Hello everyone, I am a freebsd newbie and, as I wanted to install it to start using it, I downloaded the version 12.2 iso FreeBSD-12.2-RELEASE-amd64-dvd1.iso with relative .asc file CHECKSUM.SHA512-FreeBSD-12.2- RELEASE-amd64.asc and the checksum file CHECKSUM.SHA512-FreeBSD-12.2-RELEASE-amd64.
Furthermore, having read another thread explaining how to do it, I also downloaded the .txt file with all the pgpkeyring.txt signatures as specified on this page: https://docs.freebsd.org/en_US.ISO8859-1/books /handbook/pgpkeys.html.
I imported all the keys on the file with the gpg --import pgpkeyring.txt
Then I ran the first check like this: gpg --verify CHECKSUM.SHA512-FreeBSD-12.2-RELEASE-amd64.asc
I get the following message back:
gpg: Good signature from ecc ecc but at the end with this warning:
gpg: WARNING: not a detached signature; file 'CHECKSUM.SHA512-FreeBSD-12.2-RELEASE-amd64' was NOT verified!
I subsequently wanted to do the second verification in this way:
gpg --verify CHECKSUM.SHA512-FreeBSD-12.2-RELEASE-amd64.asc FreeBSD-12.2-RELEASE-amd64-dvd1.iso
I get the following message back:
gpg: not a detached signature.
If I check with other software the checksum512 by taking it from the file with all the checksum the iso is ok but I also wanted to do the GPG verification to be sure everything is really ok.
What am I doing wrong?
Thank you all.
Furthermore, having read another thread explaining how to do it, I also downloaded the .txt file with all the pgpkeyring.txt signatures as specified on this page: https://docs.freebsd.org/en_US.ISO8859-1/books /handbook/pgpkeys.html.
I imported all the keys on the file with the gpg --import pgpkeyring.txt
Then I ran the first check like this: gpg --verify CHECKSUM.SHA512-FreeBSD-12.2-RELEASE-amd64.asc
I get the following message back:
gpg: Good signature from ecc ecc but at the end with this warning:
gpg: WARNING: not a detached signature; file 'CHECKSUM.SHA512-FreeBSD-12.2-RELEASE-amd64' was NOT verified!
I subsequently wanted to do the second verification in this way:
gpg --verify CHECKSUM.SHA512-FreeBSD-12.2-RELEASE-amd64.asc FreeBSD-12.2-RELEASE-amd64-dvd1.iso
I get the following message back:
gpg: not a detached signature.
If I check with other software the checksum512 by taking it from the file with all the checksum the iso is ok but I also wanted to do the GPG verification to be sure everything is really ok.
What am I doing wrong?
Thank you all.