This is an old revision of the document!
Sparky iso image should be downloaded from one of the official servers only. Use links from the download page only: http://sparkylinux.org/download to make sure they are official.
Download the AllSums.txt file too, which features control sums of the iso image:
To verify Sparky iso image, run one of the command, using a terminal emulator, in the download folder:
md5sum sparkylinux-<version>-<arch>-<edition>.iso sha1sum sparkylinux-<version>-<arch>-<edition>.iso sha256sum sparkylinux-<version>-<arch>-<edition>.iso sha512sum sparkylinux-<version>-<arch>-<edition>.iso
For example:
md5sum sparkylinux-4.2-x86_64-kde.iso 364569cc931c1b8e4b5d17b978be85a6 sparkylinux-4.2-x86_64-kde.iso
To verify Sparky iso image compare the output sum with the sum provided by the AllSums.txt file
Starting from Sparky version 4.3, all iso images are signed with the GPG public key.
1. Download 'Sparky ISO Public Key':
wget http://sparkylinux.org/files/klucz/sparkylinux-iso.gpg.key -O sparkylinux-iso.gpg.key
2. Import the downloaded key:
gpg --keyid-format long --import sparkylinux-iso.gpg.key gpg: /home/pavroo/.gnupg/trustdb.gpg: trustdb created gpg: key C39D3F722C86EECA: public key "Paweł Pijanowski (SparkyLinux ISO images key) <pavroo@onet.eu>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
3. Download sparkylinux-<version>-<arch>-<edition>.iso.sig file from the download page.
4. Open a terminal emulator in your download directory which contains both the Sparky iso image and the sig file, and verify the iso (example):
gpg --keyid-format 0xlong --verify sparkylinux-4.3-i686-minimalcli.iso.sig sparkylinux-4.3-i686-minimalcli.iso
The output should display the right key:
gpg: Signature made Fri 04 Mar 2016 07:45:37 PM CET gpg: using RSA key 1F61A0A8478AE18EA3E77CF9C39D3F722C86EECA gpg: Good signature from "Paweł Pijanowski (SparkyLinux ISO images key) <pavroo@onet.eu>" Primary key fingerprint: 1F61 A0A8 478A E18E A3E7 7CF9 C39D 3F72 2C86 EECA
or:
gpg: Signature made Fri 04 Mar 2016 07:45:37 PM CET gpg: using RSA key 1F61A0A8478AE18EA3E77CF9C39D3F722C86EECA gpg: Good signature from "Paweł Pijanowski (SparkyLinux ISO images key) <pavroo@onet.eu>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 1F61 A0A8 478A E18E A3E7 7CF9 C39D 3F72 2C86 EECA
Change the iso image name to yours.
Everything is fine if the iso key is the same as is in point 2 and 4:
gpg: using RSA key 1F61A0A8478AE18EA3E77CF9C39D3F722C86EECA
—-