CentOS 8 ISOのCHECKSUMファイルが本物であることを確認するにはどうすればよいですか?
チェックサムとキーをダウンロードしてください。
$ wget https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official
$ wget http://www.gtlib.gatech.edu/pub/centos/8.0.1905/isos/x86_64/CHECKSUM
$ wget http://www.gtlib.gatech.edu/pub/centos/8.0.1905/isos/x86_64/CHECKSUM.asc
確認キー:
$ gpg RPM-GPG-KEY-CentOS-Official
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096 2019-05-03 [SC]
99DB70FAE1D7CE227FB6488205B555B38483C65D
uid CentOS (CentOS Official Signing Key) <[email protected]>
Assert that the fingerprint matches https://www.centos.org/keys/
インポートキー:
$ gpg --import RPM-GPG-KEY-CentOS-Official
gpg: key 05B555B38483C65D: public key "CentOS (CentOS Official Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
CHECKSUMファイルを確認できません。
$ gpg --verify CHECKSUM.asc
gpg: Signature made Mon 23 Sep 2019 07:24:37 AM EDT
gpg: using RSA key 05B555B38483C65D
gpg: Good signature from "CentOS (CentOS Official Signing Key) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
gpg: WARNING: not a detached signature; file 'CHECKSUM' was NOT verified!
それは言う:
gpg: WARNING: not a detached signature; file 'CHECKSUM' was NOT verified!
ベストアンサー1
CHECKSUMと両方を使用する必要はありませんCHECKSUM.asc。後者はGPG署名版です。 GPGは、ファイルCHECKSUMが存在する場合はファイルが別々の署名であると仮定するため、混乱します。somefilenamesomefilename.asc.asc
ファイルを削除すると、CHECKSUM次のようになりますgpg --verify CHECKSUM.asc。
gpg: Signature made Mon 23 Sep 2019 07:24:37 AM EDT
gpg: using RSA key 0x05B555B38483C65D
gpg: Good signature from "CentOS (CentOS Official Signing Key) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D