Ask Your Question
0

checksum questions

asked 2017-07-15 08:47:53 -0600

wolfv gravatar image

I am on Fedora 25 with broadband Ethernet (not WiFi), getting ready to clean install Fedora 26 Workstation. So I downloaded the Netinstall Images Fedora-Workstation-netinst-x86_64-26-1.5.iso Now I am trying to follow the checksum instruction on https://getfedora.org/en/verify

The instructions say:

The CHECKSUM file should have a good signature from one of the following keys:
64DAB85D - Fedora 26

Am I supposed to do something with the key?

What directory should the line commands in the instructions be executed from? The following commands where executed from the same directory as the Fedora-Workstation-netinst-x86_64-26-1.5.iso

My output did not say "valid". What did I do wrong?

[wolfv@localhost ~/Downloads]
$ curl https://getfedora.org/static/fedora.gpg | gpg --import
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0gpg: key 81B46521: "Fedora (24) <fedora-24-primary@fedoraproject.org>" not changed
gpg: key 030D5AED: "Fedora Secondary (24) <fedora-24-secondary@fedoraproject.org>" not changed
gpg: key FDB19C98: "Fedora 25 Primary (25) <fedora-25-primary@fedoraproject.org>" not changed
gpg: key E372E838: "Fedora 25 Secondary (25) <fedora-25-secondary@fedoraproject.org>" not changed
100 18521  100 18521    0     0  29196      0 --:--:-- --:--:-- --:--:-- 29166
gpg: key 64DAB85D: "Fedora 26 Primary (26) <fedora-26-primary@fedoraproject.org>" not changed
gpg: key 3B921D09: "Fedora 26 Secondary (26) <fedora-26-secondary@fedoraproject.org>" not changed
gpg: key F5282EE4: "Fedora 27 (27) <fedora-27@fedoraproject.org>" not changed
gpg: key 0608B895: "EPEL (6) <epel@fedoraproject.org>" not changed
gpg: key 352C64E5: "Fedora EPEL (7) <epel@fedoraproject.org>" not changed
gpg: Total number processed: 9
gpg:              unchanged: 9
[wolfv@localhost ~/Downloads]
$ gpg --verify-files *-CHECKSUM
gpg: Signature made Fri 07 Jul 2017 09:13:31 AM MDT using RSA key ID 64DAB85D
gpg: lookup_hashtable failed: eof
gpg: Good signature from "Fedora 26 Primary (26) <fedora-26-primary@fedoraproject.org>"
gpg: lookup_hashtable failed: eof
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: E641 850B 77DF 4353 78D1  D7E2 812A 6B4B 64DA B85D
[wolfv@localhost ~/Downloads]
$ sha256sum -c *-CHECKSUM
Fedora-Workstation-netinst-x86_64-26-1.5.iso: OK
sha256sum: Fedora-Workstation-Live-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-Live-x86_64-26-1.5.iso: FAILED open or read
sha256sum: Fedora-Workstation-ostree-x86_64-26-1.5.iso: No such file or directory
Fedora-Workstation-ostree-x86_64-26-1.5.iso: FAILED open or read
sha256sum: WARNING: 19 lines are improperly formatted
sha256sum: WARNING: 2 listed files could not be read
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
2

answered 2017-07-15 08:59:26 -0600

villykruse gravatar image

updated 2017-07-15 09:03:31 -0600

The CHECKSUM file should have a good signature from one of the following keys:
64DAB85D - Fedora 26

Use this information when running the gpg --verify-files.

$ gpg --verify-files *-CHECKSUM
gpg: Signature made Fri 07 Jul 2017 09:13:31 AM MDT using RSA key ID 64DAB85D

Notice the value 64DAB85D is the same.

What this means is that the CHECKSUM file has been signed by whoever owns the key with this signature. So if it has been signed by a certificate with a different ID, you got the wrong iso file.

You did nothing wrong. The CHECKSUM file is validated and OK. Your .iso file is also valid and OK. The CHECKSUM files contains checksums for other files you did not download; and that is why you some error messages about not able to open them. This is not a problem.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-07-15 08:47:53 -0600

Seen: 306 times

Last updated: Jul 15 '17