Στις Πέμ, 24 Δεκ 2020 στις 2:34 π.μ., ο/η Michael <confabul...@kintzios.com> έγραψε: > > Hi Γιώργος, > > On Wednesday, 23 December 2020 20:00:28 GMT Γιώργος Κωστόπουλος wrote: > > Hi! :-) > > > > I just downloaded the minimal installation ISO and I was trying the > > verification instructions. > > I admit that I'm not any kind of gpg expert, so the results are > > somewhat confusing to me. > > Can someone shed some light on them? > > > > Here's console's output: > > >gpg --verify install-amd64-minimal-20201222T005811Z.iso.DIGESTS.asc > > > > gpg: Signature made Tue Dec 22 17:01:06 2020 EET > > gpg: using RSA key 534E4209AB49EEE1C19D96162C44695DB9F6043D > > gpg: Good signature from "Gentoo Linux Release Engineering (Automated > > Weekly Release Key) <rel...@gentoo.org>" [unknown] > > This is telling you the 'install-amd64- > minimal-20201222T005811Z.iso.DIGESTS.asc' file which contains hashes of the > various files listed in it, has a valid signature - i.e. the hashes of these > files have not been tampered with and they have been signed by the owner of > the Gentoo Release Engineering key. > > Have a look here for the published developer keys: > > https://wiki.gentoo.org/wiki/Project:RelEng > > > > gpg: WARNING: This key is not certified with a trusted signature! > > This is telling you the above public key has not been marked as trusted in > your own gpg keyring. > > > > gpg: There is no indication that the signature belongs to the > > owner. > > This is to be expected, unless you have checked the fingerprint of the > imported key yourself against the keys published in the URL I provided above > and thereafter edited the key's level of trust to mark it as trusted in your > gpg keyring; e.g. you'd need to run: > > gpg --edit-key <KEY ID> > > and follow the options available for this gpg subcommand to edit the key's > trust level. This is not necessary for a key you'll only use once, as long as > you satisfy yourself the key fingerprint below matches what is published on > the RelEng project page. > > > > Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E > > 2D18 2910 Subkey fingerprint: 534E 4209 AB49 EEE1 C19D 9616 2C44 695D B9F6 > > 043D gpg: WARNING: not a detached signature; file > > 'install-amd64-minimal-20201222T005811Z.iso.DIGESTS' was NOT verified! > > > > and: > > >sha512sum -c install-amd64-minimal-20201222T005811Z.iso.DIGESTS.asc > > > > install-amd64-minimal-20201222T005811Z.iso: OK > > install-amd64-minimal-20201222T005811Z.iso: FAILED > > install-amd64-minimal-20201222T005811Z.iso.CONTENTS.gz: OK > > install-amd64-minimal-20201222T005811Z.iso.CONTENTS.gz: FAILED > > sha512sum: WARNING: 14 lines are improperly formatted > > sha512sum: WARNING: 2 computed checksums did NOT match > > > > > > TIA! :-) > > Giorgos. > > . > > So the above output checked the sha512 hashes of all listed files and found > some to be correct - you can use 'install-amd64-minimal-20201222T005811Z.iso' > for your installation. The failed checks above refer to a different hash e.g. > sha256. > > HTH.
THANKS Michael for your help!!! What confused me, was the "failed" results and the warnings of the sha512sum command. THANKS AGAIN for the clarification!!! :-) G.
