How To Verify iso Image After Download In Linux

I assume that you have downloaded the image / iso file in a folder. Navigate to the folder where the iso is. You have get the public gpg key for fedora downloads.

[donato Downloads]$ ls
builds debian-live–9.0.0-amd64-gnome Fedora-Workstation-Live-x86_64-25 Fedora-Workstation-Live-x86_64-26
[donato Downloads]$ cd Fedora-Workstation-Live-x86_64-26
[donato Fedora-Workstation-Live-x86_64-26]$ ls
Fedora-Workstation-26-1.5-x86_64-CHECKSUM Fedora-Workstation-Live-x86_64-26-1.5.iso
[donato Fedora-Workstation-Live-x86_64-26]$ gpg –verify Fedora-Workstation-Live-x86_64-26-1.5.iso
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
[donato Fedora-Workstation-Live-x86_64-26]$ ls
Fedora-Workstation-26-1.5-x86_64-CHECKSUM Fedora-Workstation-Live-x86_64-26-1.5.iso
[donato@archdesktop Fedora-Workstation-Live-x86_64-26]$ curl https://getfedora.org/static/fedora.gpg | gpg –import
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 18521 100 18521 0 0 11190 0 0:00:01 0:00:01 –:–:– 11190
gpg: key 73BDE98381B46521: public key “Fedora (24) <fedora-24-primary>” imported
gpg: key B8635EEB030D5AED: public key “Fedora Secondary (24) <fedora-24-secondary>” imported
gpg: key 4089D8F2FDB19C98: public key “Fedora 25 Primary (25) <fedora-25-primary>” imported
gpg: key 1A185CDDE372E838: public key “Fedora 25 Secondary (25) <fedora-25-secondary>” imported
gpg: key 812A6B4B64DAB85D: public key “Fedora 26 Primary (26) <fedora-26-primary>” imported
gpg: key 4560FD4D3B921D09: public key “Fedora 26 Secondary (26) <fedora-26-secondary>” imported
gpg: key F55E7430F5282EE4: public key “Fedora 27 (27) <fedora-27>” imported
gpg: key 3B49DF2A0608B895: public key “EPEL (6) <epel>” imported
gpg: key 6A2FAEA2352C64E5: public key “Fedora EPEL (7) <epel>” imported
gpg: Total number processed: 9
gpg: imported: 9
[donato Fedora-Workstation-Live-x86_64-26]$ gpg –verify-files *-CHECKSUM
gpg: Signature made Fri 07 Jul 2017 11:13:31 PM +08
gpg: using RSA key 812A6B4B64DAB85D
gpg: Good signature from “Fedora 26 Primary (26) <fedora-26-primary>” [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E641 850B 77DF 4353 78D1 D7E2 812A 6B4B 64DA B85D
[donato Fedora-Workstation-Live-x86_64-26]$ sha256sum -c *-CHECKSUM
sha256sum: Fedora-Workstation-netinst-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-netinst-x86_64-26-1.5.iso: FAILED open or read
Fedora-Workstation-Live-x86_64-26-1.5.iso: OK
sha256sum: Fedora-Workstation-ostree-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-ostree-x86_64-26-1.5.iso: FAILED open or read
sha256sum: WARNING: 19 lines are improperly formatted
sha256sum: WARNING: 2 listed files could not be read
[donato Fedora-Workstation-Live-x86_64-26]$

tag: fedora,gpg,checksum,iso

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s