Linux
如何驗證centos 8的校驗和文件?
如何驗證 CentOS 8 ISO 的 CHECKSUM 文件是否真實?
下載校驗和和密鑰:
$ wget https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official $ wget http://www.gtlib.gatech.edu/pub/centos/8.0.1905/isos/x86_64/CHECKSUM $ wget http://www.gtlib.gatech.edu/pub/centos/8.0.1905/isos/x86_64/CHECKSUM.asc驗證密鑰:
$ gpg RPM-GPG-KEY-CentOS-Official gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa4096 2019-05-03 [SC] 99DB70FAE1D7CE227FB6488205B555B38483C65D uid CentOS (CentOS Official Signing Key) <security@centos.org> Assert that the fingerprint matches https://www.centos.org/keys/導入密鑰:
$ gpg --import RPM-GPG-KEY-CentOS-Official gpg: key 05B555B38483C65D: public key "CentOS (CentOS Official Signing Key) <security@centos.org>" imported gpg: Total number processed: 1 gpg: imported: 1無法驗證 CHECKSUM 文件:
$ gpg --verify CHECKSUM.asc gpg: Signature made Mon 23 Sep 2019 07:24:37 AM EDT gpg: using RSA key 05B555B38483C65D gpg: Good signature from "CentOS (CentOS Official Signing Key) <security@centos.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D gpg: WARNING: not a detached signature; file 'CHECKSUM' was NOT verified!它說:
gpg: WARNING: not a detached signature; file 'CHECKSUM' was NOT verified!
你不需要兩者
CHECKSUM和CHECKSUM.asc。後者是 GPG 簽名的CHECKSUM. GPG 很困惑,因為它假設如果您有somefilenameandsomefilename.asc,則該.asc文件是一個分離的簽名。如果你刪除文件
CHECKSUM,那麼你可以gpg --verify CHECKSUM.asc得到:gpg: Signature made Mon 23 Sep 2019 07:24:37 AM EDT gpg: using RSA key 0x05B555B38483C65D gpg: Good signature from "CentOS (CentOS Official Signing Key) <security@centos.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D