[INFO] Authenticity Check

Post tutorials, HOWTO's and other useful resources here.

[INFO] Authenticity Check

Postby Bogomips » 08 May 2016, 14:28

brokenman wrote:Public signing key:
http://brokenman.porteus.org/gpg.asc

I've gpg signed all files in light of recent news about another distro having its ISO hijacked. For those are interested:
Code: Select all
# Make sure you have gnupg installed and you have the .asc files next to the files to be checked.
# Initiate your keyring
gpg --gen-key

# Add the Porteus key to your keyring
gpg --keyserver hkp://keys.gnupg.net --recv-keys 0xC8EFC784FD09B1D3

# Verify the signature
gpg --verify /pth/to/file.asc

Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
Bogomips
Full of knowledge
Full of knowledge
 
Posts: 2233
Joined: 25 Jun 2014, 16:21
Location: London
Distribution: 3.2.2 Cinnamon & KDE5

Re: [INFO] Authenticity Check

Postby Bogomips » 08 Jun 2016, 16:22

GPG
  • Verify:
    Code: Select all
    for f in  <Path of Directory holding ISO files>/*.asc; do  gpg  --verify  $f;  done
  • Examplle:
    Code: Select all
    guest@porteus:~$ for f in  p10/tmp/iso/rc3/i586/*.asc; do time gpg --verify $f; done

    gpg: assuming signed data in `p10/tmp/iso/rc3/i586/Porteus-CINNAMON-v3.2rc3-i586.iso'
    gpg: Signature made Mon Jun  6 06:34:38 2016 CEST using RSA key ID FD09B1D3
    gpg: Good signature from "Jay Flood (Porteus file signing key) <brokenman@porteus.org>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 8C51 874B C5E9 AD17 A382  9F3F C8EF C784 FD09 B1D3

    Etcetera

MD5SUM
  • Check:
    Code: Select all
    cd  <Path of Directory holding ISO files>
    md5sum  -c  md5sums.txt
  • Example:
    Code: Select all
    cd  p10/tmp/iso/rc3/x86_64
    guest@porteus:~/p10/tmp/iso/rc3/x86_64$ md5sum -c md5sums.txt
    md5sum: ./bundles/guake-0.8.5-x86_64-cinnamon-1bundle.xzm: No such file or directory
    ./bundles/guake-0.8.5-x86_64-cinnamon-1bundle.xzm: FAILED open or read
    ...
    ./Porteus-XFCE-v3.2rc3-x86_64.iso.asc: OK
    ./Porteus-KDE-v3.2rc3-x86_64.iso.asc: OK
    ...
    ./Porteus-KDE-v3.2rc3-x86_64.iso: OK
    ./Porteus-MATE-v3.2rc3-x86_64.iso: OK
    ./Porteus-MATE-v3.2rc3-x86_64.iso.asc: OK
    ./Porteus-CINNAMON-v3.2rc3-x86_64.iso.asc: OK

    etc.
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
Bogomips
Full of knowledge
Full of knowledge
 
Posts: 2233
Joined: 25 Jun 2014, 16:21
Location: London
Distribution: 3.2.2 Cinnamon & KDE5

Re: [INFO] Authenticity Check

Postby francois » 24 Sep 2016, 20:02

Good procedure. How many of us uses it.
Voltaire: Le mieux est l'ennemi du bien.
User avatar
francois
Contributor
Contributor
 
Posts: 4671
Joined: 28 Dec 2010, 15:25
Location: C'est l'autome, en forêt les arbres d'ici nous en mettent plein la vue: les rouges, jaunes ...
Distribution: kde xfce porteus manjaro kubun

Re: [INFO] Authenticity Check

Postby brokenman » 24 Sep 2016, 23:49

Without fail. Especially when I am downloading a kernel or some other major package.
How do i become super user?
Wear your underpants on the outside and put on a cape.
brokenman
Site Admin
Site Admin
 
Posts: 5343
Joined: 27 Dec 2010, 04:50
Location: Brazil
Distribution: Porteus v3.2rcX all desktops


Return to Tutorials



Who is online

Users browsing this forum: No registered users and 1 guest