Created
August 1, 2012 21:30
-
-
Save msnodderly/3230931 to your computer and use it in GitHub Desktop.
HOWTO: Verify Debian ISO Downloads (from OS X)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HOWTO: Verify Debian ISO Downloads (from OS X) | |
| - Download the required ISO from http://www.debian.org/CD/. Also download the SHA512SUMS and SHA512SUMS.sign files. (of course MD5SUM etc. work fine, but as long as we're being paranoid, we might as well go all the way) | |
| - Install GPGTools if needed https://www.gpgtools.org/ | |
| - Verify the signature on SHA512SUMS | |
| You should see something like this the first time you run gpg --verify: | |
| $ gpg --verify SHA512SUMS.sign | |
| gpg: Signature made Sun May 13 05:01:57 2012 PDT using RSA key ID 6294BE9B | |
| gpg: requesting key 6294BE9B from hkp server keys.gnupg.net | |
| gpg: key 6294BE9B: public key "Debian CD signing key <debian-cd@lists.debian.org>" imported | |
| gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model | |
| gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u | |
| gpg: next trustdb check due at 2015-08-18 | |
| gpg: Total number processed: 1 | |
| gpg: imported: 1 (RSA: 1) | |
| gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" | |
| gpg: WARNING: This key is not certified with a trusted signature! | |
| gpg: There is no indication that the signature belongs to the owner. | |
| Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B | |
| Subsequent runs will look something like this: | |
| $ gpg --verify SHA512SUMS.sign | |
| gpg: Signature made Sun May 13 05:01:57 2012 PDT using RSA key ID 6294BE9B | |
| gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" | |
| gpg: WARNING: This key is not certified with a trusted signature! | |
| gpg: There is no indication that the signature belongs to the owner. | |
| Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B | |
| To be extra safe, verify that the primary key fingerprint exists on this page: http://www.debian.org/CD/verify | |
| - Find the SHA512SUM of the ISO(s) | |
| $ openssl dgst -sha512 ~/Downloads/debian-6.0.5-i386-netinst.iso | |
| SHA512(/Users/mds/Downloads/debian-6.0.5-i386-netinst.iso)= 536ce3de14ba537590e9794a8a053fcbf81f8063aaf690d766e1ef784c2609932f481a2079cf3982f87ef64354398eb36ec2d8d1c8d207c5723c1c66ffa3495b | |
| Verify that the calculated hash is the same as the one in SHA512SUMS: | |
| $ grep $(openssl dgst -sha512 ~/Downloads/debian-6.0.5-i386-netinst.iso | cut -f 2 -d" ") SHA512SUMS && echo OK || echo FAILED | |
| 536ce3de14ba537590e9794a8a053fcbf81f8063aaf690d766e1ef784c2609932f481a2079cf3982f87ef64354398eb36ec2d8d1c8d207c5723c1c66ffa3495b debian-6.0.5-i386-netinst.iso | |
| OK | |
| See also: | |
| http://www.debian.org/CD/verify, http://keyring.debian.org |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment