Difference between revisions of "How-to verify GPG key of official .ISO images"
Views
Actions
Namespaces
Variants
Tools
m (Added Manjaro build servers to verbiage) |
m (changed pacman to pamac (Manjaro standard)) |
||
Line 1: | Line 1: | ||
'''1.''' Download | '''1.''' Download an ISO file and the corresponding .sig file from the official sources (see Download Manjaro below). | ||
Install GPG and wget using a Manjaro package manager (pamac or pacman): | |||
pamac install gnupg wget | |||
'''3.''' Next, you have 2 possible ways to import Manjaro's keys. Choose one of them: | '''3.''' Next, you have 2 possible ways to import Manjaro's keys. Choose one of them: |
Revision as of 19:10, 1 July 2021
1. Download an ISO file and the corresponding .sig file from the official sources (see Download Manjaro below).
Install GPG and wget using a Manjaro package manager (pamac or pacman):
pamac install gnupg wget
3. Next, you have 2 possible ways to import Manjaro's keys. Choose one of them:
3.1 Download all keys from the Manjaro Developers from GitLab:
wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg
Next, import all the keys in the downloaded .GPG file into your gnupg keyring:
gpg --import manjaro.gpg
3.2 If you do not trust GitLab, import Philip Müller's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER):
gpg --keyserver keyserver.ubuntu.com --search-keys CAA6A59611C7F07E
4. Finally, verify if the .ISO image file was built by the Manjaro Build Server, one of the Manjaro’s Developers, or Philip Müller:
gpg --verify manjaro-xfce-16.06-pre2-x86_64.iso.sig
Compare the key, which was used to sign the .ISO file to the key
Check, whether the .ISO was verified by Philip Müller's key ("CAA6A59611C7F07E"), another Manjaro Developer's key, or the Manjaro Build Server's key which you have imported to your system. If this is the case, you can be sure that your .iso file was built by Philip Müller or another Manjaro Developer.