WARNING or FAIL Reported When Verifying Software Package Integrity
If WARNING or FAIL is returned, the integrity verification of a software package fails. Rectify the fault by referring to the suggestions in Table 1.
Scenario |
Displayed Information (Example) |
Verification Result |
Suggestion |
|---|---|---|---|
The signature verification is successful. |
gpg: Signature made Thu Jan 9 15:29:06 2014 CST using RSA key ID 27A74824 gpg: Good signature from "OpenPGP signature key for Huawei software (created on 30th Dec,2013) <support@huawei.com>" |
PASS |
N/A |
The signature verification fails. |
gpg: Signature made Thu Jan 9 15:29:06 2014 CST using RSA key ID 27A74824 gpg: BAD signature from "OpenPGP signature key for Huawei software (created on 30th Dec,2013) <support@huawei.com>" |
FAIL |
Download the target file again. |
Failed to find the public key. |
gpg: Signature made Thu Jan 9 15:20:01 2014 CST using RSA key ID 27A74824 gpg: Can't check signature: public key not found |
FAIL |
Download the public key again. For details, see Verifying the Digital Signature. |
The signature verification is successful, but the public key is not fully trusted. |
gpg: Signature made Thu Jan 9 15:29:06 2014 CST using RSA key ID 27A74824 gpg: Good signature from "OpenPGP signature key for Huawei software (created on 30th Dec,2013) <support@huawei.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B100 0AC3 8C41 525A 19BD C087 99AD 81DF 27A7 4824 |
WARNING |
Check that the key ID is 27A74824 and set the Huawei public key to be trustworthy. For details, see Verifying the Digital Signature. |
Failed to find the source file. |
gpg: no signed data gpg: can't hash datafile: No data |
FAIL |
Download the target file again. |
The signature has expired. |
gpg: Signature made 04/24/13 10:50:29 CST using RSA key ID 133B64E5 gpg: Expired signature from " OpenPGP signature test key <support@huawei.com>" gpg: Signature expired 04/25/13 10:50:29 CST |
FAIL |
Download a target file with an updated signature. |
The signature verification is successful, but the public key has been revoked. |
gpg: Signature made 06/13/13 11:14:49 CST using RSA key ID 133B64E5 gpg: Good signature from " OpenPGP signature test key <support@huawei.com>" gpg: WARNING: This key has been revoked by its owner! gpg: This could mean that the signature is forged. gpg: reason for revocation: Key is no longer used gpg: revocation comment: |
WARNING |
Download the latest public key and a target file with an updated signature. |
Failed to find the corresponding signature file for the source file. |
N/A |
WARNING |
Download the signature file corresponding to the target file. |