I assume that you have downloaded the image / iso file in a folder. Navigate to the folder where the iso is. You have to get the public gpg key for fedora downloads.
[donato@archdesktop Downloads]$ ls
builds debian-live--9.0.0-amd64-gnome Fedora-Workstation-Live-x86_64-25 Fedora-Workstation-Live-x86_64-26
[donato@archdesktop Downloads]$ cd Fedora-Workstation-Live-x86_64-26
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ ls
Fedora-Workstation-26-1.5-x86_64-CHECKSUM Fedora-Workstation-Live-x86_64-26-1.5.iso
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ gpg --verify Fedora-Workstation-Live-x86_64-26-1.5.iso
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ ls
Fedora-Workstation-26-1.5-x86_64-CHECKSUM Fedora-Workstation-Live-x86_64-26-1.5.iso
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ curl https://getfedora.org/static/fedora.gpg | gpg --import
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 18521 100 18521 0 0 11190 0 0:00:01 0:00:01 --:--:-- 11190
gpg: key 73BDE98381B46521: public key "Fedora (24) <fedora-24-primary@fedoraproject.org>" imported
gpg: key B8635EEB030D5AED: public key "Fedora Secondary (24) <fedora-24-secondary@fedoraproject.org>" imported
gpg: key 4089D8F2FDB19C98: public key "Fedora 25 Primary (25) <fedora-25-primary@fedoraproject.org>" imported
gpg: key 1A185CDDE372E838: public key "Fedora 25 Secondary (25) <fedora-25-secondary@fedoraproject.org>" imported
gpg: key 812A6B4B64DAB85D: public key "Fedora 26 Primary (26) <fedora-26-primary@fedoraproject.org>" imported
gpg: key 4560FD4D3B921D09: public key "Fedora 26 Secondary (26) <fedora-26-secondary@fedoraproject.org>" imported
gpg: key F55E7430F5282EE4: public key "Fedora 27 (27) <fedora-27@fedoraproject.org>" imported
gpg: key 3B49DF2A0608B895: public key "EPEL (6) <epel@fedoraproject.org>" imported
gpg: key 6A2FAEA2352C64E5: public key "Fedora EPEL (7) <epel@fedoraproject.org>" imported
gpg: Total number processed: 9
gpg: imported: 9
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ gpg --verify-files *-CHECKSUM
gpg: Signature made Fri 07 Jul 2017 11:13:31 PM +08
gpg: using RSA key 812A6B4B64DAB85D
gpg: Good signature from "Fedora 26 Primary (26) <fedora-26-primary@fedoraproject.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E641 850B 77DF 4353 78D1 D7E2 812A 6B4B 64DA B85D
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ sha256sum -c *-CHECKSUM
sha256sum: Fedora-Workstation-netinst-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-netinst-x86_64-26-1.5.iso: FAILED open or read
Fedora-Workstation-Live-x86_64-26-1.5.iso: OK
sha256sum: Fedora-Workstation-ostree-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-ostree-x86_64-26-1.5.iso: FAILED open or read
sha256sum: WARNING: 19 lines are improperly formatted
sha256sum: WARNING: 2 listed files could not be read
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$
So this is for fedora distribution. If you're trying to verify another distribution then importing its gpg keys should the same. I downloaded the live workstation iso from their torrent page so it's the only iso i want to verify. Nothing else. I ignored the rest of the fail messages here.
So this is for fedora distribution. If you're trying to verify another distribution then importing its gpg keys should the same. I downloaded the live workstation iso from their torrent page so it's the only iso i want to verify. Nothing else. I ignored the rest of the fail messages here.
tag: fedora,gpg,checksum,iso
Comments