Page 1 of 1
[INFO] Authenticity Check
Posted: 08 May 2016, 13:28
by Bogomips
brokenman wrote:
Public signing key:
http://brokenman.porteus.org/gpg.asc
I've gpg signed all files in light of recent news about another distro having its ISO hijacked. For those are interested:
Code: Select all
# Make sure you have gnupg installed and you have the .asc files next to the files to be checked.
# Initiate your keyring
gpg --gen-key
# Add the Porteus key to your keyring
gpg --keyserver hkp://keys.gnupg.net --recv-keys 0xC8EFC784FD09B1D3
# Verify the signature
gpg --verify /pth/to/file.asc
Re: [INFO] Authenticity Check
Posted: 08 Jun 2016, 15:22
by Bogomips
GPG- Verify:
Code: Select all
for f in <Path of Directory holding ISO files>/*.asc; do gpg --verify $f; done
- Examplle:
Code: Select all
guest@porteus:~$ for f in p10/tmp/iso/rc3/i586/*.asc; do time gpg --verify $f; done
gpg: assuming signed data in `p10/tmp/iso/rc3/i586/Porteus-CINNAMON-v3.2rc3-i586.iso'
gpg: Signature made Mon Jun 6 06:34:38 2016 CEST using RSA key ID FD09B1D3
gpg: Good signature from "Jay Flood (Porteus file signing key) <brokenman@porteus.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8C51 874B C5E9 AD17 A382 9F3F C8EF C784 FD09 B1D3
Etcetera
MD5SUM- Check:
Code: Select all
cd <Path of Directory holding ISO files>
md5sum -c md5sums.txt
- Example:
Code: Select all
cd p10/tmp/iso/rc3/x86_64
guest@porteus:~/p10/tmp/iso/rc3/x86_64$ md5sum -c md5sums.txt
md5sum: ./bundles/guake-0.8.5-x86_64-cinnamon-1bundle.xzm: No such file or directory
./bundles/guake-0.8.5-x86_64-cinnamon-1bundle.xzm: FAILED open or read
...
./Porteus-XFCE-v3.2rc3-x86_64.iso.asc: OK
./Porteus-KDE-v3.2rc3-x86_64.iso.asc: OK
...
./Porteus-KDE-v3.2rc3-x86_64.iso: OK
./Porteus-MATE-v3.2rc3-x86_64.iso: OK
./Porteus-MATE-v3.2rc3-x86_64.iso.asc: OK
./Porteus-CINNAMON-v3.2rc3-x86_64.iso.asc: OK
etc.
Re: [INFO] Authenticity Check
Posted: 24 Sep 2016, 19:02
by francois
Good procedure. How many of us uses it.
Re: [INFO] Authenticity Check
Posted: 24 Sep 2016, 22:49
by brokenman
Without fail. Especially when I am downloading a kernel or some other major package.