Skip to main content

How To Verify iso Image After Download In Linux

I assume that you have downloaded the image / iso file in a folder. Navigate to the folder where the iso is. You have to get the public gpg key for fedora downloads.

[donato@archdesktop Downloads]$ ls
builds  debian-live--9.0.0-amd64-gnome  Fedora-Workstation-Live-x86_64-25  Fedora-Workstation-Live-x86_64-26
[donato@archdesktop Downloads]$ cd Fedora-Workstation-Live-x86_64-26
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ ls
Fedora-Workstation-26-1.5-x86_64-CHECKSUM  Fedora-Workstation-Live-x86_64-26-1.5.iso
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ gpg --verify Fedora-Workstation-Live-x86_64-26-1.5.iso
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ ls
Fedora-Workstation-26-1.5-x86_64-CHECKSUM  Fedora-Workstation-Live-x86_64-26-1.5.iso
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ curl https://getfedora.org/static/fedora.gpg | gpg --import
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 18521  100 18521    0     0  11190      0  0:00:01  0:00:01 --:--:-- 11190
gpg: key 73BDE98381B46521: public key "Fedora (24) <fedora-24-primary@fedoraproject.org>" imported
gpg: key B8635EEB030D5AED: public key "Fedora Secondary (24) <fedora-24-secondary@fedoraproject.org>" imported
gpg: key 4089D8F2FDB19C98: public key "Fedora 25 Primary (25) <fedora-25-primary@fedoraproject.org>" imported
gpg: key 1A185CDDE372E838: public key "Fedora 25 Secondary (25) <fedora-25-secondary@fedoraproject.org>" imported
gpg: key 812A6B4B64DAB85D: public key "Fedora 26 Primary (26) <fedora-26-primary@fedoraproject.org>" imported
gpg: key 4560FD4D3B921D09: public key "Fedora 26 Secondary (26) <fedora-26-secondary@fedoraproject.org>" imported
gpg: key F55E7430F5282EE4: public key "Fedora 27 (27) <fedora-27@fedoraproject.org>" imported
gpg: key 3B49DF2A0608B895: public key "EPEL (6) <epel@fedoraproject.org>" imported
gpg: key 6A2FAEA2352C64E5: public key "Fedora EPEL (7) <epel@fedoraproject.org>" imported
gpg: Total number processed: 9
gpg:               imported: 9
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ gpg --verify-files *-CHECKSUM
gpg: Signature made Fri 07 Jul 2017 11:13:31 PM +08
gpg:                using RSA key 812A6B4B64DAB85D
gpg: Good signature from "Fedora 26 Primary (26) <fedora-26-primary@fedoraproject.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: E641 850B 77DF 4353 78D1  D7E2 812A 6B4B 64DA B85D
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ sha256sum -c *-CHECKSUM
sha256sum: Fedora-Workstation-netinst-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-netinst-x86_64-26-1.5.iso: FAILED open or read
Fedora-Workstation-Live-x86_64-26-1.5.iso: OK
sha256sum: Fedora-Workstation-ostree-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-ostree-x86_64-26-1.5.iso: FAILED open or read
sha256sum: WARNING: 19 lines are improperly formatted
sha256sum: WARNING: 2 listed files could not be read
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$

So this is for fedora distribution. If you're trying to verify another distribution then importing its gpg keys should the same. I downloaded the live workstation iso from their torrent page so it's the only iso i want to verify. Nothing else. I ignored the rest of the fail messages here.
 

tag: fedora,gpg,checksum,iso

Comments

Post a Comment

Popular posts from this blog

ZFS Unable to System Snapshot, bpool is Full?

I first encountered the problem after a routine update / upgrade of the system. Well there was a kernel upgrade and I have not checked how many old kernels are still left for backups in /boot. Apparently, there was a few and the partition is 85% full. Every software update included a warning because of the restriction in disk space. Also, zfs could not create snapshots. It is also full. This is not very clear to me. Snapshots were suppose to be diff copies so why would it take up a large space. Most of the snapshots are less than 2MB. Or 0MB. Another problem that popped up is the constant freezing of Rhythmbox. I don't know if the config files are corrupted. The CPU cycles from one to the next. Peaks for 5-6 seconds then on to the next CPU. This forced me to download Clementine and Audacious. But both applications do not find the zfs pool or don't show the zfs structure. Why not? My final solution is to reinstall Rhythmbox via snaps. I re-scanned the music libr
Post a Comment
Read more

Renter's ID and Business Licensing 2023

Last year's business permit application involved an undertaking of submitting lessee list to the Barangay in order to get them ID's including one for the lessor himself. I received a letter of notification just before New Year's Day. It informed me that I might be denied renewal of permits because I did not comply with this undertaking. So the Renter's ID is a serious thing now. When I went ahead and applied for a business permit renewal at the local government office everything went well except they want my list of lessee. So I had to backtrack and go to the Barangay and submit the list. They produced the ID's and I provided the photo ID's and of course have it signed by the lessee. After that, they pointed me to the cashier to pay the taxes and permit fees which totaled php15,305.00 ($280.33) During the payment of Fire and Safety department, they reminded me to bring my fire extinguisher official receipts of payment. I can pick up my new pe
Post a Comment
Read more