LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux Mint (https://www.linuxquestions.org/questions/linux-mint-84/)
-   -   Can't Verify (https://www.linuxquestions.org/questions/linux-mint-84/cant-verify-4175716896/)

borgward 09-18-2022 07:35 PM
Can't Verify
 
I downloaded Linuxmint 21 Cinnamon 3 times from different sources but still get wrong result when I run /Downloads$ sha256sum -b sha256sum.txt. I am currently running Linuxmint 20.3 Cinnamon. I downloaded the .iso, the sha26sum.txt and sha26sum.txt.gpg to Downloads. I then ran /Downloads$ sha256sum -b sha256sum.txt and get
ad03e2eadb67273ac271b17bce35c902e55ddd27bbb39ddc32da97160b70caf2 *sha256sum.txt
which does not match f524114e4a10fb04ec428af5e8faf7998b18271ea72fbb4b63efe0338957c0f3 *linuxmint-21-cinnamon-64bit.iso.

michaelk 09-18-2022 08:15 PM
Did you follow the verify ISO image web page?
https://linuxmint-installation-guide...st/verify.html

I downloaded the cinnamon ISO file from the John Madison University website.
Quote:
sha256sum linuxmint-21-cinnamon-64bit.iso
f524114e4a10fb04ec428af5e8faf7998b18271ea72fbb4b63efe0338957c0f3 linuxmint-21-cinnamon-64bit.iso
f524114e4a10fb04ec428af5e8faf7998b18271ea72fbb4b63efe0338957c0f3 #sha256sum.txt file
sha256sum utility verifies the sha256 checksum value of the ISO file. The sha256sum.txt.gpg verifies the integrity of the sha256sum.txt file.

borgward 09-18-2022 09:10 PM
Yes

michaelk 09-18-2022 09:18 PM
It isn't obvious from your original post.

borgward 09-18-2022 09:27 PM
So what's missing from that post? I did:
~/Downloads$ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri 29 Jul 2022 06:26:29 AM CDT
gpg: using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09

michaelk 09-18-2022 09:33 PM
The only check in post #1 was:
Quote:
sha256sum -b sha256sum.txt
but it should be
Quote:
sha256sum -b linuxmint-21-cinnamon-64bit.iso
There is also the note on the page
Quote:
GPG might warn you that the Linux Mint signature is not trusted by your computer. This is expected and perfectly normal.

borgward 09-18-2022 10:27 PM
/Downloads$ sha256sum -b linuxmint-21-cinnamon-64bit.iso
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 *linuxmint-21-cinnamon-64bit.iso
Still not matching sha26sum.txt
f524114e4a10fb04ec428af5e8faf7998b18271ea72fbb4b63efe0338957c0f3 *linuxmint-21-cinnamon-64bit.iso

Sorry about that, I saw download failed when I looked in the Library.

borgward 09-19-2022 12:26 AM
Downloaded iso and matches sha26sum.txt
In the beginning I was trying to verify the sha26sum.txt by doing /Downloads$ sha256sum -b sha256sum.txt. I now realize that ~/Downloads$ gpg --verify sha256sum.txt.gpg sha256sum.txt does that. I did have to attempt downloading from 6 different mirrors until one worked. Have not done this since I downloaded 20.0


All times are GMT -5. The time now is 06:02 PM.