LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-10-2015, 01:56 AM   #1
kensum
LQ Newbie
 
Registered: Feb 2015
Posts: 3

Rep: Reputation: Disabled
Unhappy Signature verification


I have downloaded Mageia 4 and it says that after downloading I should verify the signatures. I burned the ISO to a DVD and explored that but no luck. Please could someone tell me how I verify a signature. This must be basic stuff but it stumped me.
 
Old 02-10-2015, 03:20 AM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,832
Blog Entries: 36

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Where are there instructions that tell you to verify the signatures? I went to the Mageia 4 downloads page and they don't say anything about signatures. When I download the torrent file there is no signature files bundled with it (only hash checksums). Usually, when software is signed it is using PGP/GPG or S/MIME. Share your source. Help me help you.
 
Old 02-10-2015, 05:00 AM   #3
kensum
LQ Newbie
 
Registered: Feb 2015
Posts: 3

Original Poster
Rep: Reputation: Disabled
The following is the page from Mageia:

Your download of Mageia 4.1 64bit DVD should start within a few seconds (download size is about 3.5 GB). If the download does not start, click here.

This mageia.mirror.garr.it download mirror is located in Roma, Italia (IT). If it does not work well for you, check out these other mirrors.

As soon as your download is complete, you should check that the signatures match:

$ md5sum Mageia-4.1-x86_64-DVD.iso
c1e996006ee03356e827dcfd02b060a7

$ sha1sum Mageia-4.1-x86_64-DVD.iso
3a257f7748f11ab725eff98b7d5160c68bd2aa65
If signatures do not match, DO NOT use this ISO. Double-check and try to download again.

This only turns up after clicking the download button. Thanks for you help.
 
Old 02-10-2015, 05:09 AM   #4
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 3,883
Blog Entries: 1

Rep: Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998
Quote:
Originally Posted by kensum View Post
As soon as your download is complete, you should check that the signatures match:

$ md5sum Mageia-4.1-x86_64-DVD.iso
c1e996006ee03356e827dcfd02b060a7

$ sha1sum Mageia-4.1-x86_64-DVD.iso
3a257f7748f11ab725eff98b7d5160c68bd2aa65
It is actually telling you how to do it, which I have hilighted in red.

Simply open a terminal (shell, command line, whatever your terminology may be) and cd into the same directory where you downloaded the iso file, then type either of the commands shown...

Code:
md5sum Mageia-4.1-x86_64-DVD.iso

...or...

sha1sum Mageia-4.1-x86_64-DVD.iso
...then hit the enter key. It will then calculate the checksum of the iso, may take a few seconds, and will display a long string of characters on the next line. If the string of characters matches the ones shown in the download page (I have hilighted blue) then the file is OK. If they are different then the file is corrupted.

It is sufficient to check either the md5sum or the sha1sum. They will both be correct or they will both be incorrect.

Last edited by astrogeek; 02-10-2015 at 05:13 AM.
 
Old 02-10-2015, 11:52 PM   #5
sag47
Senior Member
 
Registered: Sep 2009
Location: Orange County, CA
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,832
Blog Entries: 36

Rep: Reputation: 451Reputation: 451Reputation: 451Reputation: 451Reputation: 451
Quote:
Originally Posted by kensum View Post
The following is the page from Mageia:

Your download of Mageia 4.1 64bit DVD should start within a few seconds (download size is about 3.5 GB). If the download does not start, click here.

This mageia.mirror.garr.it download mirror is located in Roma, Italia (IT). If it does not work well for you, check out these other mirrors.

As soon as your download is complete, you should check that the signatures match:

$ md5sum Mageia-4.1-x86_64-DVD.iso
c1e996006ee03356e827dcfd02b060a7

$ sha1sum Mageia-4.1-x86_64-DVD.iso
3a257f7748f11ab725eff98b7d5160c68bd2aa65
If signatures do not match, DO NOT use this ISO. Double-check and try to download again.

This only turns up after clicking the download button. Thanks for you help.
That's poor wording on their part. Making sure the checksums match is what they should say because those downloads are not signed. In any case, as astrogeek pointed out you need to open a terminal and run those commands to verify the checksums.
 
Old 02-11-2015, 01:21 AM   #6
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Quote:
If signatures do not match, DO NOT use this ISO. Double-check and try to download again.
A tip since they have torrent download also you can veriy the downloaded iso file and will download only the damaged portions of it. And not whole of it again.

And you can check whether the hash match exactly instead of matching with your eyes you can do in a shell:

Code:
if [ "hash1" == "hash2" ]; then echo OK; else echo FAIL; fi
Just copy hash1 and hash2 appropriately.
 
Old 02-11-2015, 03:07 AM   #7
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 3,883
Blog Entries: 1

Rep: Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998
I am not a torrent user, but that sounds like a very useful idea!

Quote:
Originally Posted by veerain View Post

Code:
if [ "hash1" == "hash2" ]; then echo OK; else echo FAIL; fi
The red must be quoted I think...

But even copy/paste is relatively a lot of trouble to compare the checksums.

In reality it is sufficient to simply compare the first few and last few characters which can be done with a quick look. It would be exceedingly rare to have more than 4-5 leading characters match for a corrupted iso. The difference in the checksums is not proportional to the amount of difference in the files. Even a single bit of difference will radically alter the checksum.

Last edited by astrogeek; 02-11-2015 at 03:09 AM.
 
Old 02-11-2015, 03:37 AM   #8
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Quote:
The red must be quoted I think...
Not needed. As it has no characters that neeed to be escaped. OK and FAIL would be counted as a single argument to echo command.
 
Old 02-11-2015, 03:45 AM   #9
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 3,883
Blog Entries: 1

Rep: Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998Reputation: 1998
Ah! You are correct.

I find that my old, but hopefully good habits, sometimes become confused with strict requirements of the languages.

But still, a lot of trouble to go to for checksum comparison.
 
Old 02-18-2015, 04:54 PM   #10
kensum
LQ Newbie
 
Registered: Feb 2015
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks for your replies!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] module verification failed: signature and/or required key missing - tainting kernel JimBone Linux - Virtualization and Cloud 10 02-10-2015 02:18 PM
module verification failed: signature and/or required key missing - tainting kernel ultrabird Linux - Newbie 5 02-08-2015 01:04 PM
[SOLVED] Signature Verification error code darkmouse Ubuntu 2 02-02-2013 05:54 PM
apt-get signature verification gypsy_rabbi Fedora 1 12-05-2004 11:24 PM
kernel signature verification failed... doublefailure Linux - General 0 07-06-2002 11:44 AM


All times are GMT -5. The time now is 01:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration