Re: verifying the boot.iso for fedora 15

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Okay, Trying to verify the alpha netinst.iso, I seem to have forgotten
the way these files work, again.

----
gpg --verify Fedora-15-Alpha-i386-CHECKSUM Fedora-15-Alpha-i386-netinst.iso
gpg: not a detached signature
---

This is telling me that the CHECKSUM combines the signature and the checksum.

I looked inside the CHECKSUM (actually seeing the contents instead of
just checking that there was something there). The list of files and
checksums is in there with the signature. That's why it's not a
detached signature.

On Wed, Apr 6, 2011 at 8:58 AM, Joel Rees <joel.rees@xxxxxxxxx> wrote:
> On Wed, Apr 6, 2011 at 12:14 AM, Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote:
>> On 04/05/2011 11:12 PM, Ed Greshko wrote:
>>> On 04/05/2011 10:43 PM, Joel Rees wrote:
>>>> How does one verify boot.iso for the alpha version?
>>>>
>>>> I've imported the key file, but I don't see a proper signature or an
>>>> sha256 checksum.
>>> I downloaded from a mirror and it was there....
>>>
>>> e.g.
>>> ftp://ftp.isu.edu.tw:0/pub/Linux/Fedora/linux/releases/test/15-Alpha/Fedora/i386/iso/Fedora-15-Alpha-i386-CHECKSUM
>>>
>>
>> Sorry....  That should have read...
>>
>> ftp://ftp.isu.edu.tw/pub/Linux/Fedora/linux/releases/test/15-Alpha/Fedora/i386/iso/Fedora-15-Alpha-i386-CHECKSUM
>
> Hmm.
>
> I see that I was looking in a different place. I was looking at
>
> linux/development/15/i386/os/images/boot.iso , and this is
>
> linux/releases/15-Alpha/Fedora/i386/iso/Fedora-15-Alpha-i386-netinst.iso
> (or the DVD).
>
> Okay, just for fun, I played games linking (symbolic) boot.iso to
> Fedora-15-Alpha-i386.iso and gpg says this:

That would have been

----
ln -s boot.iso Fedora-15-Alpha-i386.iso
gpg --verify Fedora-15-Alpha-i386-CHECKSUM
----

> gpg: Signature made Thu 03 Mar 2011 12:34:51 PM JST using RSA key ID 069C8460
> gpg: Good signature from "Fedora (15) <fedora@xxxxxxxxxxxxxxxxx>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 25DB B54B DED7 0987 F4C1  0042 B4EB F579 069C 8460

which tells me, that the signature on the checksums is valid. So, now
I need to actually run sha256sum or openssl sha256 on the file and
compare the signatures.

sha256sum Fedora-15-Alpha-i386.iso > checksum15.text
vi Fedora-15-Alpha-i386-CHECKSUM checksum15.text

and yy the checksum from the one and p it in the other and eyeball it
-- they match, and now I know they match.

Yep. I've forgotten how to use gpg again. I hate getting old.

> but I don't find either the key or the fingerprint at
> https://fedoraproject.org/keys.
>
> I guess I'm going to download the netinst iso now.

For what it's worth, I cmp-ed the boot.iso and the netinst.iso and
they are definitiely not the same. Not sure whether I expected them to
be.

So, now I have a netinst image with a very high probability of being
valid, and I go back and look at gPXE and the BFO stuff, and I'm more
than half thinking I want to go that route instead. Maybe.

Sorry for the noise, but I'm going to post this, to leave myself
another note. Maybe I'll someday get myself to remember that gpg does
not automatically look at the file list and run the checksum step.

Joel Rees
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux