Cannot validate binary

As stated in

there’s a way to verify the binary. That’s waht I attempt here, but it fails.

On a linux box I do

wget -O gitea

resulting in a gitea binary. When I try to verify it, I got to download the key first:

gpg --keyserver --recv 7C9E68152594688862D62AF62D9AE806EC1592E2

I either get

gpg: keyserver receive failed: No data

Ok, keyserver not willing to respond. I’ll try again. When I finally succeed it says

gpg: key 2D9AE806EC1592E2: 5 signatures not checked due to missing keys
gpg: key 2D9AE806EC1592E2: public key “Teabot” imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

Sounds good, but there’s no keyfile writte to my directory?

  1. The binary to verify I got from the download is named “gitea”, not “gitea-1.9.3-linux-amd64”? Is that ok?
  2. There’s no keyfile “gitea-1.9.3-linux-amd64.asc” ?

Anyways. Do I have that key in my keyring now?

gpg --list-keys

uid           [ unknown] Teabot <>
sub   rsa4096 2018-06-24 [E] [expires: 2020-06-23]
sub   rsa4096 2018-06-24 [S] [expires: 2020-06-26]

Ok, let’s export it and verify:

gpg --export -a “Teabot” > public.key
gpg --verify public.key gitea

gpg: verify signatures failed: Unexpected error

What’s wrong? I put down the whole process of how I obtained and exported the key, because I’m not too familiar with the process and the installation instructions cannot be followed through literally.

This is the reason why your file is named gitea. If you don’t use the -O gitea parameter, the binary is named as it should be.

Regarding the keyfile issue, I can’t really help out there because it seems that the server itself have troubles. It tried to search the key on but it fails with a 503 error.