Re: Verifying a Fedora-33 Image

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 11 Feb 2021 at 12:54, Jonathan Ryshpan <jonrysh@xxxxxxxxxxx> wrote:
I have downloaded the Fedora-33 KDE spin and am attempting to verify it.  Following the instructions (appended below for convenience) I have:
  • Imported the keys using curl (where do they go?) and
  • Verified the CHECKSUM file using gpg

The verification fails with this message:
$ gpg --verify-files *-CHECKSUM
gpg: Signature made Fri 23 Oct 2020 08:09:07 AM PDT
gpg:                using RSA key 963A2BEB02009608FE67EA4249FD77499570FF31
gpg: Good signature from "Fedora (33) <fedora-33-primary@xxxxxxxxxxxxxxxxx>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 963A 2BEB 0200 9608 FE67  EA42 49FD 7749 9570 FF31
This doesn't look good.  How can I verify the CHECKSUM file?

Check the fingerprint against fingerprints of Fedora current keys at the bottom of the 
https://getfedora.org/security/ page.

Fedora 33  id: 4096R/9570FF31 2020-01-28

Fingerprint: 963A 2BEB 0200 9608 FE67 EA42 49FD 7749 9570 FF31
 

Verification instructions from https://spins.fedoraproject.org/en/verify follow:
Next, import Fedora's GPG key(s):
$ curl https://getfedora.org/static/fedora.gpg | gpg --import
You can verify the details of the GPG key(s) here.
Now, verify that the CHECKSUM file is valid:
$ gpg --verify-files *-CHECKSUM
The CHECKSUM file should have a good signature from one of the following keys:
    • 12C944D0 - Fedora 32
    • 3C3359C4 - Fedora 31
    • CFC659B9 - Fedora 30
    • DBBDCF7C - IOT 2019
Finally, now that the CHECKSUM file has been verified, check that the image's checksum matches:
$ sha256sum -c *-CHECKSUM
If the output states that the file is valid, then it's ready to use!

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


--
George N. White III

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux