From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id F1AEC1382C5 for ; Thu, 24 Dec 2020 07:32:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DC4CB2BC053; Thu, 24 Dec 2020 07:32:00 +0000 (UTC) Received: from 88.com (m32-134.88.com [43.250.32.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 39E342BC002 for ; Thu, 24 Dec 2020 07:31:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=88.com; s=dkim; h=To:From:Date; bh=+0y9bRibcmq+cEJS0QoItHNPD+YKukXVInOkG 0VkWao=; b=Rf3IPeCqxemKvHCNNsdy/31mnOocnLG1m7KgSezt4pVu7bNmdWqlq eZUMY9B2zt3I6uJMT9w1cCAdsSlTzNv2pGoZLLnoGG4hS1q3jxLHQiNWPeMPwqtU Yn0fR560JQoiyjjcDkhXnLtc9reGLGFZ+m2YP1/sxPsU88Sau42NME= Received: from [172.24.1.53] (unknown [110.64.86.229]) by v_coremail-web-7 (Coremail) with SMTP id ByKnCgAH8VDbQ+RfTeQDAA--.11231S3; Thu, 24 Dec 2020 15:31:42 +0800 (CST) Subject: Re: [gentoo-user] ISO verification question. To: gentoo-user@lists.gentoo.org References: <1682737.VLH7GnMWUR@lenovo.localdomain> From: bobwxc Message-ID: <46934be0-5242-1d82-db50-1567bf225984@88.com> Date: Thu, 24 Dec 2020 15:31:39 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ilJABtd9c62Te9jm0sRBlPRURxnEuttQl" X-CM-TRANSID:ByKnCgAH8VDbQ+RfTeQDAA--.11231S3 X-Coremail-Antispam: 1UD129KBjvJXoW3WryDCr4Utw17Cry8ZrWxtFb_yoW7Xr4Upr n0gan5AF1kJrn8Ar4Iyw40y39Y9rZ5tr15Xrs8t34xKrn8u3WxKrWa9FW5GFy2vFnYvay2 qryjy3W7Wan5ZaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUv2b7Iv0xC_tr1lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xII jxv20xvEc7CjxVAFwI0_Cr0_Gr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I 8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21le4C267I2x7xF 54xIwI1l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6xIIjxv20xvE14v26r1j6r18McIj6I 8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IY64vIr41lc7I2V7IY 0VAS07AlzVAYIcxG8wCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s 026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_ Jr0_JrylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20x vEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE 14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Jr0_GrUvcSsGvfC2KfnxnUUI43ZEXa 7IU8v_M3UUUUU== X-Originating-IP: [110.64.86.229] X-CM-SenderInfo: pere45bf6ymhhfrp/ X-Archives-Salt: a26b9037-7a93-40b4-ac64-4596b5a3e5e3 X-Archives-Hash: ce4496260fed239c57a4510140219588 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ilJABtd9c62Te9jm0sRBlPRURxnEuttQl Content-Type: multipart/mixed; boundary="UaMNsAN4M9GJpFQ5IcgMgYbhvA876LVDJ"; protected-headers="v1" From: bobwxc To: gentoo-user@lists.gentoo.org Message-ID: <46934be0-5242-1d82-db50-1567bf225984@88.com> Subject: Re: [gentoo-user] ISO verification question. References: <1682737.VLH7GnMWUR@lenovo.localdomain> In-Reply-To: --UaMNsAN4M9GJpFQ5IcgMgYbhvA876LVDJ Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Content-Language: en-US =E5=9C=A8 2020/12/24 =E4=B8=8A=E5=8D=8810:29, =CE=93=CE=B9=CF=8E=CF=81=CE= =B3=CE=BF=CF=82 =CE=9A=CF=89=CF=83=CF=84=CF=8C=CF=80=CE=BF=CF=85=CE=BB=CE= =BF=CF=82 =E5=86=99=E9=81=93: > =CE=A3=CF=84=CE=B9=CF=82 =CE=A0=CE=AD=CE=BC, 24 =CE=94=CE=B5=CE=BA 2020= =CF=83=CF=84=CE=B9=CF=82 2:34 =CF=80.=CE=BC., =CE=BF/=CE=B7 Michael > =CE=AD=CE=B3=CF=81=CE=B1=CF=88=CE=B5: >> Hi =CE=93=CE=B9=CF=8E=CF=81=CE=B3=CE=BF=CF=82, >> >> On Wednesday, 23 December 2020 20:00:28 GMT =CE=93=CE=B9=CF=8E=CF=81=CE= =B3=CE=BF=CF=82 =CE=9A=CF=89=CF=83=CF=84=CF=8C=CF=80=CE=BF=CF=85=CE=BB=CE= =BF=CF=82 wrote: >>> Hi! :-) >>> >>> I just downloaded the minimal installation ISO and I was trying the >>> verification instructions. >>> I admit that I'm not any kind of gpg expert, so the results are >>> somewhat confusing to me. >>> Can someone shed some light on them? >>> >>> Here's console's output: >>>> gpg --verify install-amd64-minimal-20201222T005811Z.iso.DIGESTS.asc >>> gpg: Signature made Tue Dec 22 17:01:06 2020 EET >>> gpg: using RSA key 534E4209AB49EEE1C19D96162C44695DB9F= 6043D >>> gpg: Good signature from "Gentoo Linux Release Engineering (Automated= >>> Weekly Release Key) " [unknown] >> This is telling you the 'install-amd64- >> minimal-20201222T005811Z.iso.DIGESTS.asc' file which contains hashes o= f the >> various files listed in it, has a valid signature - i.e. the hashes of= these >> files have not been tampered with and they have been signed by the own= er of >> the Gentoo Release Engineering key. >> >> Have a look here for the published developer keys: >> >> https://wiki.gentoo.org/wiki/Project:RelEng >> >> >>> gpg: WARNING: This key is not certified with a trusted signature! >> This is telling you the above public key has not been marked as truste= d in >> your own gpg keyring. >> >> >>> gpg: There is no indication that the signature belongs to th= e >>> owner. >> This is to be expected, unless you have checked the fingerprint of the= >> imported key yourself against the keys published in the URL I provided= above >> and thereafter edited the key's level of trust to mark it as trusted i= n your >> gpg keyring; e.g. you'd need to run: >> >> gpg --edit-key >> >> and follow the options available for this gpg subcommand to edit the k= ey's >> trust level. This is not necessary for a key you'll only use once, as= long as >> you satisfy yourself the key fingerprint below matches what is publish= ed on >> the RelEng project page. >> >> >>> Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E >>> 2D18 2910 Subkey fingerprint: 534E 4209 AB49 EEE1 C19D 9616 2C44 695= D B9F6 >>> 043D gpg: WARNING: not a detached signature; file >>> 'install-amd64-minimal-20201222T005811Z.iso.DIGESTS' was NOT verified= ! >>> >>> and: >>>> sha512sum -c install-amd64-minimal-20201222T005811Z.iso.DIGESTS.asc >>> install-amd64-minimal-20201222T005811Z.iso: OK >>> install-amd64-minimal-20201222T005811Z.iso: FAILED >>> install-amd64-minimal-20201222T005811Z.iso.CONTENTS.gz: OK >>> install-amd64-minimal-20201222T005811Z.iso.CONTENTS.gz: FAILED >>> sha512sum: WARNING: 14 lines are improperly formatted >>> sha512sum: WARNING: 2 computed checksums did NOT match >>> >>> >>> TIA! :-) >>> Giorgos. >>> . >> So the above output checked the sha512 hashes of all listed files and = found >> some to be correct - you can use 'install-amd64-minimal-20201222T00581= 1Z.iso' >> for your installation. The failed checks above refer to a different h= ash e.g. >> sha256. >> >> HTH. > THANKS Michael for your help!!! > > What confused me, was the "failed" results and the warnings of the > sha512sum command. > > THANKS AGAIN for the clarification!!! :-) > G. The handbook said, With the cryptographic signature validated, next verify the checksum to=20 make sure the downloaded ISO file is not corrupted. The.DIGESTS.ascfile=20 contains multiple hashing algorithms, so one of the methods to validate=20 the right one is to first look at the checksum registered in=20 the.DIGESTS.ascfile. For instance, to get the SHA512 checksum: |user $||grep -A 1 -i sha512 install-amd64-minimal-20141204.iso.DIGESTS.a= sc| # SHA512 HASH 364d32c4f8420605f8a9fa3a0fc55864d5b0d1af11aa62b7a4d4699a427e5144b2d918225= dfb7c5dec8d3f0fe2cddb7cc306da6f0cef4f01abec33eec74f3024 install-amd64-mi= nimal-20141204.iso -- # SHA512 HASH 0719a8954dc7432750de2e3076c8b843a2c79f5e60defe43fcca8c32ab26681dfb9898b10= 2e211174a895ff4c8c41ddd9e9a00ad6434d36c68d74bd02f19b57f install-amd64-mi= nimal-20141204.iso.CONTENTS In the above output, two SHA512 checksums are shown - one for=20 theinstall-amd64-minimal-20141204.isofile and one for its=20 accompanying.CONTENTSfile. Only the first checksum is of interest, as it = needs to be compared with the calculated SHA512 checksum which can be=20 generated as follows: |user $||sha512sum install-amd64-minimal-20141204.iso| 364d32c4f8420605f8a9fa3a0fc55864d5b0d1af11aa62b7a4d4699a427e5144b2d918225= dfb7c5dec8d3f0fe2cddb7cc306da6f0cef4f01abec33eec74f3024 install-amd64-mi= nimal-20141204.iso As both checksums match, the file is not corrupted and the installation=20 can continue. you just missed to grep sha512 hash from the file :-) so get some results of un-related lines. --=20 bobwxc --UaMNsAN4M9GJpFQ5IcgMgYbhvA876LVDJ-- --ilJABtd9c62Te9jm0sRBlPRURxnEuttQl Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQT2RVx6COimNyTG1Z426U6rtT5RawUCX+RD2wUDAAAAAAAKCRA26U6rtT5RazfD AP4uNjxvy9sqNw1nLVlXbGgzok8VKy+0eUcSNFEEtK92LwEA/9PudEQscGCAOBttwAgGekrnUUZo btzayFhjjh728Qk= =Ei36 -----END PGP SIGNATURE----- --ilJABtd9c62Te9jm0sRBlPRURxnEuttQl--