Newbee verifying my download CHECKSUM files

Hi. Real newbee post for you. I’m on Ubuntu. Tried but see no progress with:

“Verify your download with CHECKSUM files” instructions on getFedora org

I suppose i am not composing the line instruction properly or other reason i ignore:

“gpg --verify-files *-CHECKSUM”

I tried:

gpg --verify-files Fedora-Workstation-Live-x86_64-35-1.2.iso -CHECKSUM
gpg --verify-files Fedora-Workstation-Live-x86_64-35-1.2.iso-CHECKSUM
gpg --verify-files Fedora-Workstation-Live-x86_64-35-1.2.iso CHECKSUM

And get a:

gpg: can’t open ‘Fedora-Workstation-Live-x86_64-35-1.2.iso-CHECKSUM’: No such file or directory

Instructions from getFedora site:

View from terminal:


Did you actually download the *-CHECKSUM files? And are you running the gpg command in the directory that contains them?

Hi, thanks for spotting my question

1-Did gpg import to downloads folder as instructed
see: screenshot ‘fedora-1’
2-Verified gpg in downloads folder
visible in Screenshot: ‘fedora-2’
Top of screenshot see the ‘import’

What did i not do?

The screenshots do not show any *-CHECKSUM files.

The instructions in the first screenshot setup gpg to be able to verify checksums.

The second screenshot shows that you have downloaded the .iso, but not the checksums.

They are on the right of the instructions:

1 Like

Thanks again cool guy Elliot
Looks like i have a blindspot on the right side.
That’s why i’m not an airplane pilot :slight_smile:

Errors, but i have seen this doing others installs & been told to ignore:

WARNING: This key is not certified with a trusted signature!

But this ‘sha256sum’ result is more worrisome? :

WARNING: 19 lines are improperly formatted


That should have given you an OK response followed by the message.

The message is simply telling you that the gpg signature lines contained in the .CHECKSUM file are not in the format expected by the sha256sum command. The message is perfectly acceptable since the file contains lines for each iso to be verified followed by the signature that is used to ensure the checksum file itself has not been altered and came from an approved source.

I can finally install my Fedora!
Was gonna run a kvm but i quick saw there is also a fedora virtualisation tool/app…
whasss that about…