From nobody Sat May 21 19:12:17 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5F28C1B4687D for ; Sat, 21 May 2022 19:12:34 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L5CsF3p0yz50df for ; Sat, 21 May 2022 19:12:33 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by mail-ed1-x531.google.com with SMTP id fd25so14405320edb.3 for ; Sat, 21 May 2022 12:12:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=SGKdafhovz+MCQOd7QsmSUGSjV0J3Nh9QRCZ2DujP/s=; b=WG2YrvZBXcwd1JWogWOJF9Jfg8R6Yaa3oGofeo3n12BHhgtO7wnqMSd1BrNdwNjLVd gK3jHXJN4nIzDxjswkvhmjpZIg44772fx9tFaAZXayG5SHflDAJm7x3cktEl50dUWap1 cTqPpECTs82JeMw63nua0s4fN/6odTBej/D4kI16QIPblx1M1VUG8jHU+Z6RgOLhAD51 Y53UWPtZX+QaWPyUSWSIyJ56DCC0MekaFJmY0pUlHVwglOXkuwcs2f+FlmLsJpkFeoEq ot3rbu0IVqYzkb+K2aVqmtlYqyDZ3fKbE9BpuHNspnLak+q2Rh5kk0QCL/CwvHmuKUBM QAJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SGKdafhovz+MCQOd7QsmSUGSjV0J3Nh9QRCZ2DujP/s=; b=TLmyCGme7u+caDju/5iAIq1S49BF+Ej+3ZwU6JCtiZ9qXB6zsY/kWQMg6rJkUcO7wo EA9ID90Qfuj7LOqc6OEZQxNLG3o6Vhprc/8J8ntWEqD7Y20KdHs8q4dlzeeHk2zFiGjw jeG/FxpudS2OpJu3O/JgmgivNZ47BEDiBx7FdxFjl3EgUe601i1Jd2tFQs0z6EWEqiBj 6D7mU+RYiGnvpxLK4tjDRs3bgAKMXYzp3QS2jCZVvFYKKEQwOg03pbT7uhUosBK32xca /rYkQk93C9MR4ozFOULYEEFfFiGMB0JhPwEwz+D8LzRgzVTWtq+7ZUobPL5W3AgiBoZk yq3A== X-Gm-Message-State: AOAM533/Fm+l4n/X32dtP2WXhF0ZYWobxTe2GWaJOgvkJ37+tJCgE/ZL 0JRj3+bc9LFTps63+Q5jLWrgLMl77bpgg8P13fBI+AYZQp4= X-Google-Smtp-Source: ABdhPJyB0XoJXV7eD7hQUaB/KKPLW6Km6IEQtxZuJuYtC7lVP8osHnSECS2CbgJshjzYMJrCix2p2F5fj2d2Y1edGto= X-Received: by 2002:a05:6402:2217:b0:42a:a6b8:f5d2 with SMTP id cq23-20020a056402221700b0042aa6b8f5d2mr16799585edb.421.1653160351842; Sat, 21 May 2022 12:12:31 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 From: Robert Simmons Date: Sat, 21 May 2022 15:12:17 -0400 Message-ID: Subject: Checking Release Signatures To: freebsd-questions@freebsd.org Content-Type: multipart/alternative; boundary="00000000000087444205df8a63a7" X-Rspamd-Queue-Id: 4L5CsF3p0yz50df X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=WG2YrvZB; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rsimmons0@gmail.com designates 2a00:1450:4864:20::531 as permitted sender) smtp.mailfrom=rsimmons0@gmail.com X-Spamd-Result: default: False [-0.78 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.39)[0.395]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_RHS_MATCH_FROMTLD(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::531:from]; NEURAL_SPAM_SHORT(0.82)[0.821]; MLMMJ_DEST(0.00)[freebsd-questions]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-ThisMailContainsUnwantedMimeParts: N --00000000000087444205df8a63a7 Content-Type: text/plain; charset="UTF-8" I'm curious which key is used to sign the release checksums for each release, for example these: https://www.freebsd.org/releases/13.0R/signatures/ I have looked at the release announcement, but it is not immediately clear: https://www.freebsd.org/releases/13.0R/announce/ I checked the FAQ: https://docs.freebsd.org/en/books/faq/#install I looked in the handbook at the install section: https://docs.freebsd.org/en/books/handbook/bsdinstall/ I couldn't find any hints anywhere as to which key to import or which key to search for on a keyserver or what the fingerprint for the key should be. I was able to work backwards from the fingerprint on one of the signed checksums and search for it on the keyserver and see which key it is and via WoT understand that the key is ok. Also, I recognize who the key belongs to. Am I missing something very obvious? --00000000000087444205df8a63a7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I'm curious which key is used to sign the release chec= ksums for each release, for example these:

I have looked= at the release announcement, but it is not immediately clear:
https://www.freebsd.org/releases/13.0R/announce/

I checked the FAQ:

I looked in the handbook at th= e install section:

I couldn't find any= hints anywhere as to which key to import or which key to search for on a k= eyserver or what the fingerprint for the key should be. I was able to work = backwards from the fingerprint on one of the signed=C2=A0checksums and sear= ch for it on the keyserver and see which key it is and via WoT understand t= hat the key is ok. Also, I recognize who the key belongs to. Am I missing s= omething very obvious?
--00000000000087444205df8a63a7--