K <package>
The output should show digests (or md5) gpg OK
This assumes you have the PGP key used to sign the package. If you don’t,
then you will see NOT OK or MISSING.
rpm -qpi
will show you the KeyID used to sign the package, in the
“Signature” field.
These Qubes packages are signed with the relevant signing key: ID 9e2795e9 -
the Qubes OS Release 4 signing key.
You can get this from a keyserver, github, or the Qubes site, and
install it on the qube where you downloaded the package.
E.G. - go to keyserver.ubuntu.com, and search for 0x9e2795e9
Download the Key in txt format.
Or download from https://keys.qubes-os.org/keys
Or do both
Import the key : rpmkeys --import <key>
Check the signature on the rpm file: rpm -K <package>
You should see digests signatures OK
or similar
i am using ubuntu to fetch and verify the files. this is the errors i receive when attempting to verify
mashka@ubuntu:~/Downloads$ rpm -K kernel-latest-5.11.4-1.fc32.qubes.x86_64.rpm
bash: rpm: command not found
mashka@ubuntu:~/Downloads$ rpm -K '/home/amnesia/Downloads/kernel-latest-5.11.4-1.fc32.qubes.x86_64.rpm'
bash: rpm: command not found
mashka@ubuntu:~/Downloads$ rpm --import qubes-release-4-signing-key.asc
bash: rpm: command not found
any insights what i am doing incorrectly? i have verified release 4 and qubes master signing key. i am familiar with the regular qubes key signing procedure.
command not found
- you haven’t installed the rpm package in Ubuntu -
You really don’t have to do this - you can just pull using
qubes-dom0-update
or dnf/apt install
and the signature will be
automatically checked.