LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   ISO questions (https://www.linuxquestions.org/questions/linux-software-2/iso-questions-530273/)

bostonantifan 02-18-2007 09:40 PM
ISO questions
 
I've downloaded the Fedora 6 core ISO files and plan to burn them to CDs. I've read that I need to check them against the SHA1SUM file which contains the following:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

834fd761b9c0a5dc550d10d97307dac998103a68 FC-6-i386-rescuecd.iso
cc503d99c9d736af9052904a6ab14931b0850078 FC-6-i386-disc1.iso
3051710e6b2f1d17a14ede0ebb74761c29cda954 FC-6-i386-disc2.iso
5357ce21f8766db385b25923216a430b694bca5d FC-6-i386-disc3.iso
d6133ab5ccf19431c14fd2ad85bce03c9834ef87 FC-6-i386-disc4.iso
6722f95b97e5118fa26bafa5b9f622cc7d49530c FC-6-i386-DVD.iso
22327af62d6376916e209b0c4934540e14d5664a FC-6-i386-disc5.iso
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFFNo/utEJp0E8qb9IRAsf7AJ9ZqiDlKqJfAh8g5QHyDMmPOzNbTACfbyGw
hB8bkLBT+6ANW6y8iBmlxz8=
=O/Le
-----END PGP SIGNATURE-----

Does anyone (or everyone) know how I can check this? I'm using Windows 2000 to create the cd's. It also says I should run a checksum against the files. I've heard of that, but have no idea how to do it. If someone would explain this to a "newbie", I'd greatly appreciate it....

MS3FGX 02-18-2007 10:03 PM
I am not sure as to the exact process, as I never attempted it while actually running Windows. But I imagine the first step would be to download the Windows version of GnuPG. Hopefully things will start to fall into place from there.

XavierP 02-19-2007 02:06 AM
It would be far easier to check the md5sum (or checksum), read up on how to do it here: https://www.linuxquestions.org/linux/answers/LQ_ISO

AdaHacker 02-19-2007 10:44 AM
Quote:
Originally Posted by XavierP
It would be far easier to check the md5sum
I don't know why that would be easier, since it's the same procedure, just with a different hash algorithm. I also don't know how it would help, since the OP apparently only has SHA1 sums.

There's really nothing to this. Just download an SHA1 program for Windows and run it on the ISO image. Look at the SHA1 sum it outputs and compare it to the corresponding SHA1 sum in that file. If the values match, then your ISO image is fine and you can go ahead and burn it. If not, then the ISO is corrupted or has been tampered with.

Incidentally, if you are really concerned about security, you should also check the PGP signature on that SHA1SUM file. If the signature doesn't check out, then you can't trust the SHA1 sums in it to begin with.

Of course, while all this checking is good security practice, it's not a barrier to entry. You can always just assume the ISO if good and burn it. You should go through all these checks, but in reality, many (most?) people just can't be bothered.

J.W. 02-19-2007 01:09 PM
Note also that when you are trying to install FC6, the first option you get is a "mediacheck", which will verify that the checksums are correct. Verifying the checksums prior to burning is a good idea, but worst case scenario would be that you need to reburn.

FWIW, my experience has shown that burning at a relatively slow speed gives better results than burning at your CD drive's max speed. Good luck with it

bostonantifan 02-23-2007 08:49 AM
Thanks
 
Thank you both for the helpful information.


All times are GMT -5. The time now is 05:33 AM.