Difference between revisions of "How-to verify GPG key of official .ISO images"
How-to verify GPG key of official .ISO images (view source)
Revision as of 23:14, 10 February 2017
, 7 years agono edit summary
imported>Excalibur1234 |
imported>Excalibur1234 |
||
| Line 1: | Line 1: | ||
1. Go to the [https://sourceforge.net/projects/manjarolinux/files/release/ SourceForge page of Manjaro], where you can choose the latest version you want to download. Also, choose the edition you want to download such as XFCE or KDE. | '''1.''' Go to the [https://sourceforge.net/projects/manjarolinux/files/release/ SourceForge page of Manjaro], where you can choose the latest version you want to download. Also, choose the edition you want to download such as XFCE or KDE. | ||
2. You can find many files: | '''2.''' You can find many files: | ||
* Some files with an .ISO extension. These files are the images to download. | * Some files with an .ISO extension. These files are the images to download. | ||
* Some files have an .ISO.SHA1 extension. They contain a check sum. | * Some files have an .ISO.SHA1 extension. They contain a check sum. | ||
| Line 8: | Line 8: | ||
* Some files with an .ISO.SIG extension. These files contain the GPG key of the packager. In most cases, this will be Philip Müller, one of the founders of Manjaro. | * Some files with an .ISO.SIG extension. These files contain the GPG key of the packager. In most cases, this will be Philip Müller, one of the founders of Manjaro. | ||
3. Download the corresponding .ISO and .ISO.SIG files and place them in the same folder. Navigate with your terminal to that folder. | '''3.''' Download the corresponding .ISO and .ISO.SIG files and place them in the same folder. Navigate with your terminal to that folder. | ||
4. Install GPG: | '''4.''' Install GPG: | ||
sudo pacman -S gnupg | sudo pacman -S gnupg wget | ||
5. Next, import Philip Müller's GPG key to your system (select the key by entering its number and pressing ENTER): | '''5.''' Next, you have 2 possible ways to import Manjaro's keys. Choose one of them: | ||
5.1 Download all keys from the Manjaro Developers from GitHub: | |||
wget github.com/manjaro/packages-core/raw/master/manjaro-keyring/manjaro.gpg | |||
Next, import all the keys in the downloaded .GPG file into your gnupg keyring: | |||
gpg --import manjaro.gpg | |||
5.2 If you do not trust GitHub, import Philip Müller's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER): | |||
gpg --keyserver hkp://pool.sks-keyservers.net --search-keys 11C7F07E | gpg --keyserver hkp://pool.sks-keyservers.net --search-keys 11C7F07E | ||
6. Finally, verify if the .ISO image file was built by Philip Müller: | '''6.''' Finally, verify if the .ISO image file was built by one of Manjaro's Developers or Philip Müller: | ||
gpg --verify manjaro-xfce-16.06-pre2-x86_64.iso.sig | gpg --verify manjaro-xfce-16.06-pre2-x86_64.iso.sig | ||
Check, whether the .ISO was verified by | Compare the key, which was used to sign the .ISO file to the key | ||
If this is the case, you can be sure that your .ISO file was built by Philip Müller. | |||
Check, whether the .ISO was verified by Philip Müller's key ("11C7F07E") or another Manjaro Developer's key, which you have imported to your system. | |||
If this is the case, you can be sure that your .ISO file was built by Philip Müller or another Manjaro Developer. | |||