Manjaro Difference between revisions of "How-to verify GPG key of official .ISO images"

Difference between revisions of "How-to verify GPG key of official .ISO images"

From Manjaro
(Change default imported GPG key, no longer the good one.)
m (Editing section title)
 
(5 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
<languages/>
__TOC__
<translate>
=Verifying GPG key of official .ISO images= <!--T:1-->
'''1.''' Download an ISO file and the corresponding .sig file from the official sources (see Download Manjaro below).
'''1.''' Download an ISO file and the corresponding .sig file from the official sources (see Download Manjaro below).


Install GPG and wget using a Manjaro package manager (pamac or pacman):
<!--T:2-->
'''2.''' Install GPG and wget using a Manjaro package manager (pamac or pacman):


pamac install gnupg wget
  <!--T:3-->
pamac install gnupg wget


<!--T:4-->
'''3.''' Next, you have 2 possible ways to import Manjaro's keys. Choose one of them:
'''3.''' Next, you have 2 possible ways to import Manjaro's keys. Choose one of them:


3.1 Download all keys from the Manjaro Developers from GitLab:
<!--T:5-->
Download all keys from the Manjaro Developers from GitLab:
  wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg
  wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg
Next, import all the keys in the downloaded .gpg file into your gnupg keyring:
Next, import all the keys in the downloaded .gpg file into your gnupg keyring:
  gpg --import manjaro.gpg
  gpg --import manjaro.gpg


3.2 If you do not trust GitLab, import Manjaro Build Server's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER):
<!--T:6-->
  gpg --keyserver keyserver.ubuntu.com --search-keys 279E7CF5D8D56EC8
If you do not trust GitLab, import the Manjaro Build Server's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER):
  gpg --keyserver keyserver.ubuntu.com --search-keys Manjaro Build Server


'''4.''' Finally, verify if the .iso image file was built by the Manjaro Build Server, one of the Manjaro’s Developers, or Philip Müller:
<!--T:7-->
  gpg --verify manjaro-xfce-21.0.7-210614-linux510.iso
'''4.''' Finally, verify if the .iso image file was built by the Manjaro Build Server, Philip Müller or one of the other Manjaro Developers:
Compare the key, which was used to sign the .iso file to the key
  gpg --verify manjaro-ISO-image.iso.sig manjaro-ISO-image.iso
Compare the key which was used to sign the .iso file with the corresponding developer key.


Check, whether the .ISO was verified by Manjaro Build Server's GPG key ("279E7CF5D8D56EC8"), another Manjaro Developer's key, or the Philip Müller's key which you have imported to your system.
<!--T:8-->
If this is the case, you can be sure that your .iso file was built by Philip Müller or another Manjaro Developer.
Check whether the .ISO was verified by Philip Müller's GPG key, another Manjaro Developer's key, or the Manjaro Build Server key which you have imported to your system.
If this is the case, you can be sure that your .iso is official.


=Links=
=Links= <!--T:9-->


<!--T:10-->
* '''[[Download Manjaro]]'''  
* '''[[Download Manjaro]]'''  
* '''[[Check a Downloaded ISO Image For Errors]]'''  
* '''[[Check a Downloaded ISO Image For Errors]]'''  
Line 30: Line 41:
* '''[[Installation Guides]]'''  
* '''[[Installation Guides]]'''  


 
</translate>
[[Category:Contents Page]]
[[Category:Contents Page{{#translation:}}]]
[[Category:ISO{{#translation:}}]]

Latest revision as of 09:11, 12 March 2022

Other languages:
English • ‎português do Brasil • ‎русский

Verifying GPG key of official .ISO images

1. Download an ISO file and the corresponding .sig file from the official sources (see Download Manjaro below).

2. Install GPG and wget using a Manjaro package manager (pamac or pacman):

  pamac install gnupg wget

3. Next, you have 2 possible ways to import Manjaro's keys. Choose one of them:

Download all keys from the Manjaro Developers from GitLab:

wget gitlab.manjaro.org/packages/core/manjaro-keyring/-/raw/master/manjaro.gpg

Next, import all the keys in the downloaded .gpg file into your gnupg keyring:

gpg --import manjaro.gpg

If you do not trust GitLab, import the Manjaro Build Server's GPG key to your system (afterwards, select the key by entering its number and pressing ENTER):

gpg --keyserver keyserver.ubuntu.com --search-keys Manjaro Build Server

4. Finally, verify if the .iso image file was built by the Manjaro Build Server, Philip Müller or one of the other Manjaro Developers:

gpg --verify manjaro-ISO-image.iso.sig manjaro-ISO-image.iso

Compare the key which was used to sign the .iso file with the corresponding developer key.

Check whether the .ISO was verified by Philip Müller's GPG key, another Manjaro Developer's key, or the Manjaro Build Server key which you have imported to your system. If this is the case, you can be sure that your .iso is official.

Links

Cookies help us deliver our services. By using our services, you agree to our use of cookies.