User Tools

Site Tools


verify_iso

This is an old revision of the document!


Verify ISO image

Basic way

Linux host

Sparky iso image should be downloaded from one of the official servers only. Use links from the download page only: http://sparkylinux.org/download to make sure they are official.

Download the AllSums.txt file too, which features control sums of the iso image:

  • md5sum
  • sha1
  • sha256
  • sha512

To verify Sparky iso image, run one of the command, using a terminal emulator, in the download folder:

 md5sum sparkylinux-<version>-<arch>-<edition>.iso
 sha1sum sparkylinux-<version>-<arch>-<edition>.iso
 sha256sum sparkylinux-<version>-<arch>-<edition>.iso
 sha512sum sparkylinux-<version>-<arch>-<edition>.iso
 

For example:

 md5sum sparkylinux-4.2-x86_64-kde.iso
 364569cc931c1b8e4b5d17b978be85a6  sparkylinux-4.2-x86_64-kde.iso

To verify Sparky iso image compare the output sum with the sum provided by the AllSums.txt file

Signature

Linux host

Starting from Sparky version 4.3, all iso images are signed with the GPG public key.

1. Download 'Sparky ISO Public Key':

 wget http://sparkylinux.org/files/klucz/sparkylinux-iso.gpg.key -O sparkylinux-iso.gpg.key

2. Import the downloaded key:

 gpg --keyid-format long --import sparkylinux-iso.gpg.key
 gpg: /home/pavroo/.gnupg/trustdb.gpg: trustdb created
 gpg: key C39D3F722C86EECA: public key "Paweł Pijanowski (SparkyLinux ISO images key) <pavroo@onet.eu>" imported
 gpg: Total number processed: 1
 gpg:               imported: 1  (RSA: 1) 

3. Download sparkylinux-<version>-<arch>-<edition>.iso.sig file from the download page.

4. Open a terminal emulator in your download directory which contains both the Sparky iso image and the sig file, and verify the iso:

 gpg --keyid-format 0xlong --verify sparkylinux-4.3-dev1-i686-minimalcli.iso.sig sparkylinux-4.3-dev1-i686-minimalcli.iso
 gpg: Signature made Fri 04 Mar 2016 07:45:37 PM CET
 gpg:                using RSA key 0xC39D3F722C86EECA
 gpg: Good signature from "Paweł Pijanowski (SparkyLinux ISO images key) <pavroo@onet.eu>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
 Primary key fingerprint: 1F61 A0A8 478A E18E A3E7  7CF9 C39D 3F72 2C86 EECA

Change the iso image name to yours.

Everything is fine if the iso key is the same as is in point 2 and 4:

 gpg:                using RSA key 0xC39D3F722C86EECA

verify_iso.1457130228.txt.gz · Last modified: 2021/05/04 15:25 (external edit)