854
edits
Difference between revisions of "How-to verify GPG key of official .ISO images"
How-to verify GPG key of official .ISO images (view source)
Revision as of 17:34, 7 September 2021
, 3 years agoMarked this version for translation
m (added languages and translate tags) |
(Marked this version for translation) |
||
| Line 2: | Line 2: | ||
__TOC__ | __TOC__ | ||
<translate> | <translate> | ||
<!--T:1--> | |||
'''1.''' Download an ISO file and the corresponding .sig file from the official sources (see Download Manjaro below). | '''1.''' Download an ISO file and the corresponding .sig file from the official sources (see Download Manjaro below). | ||
<!--T:2--> | |||
'''2.''' Install GPG and wget using a Manjaro package manager (pamac or pacman): | '''2.''' Install GPG and wget using a Manjaro package manager (pamac or pacman): | ||
pamac install gnupg wget | <!--T:3--> | ||
pamac install gnupg wget | |||
<!--T:4--> | |||
'''3.''' Next, you have 2 possible ways to import Manjaro's keys. Choose one of them: | '''3.''' Next, you have 2 possible ways to import Manjaro's keys. Choose one of them: | ||
<!--T:5--> | |||
Download all keys from the Manjaro Developers from GitLab: | Download all keys from the Manjaro Developers from GitLab: | ||
wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg | wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg | ||
| Line 15: | Line 20: | ||
gpg --import manjaro.gpg | gpg --import manjaro.gpg | ||
<!--T:6--> | |||
If you do not trust GitLab, import the Manjaro Build Server's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER): | If you do not trust GitLab, import the Manjaro Build Server's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER): | ||
gpg --keyserver keyserver.ubuntu.com --search-keys Manjaro Build Server | gpg --keyserver keyserver.ubuntu.com --search-keys Manjaro Build Server | ||
<!--T:7--> | |||
'''4.''' Finally, verify if the .iso image file was built by the Manjaro Build Server, Philip Müller or one of the other Manjaro Developers, or : | '''4.''' Finally, verify if the .iso image file was built by the Manjaro Build Server, Philip Müller or one of the other Manjaro Developers, or : | ||
gpg --verify manjaro-ISO-image.iso.sig | gpg --verify manjaro-ISO-image.iso.sig | ||
Compare the key which was used to sign the .iso file with the corresponding developer key. | Compare the key which was used to sign the .iso file with the corresponding developer key. | ||
<!--T:8--> | |||
Check whether the .ISO was verified by Philip Müller's GPG key, another Manjaro Developer's key, or the Manjaro Build Server key which you have imported to your system. | Check whether the .ISO was verified by Philip Müller's GPG key, another Manjaro Developer's key, or the Manjaro Build Server key which you have imported to your system. | ||
If this is the case, you can be sure that your .iso is official. | If this is the case, you can be sure that your .iso is official. | ||
=Links= | =Links= <!--T:9--> | ||
<!--T:10--> | |||
* '''[[Download Manjaro]]''' | * '''[[Download Manjaro]]''' | ||
* '''[[Check a Downloaded ISO Image For Errors]]''' | * '''[[Check a Downloaded ISO Image For Errors]]''' | ||