User Tools

Site Tools


verify_iso

Verify ISO/IMG image

Basic way

Linux host

Sparky iso image should be downloaded from one of the official servers only. Use links from the download page only: https://sparkylinux.org/download to make sure they are official.

Download the AllSums.txt file too, which features control sums of the ISO/IMG image:

  • md5sum
  • sha1
  • sha256
  • sha512

To verify Sparky ISO/IMG image, run one of the command, using a terminal emulator, in the download folder:

 md5sum sparkylinux-<version>-<arch>-<edition>.iso
 sha1sum sparkylinux-<version>-<arch>-<edition>.iso
 sha256sum sparkylinux-<version>-<arch>-<edition>.iso
 sha512sum sparkylinux-<version>-<arch>-<edition>.iso
 

For example:

 md5sum sparkylinux-4.2-x86_64-kde.iso
 364569cc931c1b8e4b5d17b978be85a6  sparkylinux-4.2-x86_64-kde.iso

To verify Sparky iso image compare the output sum with the sum provided by the AllSums.txt file

Signature

Linux host

Starting from Sparky version 4.3, all iso images are signed with the GPG public key.

1. Download 'Sparky ISO Public Key':

 wget https://sourceforge.net/projects/sparkylinux/files/sparkylinux-iso.gpg.key -O sparkylinux-iso.gpg.key

2. Import the downloaded key:

 gpg --keyid-format long --import sparkylinux-iso.gpg.key
 gpg: /home/pavroo/.gnupg/trustdb.gpg: trustdb created
 gpg: key C39D3F722C86EECA: public key "Paweł Pijanowski (SparkyLinux ISO images key) <pavroo@onet.eu>" imported
 gpg: Total number processed: 1
 gpg:               imported: 1  (RSA: 1) 

3. Download sparkylinux-<version>-<arch>-<edition>.iso.sig file from the download page.

4. Open a terminal emulator in your download directory which contains both the Sparky ISO/IMG image and the sig file, and verify the ISO/IMG (example):

 gpg --keyid-format 0xlong --verify sparkylinux-4.3-i686-minimalcli.iso.sig sparkylinux-4.3-i686-minimalcli.iso

The output should display the right key:

 gpg: Signature made Fri 04 Mar 2016 07:45:37 PM CET
 gpg:                using RSA key 1F61A0A8478AE18EA3E77CF9C39D3F722C86EECA
 gpg: Good signature from "Paweł Pijanowski (SparkyLinux ISO images key) <pavroo@onet.eu>"
 Primary key fingerprint: 1F61 A0A8 478A E18E A3E7  7CF9 C39D 3F72 2C86 EECA

or:

 gpg: Signature made Fri 04 Mar 2016 07:45:37 PM CET
 gpg:                using RSA key 1F61A0A8478AE18EA3E77CF9C39D3F722C86EECA
 gpg: Good signature from "Paweł Pijanowski (SparkyLinux ISO images key) <pavroo@onet.eu>" [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
 Primary key fingerprint: 1F61 A0A8 478A E18E A3E7  7CF9 C39D 3F72 2C86 EECA

Change the ISO/IMG image name to the one you have.

Everything is fine if the ISO/IMG key is the same as is in point 2 and 4:

 gpg:                using RSA key 1F61A0A8478AE18EA3E77CF9C39D3F722C86EECA

verify_iso.txt · Last modified: 2024/09/30 16:30 by pavroo