Verify that the calculated hash is the same as the one in SHA512SUMS: $ openssl dgst -sha512 ~/Downloads/debian-6.0.5-i386-netinst.iso To be extra safe, verify that the primary key fingerprint exists on this page: Subsequent runs will look something like this: Gpg: There is no indication that the signature belongs to the owner. Gpg: WARNING: This key is not certified with a trusted signature! Gpg: Good signature from "Debian CD signing key " Gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model Gpg: key 6294BE9B: public key "Debian CD signing key " imported Gpg: requesting key 6294BE9B from hkp server Gpg: Signature made Sun May 13 05:01:57 2012 PDT using RSA key ID 6294BE9B Listed below are links to Linux ISO Image Downloads for the most popular Linux distributions. You should see something like this the first time you run gpg -verify: work fine, but as long as we're being paranoid, we might as well go all the way) Also download the SHA512SUMS and SHA512SUMS.sign files. HOWTO: Verify Debian ISO Downloads (from OS X)
0 Comments
Leave a Reply. |