Page 1 of 1

[INFO] Authenticity Check

Posted: 08 May 2016, 13:28
by Bogomips
brokenman wrote: Public signing key:
http://brokenman.porteus.org/gpg.asc

I've gpg signed all files in light of recent news about another distro having its ISO hijacked. For those are interested:

Code: Select all

# Make sure you have gnupg installed and you have the .asc files next to the files to be checked.
# Initiate your keyring
gpg --gen-key

# Add the Porteus key to your keyring
gpg --keyserver hkp://keys.gnupg.net --recv-keys 0xC8EFC784FD09B1D3

# Verify the signature
gpg --verify /pth/to/file.asc

Re: [INFO] Authenticity Check

Posted: 08 Jun 2016, 15:22
by Bogomips
GPG
  • Verify:

    Code: Select all

    for f in  <Path of Directory holding ISO files>/*.asc; do  gpg  --verify  $f;  done
  • Examplle:

    Code: Select all

    guest@porteus:~$ for f in  p10/tmp/iso/rc3/i586/*.asc; do time gpg --verify $f; done
    
    gpg: assuming signed data in `p10/tmp/iso/rc3/i586/Porteus-CINNAMON-v3.2rc3-i586.iso'
    gpg: Signature made Mon Jun  6 06:34:38 2016 CEST using RSA key ID FD09B1D3
    gpg: Good signature from "Jay Flood (Porteus file signing key) <brokenman@porteus.org>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 8C51 874B C5E9 AD17 A382  9F3F C8EF C784 FD09 B1D3
    
    Etcetera
MD5SUM
  • Check:

    Code: Select all

    cd  <Path of Directory holding ISO files>
    md5sum  -c  md5sums.txt
    
  • Example:

    Code: Select all

    cd  p10/tmp/iso/rc3/x86_64
    guest@porteus:~/p10/tmp/iso/rc3/x86_64$ md5sum -c md5sums.txt
    md5sum: ./bundles/guake-0.8.5-x86_64-cinnamon-1bundle.xzm: No such file or directory
    ./bundles/guake-0.8.5-x86_64-cinnamon-1bundle.xzm: FAILED open or read
    ...
    ./Porteus-XFCE-v3.2rc3-x86_64.iso.asc: OK
    ./Porteus-KDE-v3.2rc3-x86_64.iso.asc: OK
    ...
    ./Porteus-KDE-v3.2rc3-x86_64.iso: OK
    ./Porteus-MATE-v3.2rc3-x86_64.iso: OK
    ./Porteus-MATE-v3.2rc3-x86_64.iso.asc: OK
    ./Porteus-CINNAMON-v3.2rc3-x86_64.iso.asc: OK
    
    etc.
    

Re: [INFO] Authenticity Check

Posted: 24 Sep 2016, 19:02
by francois
Good procedure. How many of us uses it.

Re: [INFO] Authenticity Check

Posted: 24 Sep 2016, 22:49
by brokenman
Without fail. Especially when I am downloading a kernel or some other major package.