From: Mail@JoesLife.org   
      
   On Fri, 12 Aug 2022 05:37:34 -0000 (UTC), Henrik Carlqvist wrote:   
      
   > On Fri, 12 Aug 2022 04:52:42 +0000, Joseph Rosevear wrote:   
   >   
   >> Hi Folks!   
   >> I'm trying to run "slackpkg clean-system"   
   >   
   > I haven't used slackpkg myself.   
   >   
   >> It failed it seems in the same way each time.  Here is the last bit of   
   >> output which gives the error message:   
   >>   
   >> vvv /tmp/slackpkg.d7inKy/CHECKSUMS.md5.asc          100%   
   >   
   > Those .asc files contain a signature created using the file (in this   
   > case CHECKSUMS.md5) and a gnupg private key. You can use gnupg together   
   > with the public key from Slackware to verify that the file CHECKSUMS.md5   
   > really comes from Slackware and has not been tampered with.   
   >   
   >>                 ERROR: Verification of the  gpg signature on   
   >>                 CHECKSUMS.md5 failed!   
   >   
   > I suppose that slackpkg simply calls gpg to validate the gnupg   
   > signatures. However, before you are able to validate signatures you will   
   > have to install the public key in your gpg keyring.   
      
   Inspired by your patient words of explanation, I figured it out.  It   
   works now.   
      
   I should add, however, that I started by writing a different reply   
   altogether.  I had written a bunch of questions asking how gpg worked.   
   In the process of writing my questions I turned to the man pages for gpg,   
   did some online searching, and tried a few tests.   
      
   Here are steps of my, not insignificant, journey:   
      
      -I played with the .gnupg dir.  I moved root/.gnupg to a different   
   name to see what would happen.  It didn't break anything.  I think that   
   it simply took away whatever had previously been setup.   
      
      -First as root, and then as user joe, I did "gpg --gen-key" to make a   
   key pair.  I took the defaults, provided an email address, and a   
   passphrase.  Incidentally, I made a mistake when entering my full name   
   the first time (for root)--how can I fix it?   
      
      -As user joe I did "gpg --list-keys" before and after doing the   
   above.  Three entries appeared for pub, uid and sub.  Hmmm.  I don't know   
   what "pub", "uid" and "sub" mean.   
      
      -As user joe I did "gpg --sign-key 40102233".  This prompted me for   
   the passphrase I had entered above.  It worked.   
      
      -Note that as joe, I wasn't able easily to run slackpkg, so I didn't   
   try.  I did, however, try what you suggested "gpg --verify   
   CHECKSUM.md5.asc" after first making the .asc and .md5 files from what I   
   got from the mirror.  It worked!  Incidentally I had also attempted this   
   as both joe and root before, per your suggestion, without success.   
      
      -I still needed to get "slackpkg clean-system" working, so...  I did   
   "gpg --list-keys" as root and got pub, uid and sub lines.   
      
      -I don't know if I previously had a pub line for Slackware Linux   
   Project, but if so, then it went away when I moved .gnupg to a new name.   
   So I went online and found the public key that I needed.  I saved it to a   
   file.  Then, as root, I did "gpg --import ".  Afterwards it   
   appeared as a second set of pub, uid and sub lines in the output from   
   "gpg --list-keys".   
      
      -As root I did "gpg --sign-key 40102233", exactly as I did before as   
   user joe, except I used the root passphrase.   
      
      -Now confident, I didn't bother to test with "gpg --verify ...".  I   
   went to a console and ran as root "slackpkg clean-system".  It worked!   
      
   > regards Henrik   
      
   Thank you, Henrik.   
      
   -Joe   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)