brokenman wrote: Public signing key:
http://brokenman.porteus.org/gpg.asc
I've gpg signed all files in light of recent news about another distro having its ISO hijacked. For those are interested:Code: Select all
# Make sure you have gnupg installed and you have the .asc files next to the files to be checked. # Initiate your keyring gpg --gen-key # Add the Porteus key to your keyring gpg --keyserver hkp://keys.gnupg.net --recv-keys 0xC8EFC784FD09B1D3 # Verify the signature gpg --verify /pth/to/file.asc
[INFO] Authenticity Check
-
Bogomips
- Full of knowledge
- Posts: 2564
- Joined: 25 Jun 2014, 15:21
- Distribution: 3.2.2 Cinnamon & KDE5
- Location: London
[INFO] Authenticity Check
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
-
Bogomips
- Full of knowledge
- Posts: 2564
- Joined: 25 Jun 2014, 15:21
- Distribution: 3.2.2 Cinnamon & KDE5
- Location: London
Re: [INFO] Authenticity Check
GPG
- Verify:
Code: Select all
for f in <Path of Directory holding ISO files>/*.asc; do gpg --verify $f; done - Examplle:
Code: Select all
guest@porteus:~$ for f in p10/tmp/iso/rc3/i586/*.asc; do time gpg --verify $f; done gpg: assuming signed data in `p10/tmp/iso/rc3/i586/Porteus-CINNAMON-v3.2rc3-i586.iso' gpg: Signature made Mon Jun 6 06:34:38 2016 CEST using RSA key ID FD09B1D3 gpg: Good signature from "Jay Flood (Porteus file signing key) <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 8C51 874B C5E9 AD17 A382 9F3F C8EF C784 FD09 B1D3 Etcetera
- Check:
Code: Select all
cd <Path of Directory holding ISO files> md5sum -c md5sums.txt - Example:
Code: Select all
cd p10/tmp/iso/rc3/x86_64 guest@porteus:~/p10/tmp/iso/rc3/x86_64$ md5sum -c md5sums.txt md5sum: ./bundles/guake-0.8.5-x86_64-cinnamon-1bundle.xzm: No such file or directory ./bundles/guake-0.8.5-x86_64-cinnamon-1bundle.xzm: FAILED open or read ... ./Porteus-XFCE-v3.2rc3-x86_64.iso.asc: OK ./Porteus-KDE-v3.2rc3-x86_64.iso.asc: OK ... ./Porteus-KDE-v3.2rc3-x86_64.iso: OK ./Porteus-MATE-v3.2rc3-x86_64.iso: OK ./Porteus-MATE-v3.2rc3-x86_64.iso.asc: OK ./Porteus-CINNAMON-v3.2rc3-x86_64.iso.asc: OK etc.
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
-
francois
- Contributor
- Posts: 6499
- Joined: 28 Dec 2010, 14:25
- Distribution: xfce plank porteus nemesis
- Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.
Re: [INFO] Authenticity Check
Good procedure. How many of us uses it.
Prendre son temps, profiter de celui qui passe.
-
brokenman
- Site Admin
- Posts: 6105
- Joined: 27 Dec 2010, 03:50
- Distribution: Porteus v4 all desktops
- Location: Brazil
Re: [INFO] Authenticity Check
Without fail. Especially when I am downloading a kernel or some other major package.
How do i become super user?
Wear your underpants on the outside and put on a cape.
Wear your underpants on the outside and put on a cape.
