Please help me verify Fedora signatures

Lx_pollywog

Lx_pollywog

Member
Joined
Nov 26, 2020
Messages
36
Reaction score
7
Credits
339
Easy for a regular difficult for a newbee...
Not sure how to write info in lines:
$ gpg --verify-files *-CHECKSUM
Or if i have to point to specific Download folder?
The Fedora iso is in Downloads folder

FEDORA_screen.png
 


Is this for your current installation or a new one you have downloaded? As running a check sum should have been done before installation is run.
 
Thankyou, hello BrickWizard.
The screenshot is me on Mint_os desktop !
Am preparing to wipe disk with a Fedora install on which i will run kvm. And i of course want a clean verified Fedora.
But then i also like the Bunsenlab's minalistic "Lithium_os"...

In screenshot can you see i tried the:
"gpg --verify-files *-CHECKSUM" as indicated but must have typed it in wrong somehow.
What do you think?
Thanks
 
Last edited:
It looks like they're not specifying the path properly. They managed to cd to Downloads so it's:

./fedora-file-name.iso
 
I think I found the problem(s): Either you are running the gpg command over a file that you haven't downloaded, or you are autocompleting the wrong way (autocompleting the asterisk).

Below are solutions to both potential problems.

Fedora's checksum files have a different name than the installation ISOs.

You need to download both the .iso file and the .iso-CHECKSUM to the same directory. In the page "Verify your downloads", you need to download the checksums file for your architecture (x86_64, aarch64,...) using one of these links:

1646631254738.png


Use right click and "Save Link As...", as with Firefox clicking with the main button will open it in a new tab and that's not waht we want.

As I see you need dhte x86_64, if you download the ISO and the appropriate CHECKSUMS file today you will have the following two files in the same folder, Downloads in my case:

Code: 
[l:0, a:0] ~/Downloads
% ls -lh
total 1.9G
-rw-r--r--. 1 gabriel gabriel 1.1K Mar  7 16:35 Fedora-Workstation-35-1.2-x86_64-CHECKSUM
-rw-r--r--. 1 gabriel gabriel 1.9G Mar  7 16:41 Fedora-Workstation-Live-x86_64-35-1.2.iso

Now, another problem is that you are told to run exactly gpg --verify-files *-CHECKSUM, but you are giving the name of the ISO and then adding -CHECKSUM. I bet this is because you typed the asterisk and then you pressed TAB, and then removed the space that the shell added, and then manually added -CHECKSUM :D

Either type literally "gpg --verify-files *-CHECKSUM" and hit return...

1646632756003.png


... or autocomplete the proper name as below:

To make sure you don't mistype anything in the name of the .CHECKSUM file, use the TAB to autocomplete, starting with gpg --verify-files ./F and now press the TAB key. It should autocomplete until you have gpg --verify-files ./Fedora-Workstation-. This is because there are two alternatives. Now type "3" and TAB again, and you will have the command ready gpg --verify-files ./Fedora-Workstation-35-1.2-x86_64-CHECKSUM.

Let's go:
1646632007436.png


You should get Good signature from "[a key from the Fedora Project]", as above.

And from there, you can verify the checksum of the ISO with sha256sum -c over the same file:

1646632116913.png


If you're interested on what are you doing with all this, check this thread: Verify your Downloads -- Integrity and Signatures
 
Last edited:
You must log in or register to reply here.

Members online

Total: 771 (members: 3, guests: 768)

Latest posts

Top