Skip to content

How to verify Debian package signature? #809

New issue
New issue
Closed
Closed
How to verify Debian package signature?#809
Assignees
ldennington
Labels
auth-issueAn issue authenticating to a host
@hickford

Description

@hickford
hickford
opened on Jul 27, 2022

According to https://github.com/GitCredentialManager/git-credential-manager/blob/80423faa16fc23532306b10c5b69c926708734e8/.github/workflows/release.yml#L397 the Debian package is signed with "ESRP client" whatever that is (I couldn't find any docs). How can a Debian user verify this signature?

I tried dpkg-sig --verify with key https://packages.microsoft.com/keys/microsoft.asc (imported with gpg --import microsoft.asc) but got an error:

> dpkg-sig --verify gcm-linux_amd64.2.0.785.deb Processing gcm-linux_amd64.2.0.785.deb... BADSIG _gpgorigin

Metadata

Metadata

Assignees

Labels

auth-issueAn issue authenticating to a host

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions