gpg를 사용하여 Linux 커널 서명을 확인하는 방법은 무엇입니까?

gpg를 사용하여 Linux 커널 서명을 확인하는 방법은 무엇입니까?

kernel.org의 참고 사항을 따르세요.장소, 하지만 커널의 서명을 확인할 수 없는 것 같습니다. 나는 그것을 처리하기 위해 주어진 스크립트를 사용하려고 시도했지만 그것도 실패했습니다.

user@localhost ~ $ sh ./get-verified-tarball  4.14.68
Using TMPDIR=/home/user/Downloads/linux-tarball-verify.gPukN5Mdg.untrusted
GNUPGHOME directory /home/user/.gnupg does not exist
Create it? [Y/n]y
Making sure we have all the necessary keys
gpg: invalid auto-key-locate list
Something went wrong fetching keys

수동 시도 실패:

user@localhost ~ $ rm -rf .gnupg/
user@localhost ~ $ gpg2 --locate-keys [email protected] [email protected]
gpg: directory `/home/user/.gnupg' created
gpg: new configuration file `/home/user/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
user@localhost ~ $ cd kernel
user@localhost ~/kernel $ ls
linux-4.14.68.tar  linux-4.14.68.tar.sign
user@localhost ~/kernel $ gpg2 --verify linux-4.14.68.tar.sign
gpg: Signature made Wed 05 Sep 2018 03:27:46 AM EDT using RSA key ID 6092693E
gpg: Can't check signature: No public key

내 구성:

user@localhost ~/kernel $ cat /etc/system-release
CentOS Linux release 7.2.1511 (Core)

user@localhost ~/kernel $ uname -a
Linux localhost.localdomain 3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18 13:04:29 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

user@localhost ~/kernel $ gpg2 --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Linux kernel releases PGP signatures
Kernel.org web of trust. PGP keys used by members of kernel.org are cross-signed by other members of the Linux kernel development community (and, frequently, by many other people).
www.kernel.org

이 문제를 해결하고 서명을 확인하려면 어떻게 해야 합니까?

관련 정보