Skip to main content

How To Verify iso Image After Download In Linux

I assume that you have downloaded the image / iso file in a folder. Navigate to the folder where the iso is. You have to get the public gpg key for fedora downloads.

[donato@archdesktop Downloads]$ ls
builds  debian-live--9.0.0-amd64-gnome  Fedora-Workstation-Live-x86_64-25  Fedora-Workstation-Live-x86_64-26
[donato@archdesktop Downloads]$ cd Fedora-Workstation-Live-x86_64-26
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ ls
Fedora-Workstation-26-1.5-x86_64-CHECKSUM  Fedora-Workstation-Live-x86_64-26-1.5.iso
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ gpg --verify Fedora-Workstation-Live-x86_64-26-1.5.iso
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ ls
Fedora-Workstation-26-1.5-x86_64-CHECKSUM  Fedora-Workstation-Live-x86_64-26-1.5.iso
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ curl https://getfedora.org/static/fedora.gpg | gpg --import
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 18521  100 18521    0     0  11190      0  0:00:01  0:00:01 --:--:-- 11190
gpg: key 73BDE98381B46521: public key "Fedora (24) <fedora-24-primary@fedoraproject.org>" imported
gpg: key B8635EEB030D5AED: public key "Fedora Secondary (24) <fedora-24-secondary@fedoraproject.org>" imported
gpg: key 4089D8F2FDB19C98: public key "Fedora 25 Primary (25) <fedora-25-primary@fedoraproject.org>" imported
gpg: key 1A185CDDE372E838: public key "Fedora 25 Secondary (25) <fedora-25-secondary@fedoraproject.org>" imported
gpg: key 812A6B4B64DAB85D: public key "Fedora 26 Primary (26) <fedora-26-primary@fedoraproject.org>" imported
gpg: key 4560FD4D3B921D09: public key "Fedora 26 Secondary (26) <fedora-26-secondary@fedoraproject.org>" imported
gpg: key F55E7430F5282EE4: public key "Fedora 27 (27) <fedora-27@fedoraproject.org>" imported
gpg: key 3B49DF2A0608B895: public key "EPEL (6) <epel@fedoraproject.org>" imported
gpg: key 6A2FAEA2352C64E5: public key "Fedora EPEL (7) <epel@fedoraproject.org>" imported
gpg: Total number processed: 9
gpg:               imported: 9
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ gpg --verify-files *-CHECKSUM
gpg: Signature made Fri 07 Jul 2017 11:13:31 PM +08
gpg:                using RSA key 812A6B4B64DAB85D
gpg: Good signature from "Fedora 26 Primary (26) <fedora-26-primary@fedoraproject.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: E641 850B 77DF 4353 78D1  D7E2 812A 6B4B 64DA B85D
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ sha256sum -c *-CHECKSUM
sha256sum: Fedora-Workstation-netinst-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-netinst-x86_64-26-1.5.iso: FAILED open or read
Fedora-Workstation-Live-x86_64-26-1.5.iso: OK
sha256sum: Fedora-Workstation-ostree-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-ostree-x86_64-26-1.5.iso: FAILED open or read
sha256sum: WARNING: 19 lines are improperly formatted
sha256sum: WARNING: 2 listed files could not be read
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$

So this is for fedora distribution. If you're trying to verify another distribution then importing its gpg keys should the same. I downloaded the live workstation iso from their torrent page so it's the only iso i want to verify. Nothing else. I ignored the rest of the fail messages here.
 

tag: fedora,gpg,checksum,iso
Post a Comment

Popular posts from this blog

America Must Evolve Fast Or Die

This was a music festival concert venue in Las Vegas, Nevada. A shooter in the 32nd floor of a nearby hotel across the general area opened fire then shot himself. He killed 59 people in what reports call the biggest mass shooting in modern American history to date.
America must learn from the lessons of previous mass shootings otherwise this tragedy will happen again. Reasonable animals evolve when their lives and the life of the pack or group are threatened. They change how they face the problem and not just move on. They don't dismiss reality. They recognize the problem and listen to reason. For those who say nothing can be done, you're wrong. There is something America can do. It is not premature to talk about gun control. This is the time to talk about it.

GnuCash In Arch Linux

I updated a number of packages today and Gnucash won't start. I immediately went to the Archlinux website to see what's happening. I can't seem to find the package in the community repo. There's a thread in AUR on how to compile Gnucash by hand no AUR helpers.

But I tried to compile goffice and webkit2, needed packages for Gnucash-git. No. It doesn't work for me.

Funny but I'm now using my Android Tablet with Gnucash app to record transactions. This is working. We need to have the stable GnuCash back. This is a stop gap on my part. Transactions don't stop when computers stop. Please don't make me go back to paper.

Star Wars: The Last Jedi Poster

The Last Jedi is coming this December 2017. I can't wait. My guess is we can watch it later in the Christmas season or even later than the New Year 2018. The Filipino Film Festival season usually starts the 15th December up to January 7th. Only Filipino films are shown in theaters. Unless there's a special run, we would see it much later.