Tried to verify artix-base-openrc by
$ gpg --auto-key-retrieve --verify artix-base-openrc-20210101-x86_64.iso.sig artix-base-openrc-20210101-x86_64.iso
but got this:
gpg: Can't check signature: No public key
So googled then tried:
sudo gpg --keyserver subkeys.pgp.net --recv-keys 0xa574a1915cede31a3bff5a68606520acb886b428
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
was hanging 5 mins..
How is the correct way one?
replying my own
sudo gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xa574a1915cede31a3bff5a68606520acb886b428
resulting in acceptable though not perfect, there's a warning:
$ gpg --auto-key-retrieve --verify artix-base-openrc-20210101-x86_64.iso.sig artix-base-openrc-20210101-x86_64.iso
gpg: Signature made Sun 03 Jan 2021 09:30:42 PM UTC
gpg: using RSA key A574A1915CEDE31A3BFF5A68606520ACB886B428
gpg: Good signature from "Christos Nouskas <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A574 A191 5CED E31A 3BFF 5A68 6065 20AC B886 B428