This repository contains Intel's Linux LTS quilt releases.
i) Check if a release tag is GPG-signed or not
if a tag is not signed, when you run ‘git tag -v ’ command, you get the result as:
$ git tag -v lts-v4.19.272-android_t-230316T041640Z object 7150c8b4efa2baf0bef3a3da3850d29715c6fcbb type commit tag lts-v4.19.272-android_t-230316T041640Z tagger sys_oak [email protected] 1679296599 -0700
release Kernel 4.19 for android T Dessert error: no signature found
You can see ‘error: no signature found’ if the tag is not signed
If the tag is signed - please follow the below steps to get the public key and verify the tag -
ii) Download public key
Open https://keys.openpgp.org/, input Full Key ID (i.e., EB4D99E5113E284368955757F18D9D84E60D69E7), or, short Key ID (i.e., F18D9D84E60D69E7, the Last 16 digitals). or, the tagger email address(i.e., [email protected]), Click ‘Search’, then you can download the pub key file (i.e., EB4D99E5113E284368955757F18D9D84E60D69E7.asc). The md5sum checksum is 40b0222665a5f6c70ca9d990b4014f43 for the pub key file: $ md5sum EB4D99E5113E284368955757F18D9D84E60D69E7.asc 40b0222665a5f6c70ca9d990b4014f43 EB4D99E5113E284368955757F18D9D84E60D69E7.asc
Once your checksum is correct, please do next step.
iii) Configure your Linux Environment and verify the GPG signature of a tag ( one time setup)
After you get the right pub key, please import it: $ gpg --import EB4D99E5113E284368955757F18D9D84E60D69E7.asc
Now, when you check the tag GPG signature, you can see ‘Good signature’ with a WARNING: $ git tag -v lts-v4.19.282-android_t-230509T073627Z object 180df1199944ebd8928f320a1bd16c8a87dba2ed type commit tag lts-v4.19.282-android_t-230509T073627Z tagger sys_oak [email protected] 1683864457 -0700
release Kernel 4.19 for android T Dessert gpg: Signature made Fri 12 May 2023 12:07:37 AM EDT gpg: using RSA key EB4D99E5113E284368955757F18D9D84E60D69E7 gpg: Good signature from "sys_oak (NSWE) [email protected]" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EB4D 99E5 113E 2843 6895 5757 F18D 9D84 E60D 69E7
To deal with the WARNING, let the pub key be trusted, run ‘gpg --edit-key ’ to edit it ( one time setup)
$ gpg --edit-key F18D9D84E60D69E7
input trust
input 5
input y
input quit
Now, when you check the tag GPG signature again , you can see ‘Good signature’ without warnings: $ git tag -v lts-v4.19.282-android_t-230509T073627Z object 180df1199944ebd8928f320a1bd16c8a87dba2ed type commit tag lts-v4.19.282-android_t-230509T073627Z tagger sys_oak [email protected] 1683864457 -0700
release Kernel 4.19 for android T Dessert gpg: Signature made Fri 12 May 2023 12:07:37 AM EDT gpg: using RSA key EB4D99E5113E284368955757F18D9D84E60D69E7 gpg: Good signature from "sys_oak (NSWE) [email protected]" [ultimate]