Our Slack for Linux (beta) app’s packages are signed with GPG keys to show that they're coming from Slack. Use the signatures to verify the authenticity of our packages.
To complete these steps, you'll need superuser privileges.
4.34 or above
4.33 and below
RPM-based distributions
Download Slack's public key: wget https://slack.com/gpg/slack_pubkey_20230710.gpg
Import Slack’s public key into RPM: sudo rpm --import slack_pubkey_20230710.gpg
Check the package signature: rpm --checksig .rpm On Red Hat Linux 8 and above, the output should say: .rpm: digests signatures OK
Debian-based distributions
Here's how to verify package signatures using debsig-verify 0.15 (or above), which is in Ubuntu 18.04 (or above).
The Slack for Linux (beta) app is signed using debsigs. You will need to install the program debsig-verify to verify the packages:sudo apt install debsig-verify
Next, download Slack's public key: wget https://slack.com/gpg/slack_pubkey_20230710.gpg
Create directories to store debsigs policies and keyrings for Slack’s public key: sudo mkdir -p /usr/share/debsig/keyrings/262281B2DDE0F7A1 sudo mkdir -p /etc/debsig/policies/262281B2DDE0F7A1
Initialise an empty keyring (the signing key is a GPGv1 key, so you must follow this step to ensure that it's imported correctly): sudo touch /usr/share/debsig/keyrings/262281B2DDE0F7A1/debsig.gpg
Import Slack’s public key into the corresponding debsigs keyring: sudo gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/262281B2DDE0F7A1/debsig.gpg --import slack_pubkey_20230710.gpg
Create a new file in your editor of choice: /etc/debsig/policies/262281B2DDE0F7A1/slack.pol Then, paste the following: id="262281B2DDE0F7A1"/>
Save the file, and exit the editor.
Check the package signature: debsig-verify .deb The output should say: Debsig: Verified package from ‘Slack’ (Slack)
RPM-based distributions
Download Slack's public key: wget https://slack.com/gpg/slack_pubkey_20220708.gpg
Import Slack’s public key into RPM: sudo rpm --import slack_pubkey_20220708.gpg
Check the package signature: rpm --checksig .rpm On Red Hat Linux 8 and above, the output should say: .rpm: digests signatures OK
Debian-based distributions
Here's how to verify package signatures using debsig-verify 0.15 (or above), which is in Ubuntu 18.04 (or above).
The Slack for Linux (beta) app is signed using debsigs. You will need to install the program debsig-verify to verify the packages:sudo apt install debsig-verify
Next, download Slack's public key: wget https://slack.com/gpg/slack_pubkey_20220708.gpg
Create directories to store debsigs policies and keyrings for Slack’s public key: sudo mkdir -p /usr/share/debsig/keyrings/D1EAC4827EB66C16 sudo mkdir -p /etc/debsig/policies/D1EAC4827EB66C16
Initialise an empty keyring (the signing key is a GPGv1 key, so you must follow this step to ensure that it's imported correctly): sudo touch /usr/share/debsig/keyrings/D1EAC4827EB66C16/debsig.gpg
Import Slack’s public key into the corresponding debsigs keyring: sudo gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/D1EAC4827EB66C16/debsig.gpg --import slack_pubkey_20220708.gpg
Create a new file in your editor of choice: /etc/debsig/policies/D1EAC4827EB66C16/slack.pol Then, paste the following:
Save the file, and exit the editor.
Check the package signature: debsig-verify .deb The output should say: Debsig: Verified package from ‘Slack’ (Slack)