How to verify live images

AlmaMatters · October 31, 2022, 3:30pm

Hi,
I found:

LiveMedia.html#deliverables

I downloaded:
AlmaLinux-9.0-x86_64-Live-GNOME.iso
CHECKSUM
CHECKSUM.asc

I dont see any instructions to verify the download so I tried the instructions in:

release-notes/9.0.html

I did:
Download and import the AlmaLinux public key:

$ wget https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-9
$ gpg --import RPM-GPG-KEY-AlmaLinux-9

When I do:
gpg --verify CHECKSUM

I get:
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

Please help

sej7278 · October 31, 2022, 4:41pm

some info here: Generic Cloud (cloud-init) | AlmaLinux Wiki

bit confusing as there’s versioned keys and not one for the full dvd1 iso only cloud/live.

basically:

curl -s https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-9 -O
curl -s https://repo.almalinux.org/almalinux/9.0/live/x86_64/CHECKSUM -O
curl -s https://repo.almalinux.org/almalinux/9.0/live/x86_64/CHECKSUM.asc -O

gpg --with-subkey-fingerprints RPM-GPG-KEY-AlmaLinux
gpg --import RPM-GPG-KEY-AlmaLinux
gpg --verify CHECKSUM.asc CHECKSUM
sha256sum -c CHECKSUM

AlmaMatters · October 31, 2022, 5:12pm

@sej7278
Thanks for your help

Topic		Replies	Views
Unable to verify signature on Almalinux 9 Support	4	500	November 9, 2022
Failed upgrade from 8.7 to 9.X	2	1648	December 31, 2022
Error: GPG check FAILED	0	404	December 20, 2023
AlmaLinux 8.8: linux-firmware package fails signature check Support	0	197	October 9, 2023
EL8.7 to EL8.9 Public key not installed? Support	0	38	April 15, 2024

How to verify live images

Related Topics