Manjaro How-to verify GPG key of official .ISO images

How-to verify GPG key of official .ISO images

From Manjaro
Revision as of 20:40, 2 February 2017 by imported>Excalibur1234 (source: https://www.youtube.com/watch?v=EVxFMJGsa7E)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

1. Go to the SourceForge page of Manjaro, where you can choose the latest version you want to download. Also, choose the edition you want to download such as XFCE or KDE.

2. You can find many files:

  • Some files with an .ISO extension. These files are the images to download.
  • Some files have an .ISO.SHA1 extension. They contain a check sum.
  • Some files end with .PKGS.TXT and contain a complete list installed packages. Attention: These are all packages installed in the image file.
  • Some files with an .ISO.SIG extension. These files contain the GPG key of the packager. In most cases, this will be Philip Müller, one of the founders of Manjaro.

3. Download the corresponding .ISO and .ISO.SIG files and place them in the same folder. Navigate with your terminal to that folder.

4. Install GPG: 

sudo pacman -S gnupg

5. Next, import Philip Müller's GPG key to your system (select the key by entering its number and pressing ENTER): 

gpg --keyserver hkp://pool.sks-keyservers.net --search-keys 11C7F07E

6. Finally, verify if the .ISO image file was built by Philip Müller: 

gpg --verify manjaro-xfce-16.06-pre2-x86_64.iso.sig

Check, whether the .ISO was verified by the same "11C7F07E" key number, which you have imported to your system and which belongs to Philip Müller. If this is the case, you can be sure that your .ISO file was built by Philip Müller.

Retrieved from "https://wiki.manjaro.org/index.php?title=How-to_verify_GPG_key_of_official_.ISO_images&oldid=3242"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.