I think I found the problem(s):
Either you are running the gpg
command over a file that you haven't downloaded, or you are autocompleting the wrong way (autocompleting the asterisk).
Below are solutions to both potential problems.
Fedora's checksum files have a different name than the installation ISOs.
You need to download both the .iso file and the .iso-CHECKSUM to the same directory. In the page "
Verify your downloads", you need to download the checksums file for your architecture (x86_64, aarch64,...) using one of these links:
Use right click and "Save Link As...", as with Firefox clicking with the main button will open it in a new tab and that's not waht we want.
As I see you need dhte x86_64, if you download the ISO and the appropriate CHECKSUMS file today you will have the following two files in the same folder, Downloads in my case:
Code:
[l:0, a:0] ~/Downloads
% ls -lh
total 1.9G
-rw-r--r--. 1 gabriel gabriel 1.1K Mar 7 16:35 Fedora-Workstation-35-1.2-x86_64-CHECKSUM
-rw-r--r--. 1 gabriel gabriel 1.9G Mar 7 16:41 Fedora-Workstation-Live-x86_64-35-1.2.iso
Now, another problem is that you are told to run exactly
gpg --verify-files *-CHECKSUM
, but you are giving the name of the ISO and then adding -CHECKSUM. I bet this is because you typed the asterisk and then you pressed TAB, and then removed the space that the shell added, and then manually added -CHECKSUM
Either type literally "
gpg --verify-files *-CHECKSUM
" and hit return...
... or autocomplete the proper name as below:
To make sure you don't mistype anything in the name of the .CHECKSUM file, use the TAB to autocomplete, starting with
gpg --verify-files ./F
and now press the TAB key. It should autocomplete until you have
gpg --verify-files ./Fedora-Workstation-
. This is because there are two alternatives. Now type "3" and TAB again, and you will have the command ready
gpg --verify-files ./Fedora-Workstation-35-1.2-x86_64-CHECKSUM
.
Let's go:
You should get
Good signature from "[a key from the Fedora Project]
", as above.
And from there, you can verify the checksum of the ISO with
sha256sum -c
over the same file:
If you're interested on what are you doing with all this, check this thread:
Verify your Downloads -- Integrity and Signatures