Bug #15697
Downloading ISO and verifying signature not giving result shown in instructions
0%
Description
Instructions for verifying an ISO manually through OpenPGP in Tails say this:
> After the verification finishes, you should see a notification that the signature is good:
>
> tails-amd64-3.3.iso: Good Signature
> Signed by on …
When doing it exactly as described by the instructions, I get this output:
> tails-amd64-3.8.iso: Untrusted Valid Signature
> Valid but unstrusted signature by on …
So, someone doing the verification as described by the instructions has to assume that the iso is in some way malicious since it does have an untrusted signature.
Is the documentation wrong, or is there a problem with the ISO?
(sajolida)
Files
Subtasks
Related issues
Related to Tails - Bug #15710: The Tails signing key is not trusted from within Tails | Confirmed | 2018-07-04 | |
Related to Tails - |
Confirmed | 2016-02-01 | |
Blocks Tails - |
Resolved | 2016-01-08 |
History
#1 Updated by mercedes508 2018-07-01 13:47:16
- Status changed from New to Confirmed
- Assignee set to sajolida
- Priority changed from High to Normal
- Type of work changed from Research to End-user documentation
Effectively unless you already marked Tails singning key as trusted, it might be confusing for users not so used to GPG…
The corresponding you be updated accordingly I guess.
#2 Updated by sajolida 2018-07-03 16:48:14
- Assignee changed from sajolida to brokenst
- QA Check set to Info Needed
Are you doing this from Tails? Which version?
#3 Updated by sajolida 2018-07-03 16:48:34
- Description updated
#4 Updated by sajolida 2018-07-04 12:25:08
- File untrusted.png added
- Assignee changed from brokenst to sajolida
I tested this from Tails 3.7.1 and indeed, the signature is reported as from an untrusted key.
See screenshot in attachment.
#5 Updated by sajolida 2018-07-04 12:34:03
- related to Bug #15710: The Tails signing key is not trusted from within Tails added
#6 Updated by Anonymous 2018-08-16 10:42:54
- QA Check deleted (
Info Needed)
#7 Updated by Anonymous 2018-08-18 09:23:03
- related to
Feature #11039: Publishing the OpenPGP instructions outside of our website added
#8 Updated by emmapeel 2019-02-19 09:42:28
We receive often requests from users about this problem.
They are not good at gpg and I think the install pages https://tails.boum.org/install/*/usb-download/index.en.html make it look like they have to do the gpg verification step (even if it says it is optional) and they get scared because that is not what they see. So, either we change the docs, or we make the key trusted on the ISO.
#9 Updated by sajolida 2019-02-20 21:16:36
- Assignee deleted (
sajolida)
#10 Updated by cbrownstein 2019-09-28 03:53:57
- Assignee set to cbrownstein
I’ll take this ticket for now.
#11 Updated by sajolida 2019-10-03 20:09:24
- Status changed from Confirmed to In Progress
Applied in changeset commit:tails|2dc4594d17a77979c7df8dcd6697ac8ed52f503c.
#12 Updated by sajolida 2019-10-03 20:14:22
- Status changed from In Progress to Needs Validation
- Target version set to Tails_4.0
- Feature Branch set to 2dc4594d17
I started looking at how complicated this ticket was and I thought that generating the 4 different screenshots {img,iso}×{untrusted,valid} would have been a big time sucker for you. Even for me it took quite a while since “good” notifcations require a trust path from an ultimately trusted key to the signing key but “untrusted” require a keyring with no trust path (plus the time to figure this out).
After generating the screenshots, the changes in the text themselves were straight-forward.
Sorry for stepping on your foot like this but these OpenPGP instructions is really not were I’m happy to see us spend more time than strictly necessary.
So here is a fix in 2dc4594d17, part of doc/16175-unclear-openpgp-verification.
#13 Updated by sajolida 2019-10-03 20:54:22
- blocks
Feature #16711: Core work 2019Q3 → 2019Q4: Technical writing added
#14 Updated by cbrownstein 2019-10-09 00:27:14
- Status changed from Needs Validation to In Progress
- Assignee changed from cbrownstein to sajolida
Looks good!
#15 Updated by sajolida 2019-10-10 21:10:41
- Status changed from In Progress to Resolved
- Assignee deleted (
sajolida)