[sf-lug] check release signatures
aaronco36
aaronco36 at SDF.ORG
Tue Apr 27 09:41:28 PDT 2021
Quoting Ken Shaffer <kenshaffer80 at gmail.com> from [1]:
> Here's the Ubuntu howto, pretty much the same steps for the others.
> https://ubuntu.com/tutorials/how-to-verify-ubuntu#1-overview
> Ken
Yes!
Here's another enthisiastic vote for that helpful link [2] on performing
checks on ISO release signatures :-)
Because ....
+ it's much better organized and straightforward (IMHO) than the more
ranty and longer "flat" sig-checking process descriptions within [3]-[6]
+ one can actually understand all/most steps in [2] involved with
effectively performing a gpg sig-check, this as opposed to (as a trivial
example directly quoting from [5]):
~~~~~~~~~~~~~~~~~~ quoting ~~~~~~~~~~~~~~~~~~~
# Source:
# http://mirror.math.princeton.edu/pub/mxlinux-iso/MX/Final/MX-18.1/
$ mv mx-linux-18.1-i386.sha256.original MX-18.1_386.iso.sig
$ ln -s mx-linux-18.1-i386.iso MX-18.1_386.iso
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Could very well be just this user alone, but haven't yet myself figured
out just _Why_, in the 'mv' statement of [5], that "original" .sha256
checksum file would somehow need to be completely renamed/converted all
the way to an .iso.sig file?
-A
==================================
REFERENCES
==================================
[1]http://linuxmafia.com/pipermail/sf-lug/2021q2/015227.html
[2]https://ubuntu.com/tutorials/how-to-verify-ubuntu#1-overview
[3]http://linuxmafia.com/pipermail/sf-lug/2021q2/015232.html
[4]http://linuxmafia.com/pipermail/sf-lug/2021q2/015234.html
[5]http://linuxmafia.com/pipermail/sf-lug/2021q2/015235.html
[6]http://linuxmafia.com/pipermail/sf-lug/2021q2/015236.html
==================================
aaronco36 at sdf.org
--
More information about the sf-lug
mailing list