Manjaro Difference between revisions of "How-to verify GPG key of official .ISO images"

Difference between revisions of "How-to verify GPG key of official .ISO images"

From Manjaro
(Change GitHub to GitLab)
m (download from gitlab)
Line 7: Line 7:
'''3.''' Next, you have 2 possible ways to import Manjaro's keys. Choose one of them:
'''3.''' Next, you have 2 possible ways to import Manjaro's keys. Choose one of them:


3.1 Download all keys from the Manjaro Developers from GitHub:
3.1 Download all keys from the Manjaro Developers from GitLab:
  wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg
  wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg
Next, import all the keys in the downloaded .GPG file into your gnupg keyring:
Next, import all the keys in the downloaded .GPG file into your gnupg keyring:
Line 21: Line 21:
Check, whether the .ISO was verified by Philip Müller's key ("11C7F07E") or another Manjaro Developer's key, which you have imported to your system.
Check, whether the .ISO was verified by Philip Müller's key ("11C7F07E") or another Manjaro Developer's key, which you have imported to your system.
If this is the case, you can be sure that your .iso file was built by Philip Müller or another Manjaro Developer.
If this is the case, you can be sure that your .iso file was built by Philip Müller or another Manjaro Developer.


=Links=
=Links=

Revision as of 13:08, 13 June 2021

1. Download the an ISO file and corresponding .sig file from official sources(see Download Manjaro below)

2. Install GPG:

sudo pacman -S gnupg wget

3. Next, you have 2 possible ways to import Manjaro's keys. Choose one of them:

3.1 Download all keys from the Manjaro Developers from GitLab:

wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg

Next, import all the keys in the downloaded .GPG file into your gnupg keyring:

gpg --import manjaro.gpg

3.2 If you do not trust GitLab, import Philip Müller's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER):

gpg --keyserver hkp://pool.sks-keyservers.net --search-keys 11C7F07E

4. Finally, verify if the .ISO image file was built by one of Manjaro's Developers or Philip Müller:

gpg --verify manjaro-xfce-16.06-pre2-x86_64.iso.sig

Compare the key, which was used to sign the .ISO file to the key

Check, whether the .ISO was verified by Philip Müller's key ("11C7F07E") or another Manjaro Developer's key, which you have imported to your system. If this is the case, you can be sure that your .iso file was built by Philip Müller or another Manjaro Developer.

Links

Cookies help us deliver our services. By using our services, you agree to our use of cookies.