Manjaro

Difference between revisions of "How-to verify GPG key of official .ISO images"

How-to verify GPG key of official .ISO images (view source)

Revision as of 19:16, 18 July 2021

11 bytes added ,  3 years ago
Change default imported GPG key, no longer the good one.
m (changed pacman to pamac (Manjaro standard))
(Change default imported GPG key, no longer the good one.)
Line 10: Line 10:
3.1 Download all keys from the Manjaro Developers from GitLab:
3.1 Download all keys from the Manjaro Developers from GitLab:
  wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg
  wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg
Next, import all the keys in the downloaded .GPG file into your gnupg keyring:
Next, import all the keys in the downloaded .gpg file into your gnupg keyring:
  gpg --import manjaro.gpg
  gpg --import manjaro.gpg


3.2 If you do not trust GitLab, import Philip Müller's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER):
3.2 If you do not trust GitLab, import Manjaro Build Server's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER):
  gpg --keyserver keyserver.ubuntu.com --search-keys CAA6A59611C7F07E
  gpg --keyserver keyserver.ubuntu.com --search-keys 279E7CF5D8D56EC8


'''4.''' Finally, verify if the .ISO image file was built by the Manjaro Build Server, one of the Manjaro’s Developers, or Philip Müller:
'''4.''' Finally, verify if the .iso image file was built by the Manjaro Build Server, one of the Manjaro’s Developers, or Philip Müller:
  gpg --verify manjaro-xfce-16.06-pre2-x86_64.iso.sig
  gpg --verify manjaro-xfce-21.0.7-210614-linux510.iso
Compare the key, which was used to sign the .ISO file to the key
Compare the key, which was used to sign the .iso file to the key


Check, whether the .ISO was verified by Philip Müller's key ("CAA6A59611C7F07E"), another Manjaro Developer's key, or the Manjaro Build Server's key which you have imported to your system.
Check, whether the .ISO was verified by Manjaro Build Server's GPG key ("279E7CF5D8D56EC8"), another Manjaro Developer's key, or the Philip Müller's key which you have imported to your system.
If this is the case, you can be sure that your .iso file was built by Philip Müller or another Manjaro Developer.
If this is the case, you can be sure that your .iso file was built by Philip Müller or another Manjaro Developer.


SkyghiS
1

edit

Retrieved from "https://wiki.manjaro.org/index.php/Special:MobileDiff/22983"