azorius.net

Krita is so KOOL, but how do i Verify the current AppImage?
from nonanomalus@lemmy.sdf.org to linux@lemmy.ml on 20 Mar 18:29
https://lemmy.sdf.org/post/31349012

don’t know if this is of any help to anyone except maybe past me, but i had a hard time finding the correct Public Key to verify the current Krita AppImage: So what finally worked was gpg --import this Public Key here files.kde.org/krita/dmitry_kazakov.gpg and gpg --verify krita-5.2.9-x86_64.AppImage.sig then gpg says Good signature (fingerprint: E9FB 29E7 4ADE ACC5 E303 5B8A B69E B4CF 7468 332F). Anyway (>’ v ')> here is a drawing i made using my laptops wonky touchpad.

KOOL

Cool Drawing!!!

#linux

threaded - newest

SatyrSack@feddit.org on 20 Mar 18:52 next collapse

*KOOL

nonanomalus@lemmy.sdf.org on 20 Mar 20:45 next collapse

korrected

SatyrSack@feddit.org on 20 Mar 20:56 collapse

Kongratulations

steeznson@lemmy.world on 21 Mar 00:37 next collapse

:grimace:

racketlauncher831@lemmy.ml on 21 Mar 01:50 collapse

Ceep up the good work oops.

lumony@lemmings.world on 23 Mar 18:12 collapse

fliptop box

doomsdayrs@lemmy.ml on 20 Mar 19:11 next collapse

Why would you sign it?

nonanomalus@lemmy.sdf.org on 20 Mar 20:39 collapse

Ah i meant i downloaded the signature from download.kde.org/stable/krita/5.2.9/, just wanted to make sure that the Krita AppImage i had was legitimate

AnUnusualRelic@lemmy.world on 20 Mar 21:25 collapse

Look at the properties of the file in dolphin. It will show you various file ~~signatures~~ checksums.

mactan@lemmy.ml on 20 Mar 20:30 next collapse

compile it yourself I guess

BlindFrog@lemmy.world on 20 Mar 22:39 next collapse

Where did you download krita from?

racketlauncher831@lemmy.ml on 21 Mar 01:49 collapse

The official website?

nonanomalus@lemmy.sdf.org on 20 Mar 23:42 next collapse

sorry, i think my post might be a little misleading everything is fine with the AppImage and the Detached signature (downloaded from krita.org) always has been as far as i know, i only verified the AppImage for ‘fun’. The only hiccup i had was that the webpage was unclear on where to find the PGP Public key, that you use to verify the signature. of course doing this is not necessary since i downloaded the AppImage from the official webpage over a secure connection.

merthyr1831@lemmy.ml on 20 Mar 23:52 next collapse

Do they not provide an md5sum? I’ve never seen anyone check an app’s integrity issuing public keys

nonanomalus@lemmy.sdf.org on 21 Mar 00:07 collapse

i couldn’t find the md5sum s for the current version, i saw they do provide some for older versions download.kde.org/Attic/krita/5.2.0/, but they do have GPG Signatures .sig files at download.kde.org/stable/krita/5.2.9/ for the current version

Luck@lemmy.one on 21 Mar 17:38 collapse

It’s under details.

nonanomalus@lemmy.sdf.org on 21 Mar 22:53 collapse

Awesome thanks, your right, can’t believe i missed that, i guess details do matter

gnuplusmatt@reddthat.com on 21 Mar 01:49 collapse

if you’re worried about the integrity of the sources you’re installing from why are you using app images? Use a repo, or flathub