[PATCH] Linux packages: key verification command adjusted

Konstantin Pavlov thresh at nginx.com
Mon Oct 10 16:40:11 UTC 2022 

Hi,

On 10/10/2022 8:33 PM, Andrei Belov wrote:
> # HG changeset patch
> # User Andrei Belov <defan at nginx.com>
> # Date 1665416594 -14400
> #      Mon Oct 10 19:43:14 2022 +0400
> # Node ID 6bc630596c063fb7c85a35ff6173e75d3ca1982e
> # Parent  9708787aafc70744296baceb2aa0092401a4ef34
> Linux packages: key verification command adjusted.
>
> diff --git a/xml/en/linux_packages.xml b/xml/en/linux_packages.xml
> --- a/xml/en/linux_packages.xml
> +++ b/xml/en/linux_packages.xml
> @@ -7,7 +7,7 @@
>   <article name="nginx: Linux packages"
>            link="/en/linux_packages.html"
>            lang="en"
> -         rev="79">
> +         rev="80">
>   
>   <section name="Supported distributions and versions" id="distributions">
>   
> @@ -250,7 +250,7 @@ curl https://nginx.org/keys/nginx_signin
>   
>   Verify that the downloaded file contains the proper key:
>   <programlisting>
> -gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
> +gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
>   </programlisting>
>   
>   The output should contain the full fingerprint
> @@ -322,7 +322,7 @@ curl https://nginx.org/keys/nginx_signin
>   
>   Verify that the downloaded file contains the proper key:
>   <programlisting>
> -gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
> +gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
>   </programlisting>
>   
>   The output should contain the full fingerprint
> diff --git a/xml/ru/linux_packages.xml b/xml/ru/linux_packages.xml
> --- a/xml/ru/linux_packages.xml
> +++ b/xml/ru/linux_packages.xml
> @@ -7,7 +7,7 @@
>   <article name="nginx: пакеты для Linux"
>            link="/ru/linux_packages.html"
>            lang="ru"
> -         rev="79">
> +         rev="80">
>   
>   <section name="Поддерживаемые дистрибутивы и версии" id="distributions">
>   
> @@ -250,7 +250,7 @@ curl https://nginx.org/keys/nginx_signin
>   
>   Проверьте, верный ли ключ был загружен:
>   <programlisting>
> -gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
> +gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
>   </programlisting>
>   
>   Вывод команды должен содержать полный отпечаток ключа
> @@ -321,7 +321,7 @@ curl https://nginx.org/keys/nginx_signin
>   
>   Проверьте, верный ли ключ был загружен:
>   <programlisting>
> -gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
> +gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
>   </programlisting>
>   
>   Вывод команды должен содержать полный отпечаток ключа

The problem might be there for unsupported/EOL distros that ship gnupg1 
that lacks this option, but given the fact that we explicitly ask user 
to install gnupg2, the change looks good to me.

More information about the nginx-devel mailing list