![]() ![]() Some Linux distros may also provide SHA-1 sums, although these are even less common. We’ll primarily discuss SHA-256 sums here, although a similar process will work for MD5 sums. However, SHA-256 sums are now more frequently used by modern Linux distributions, as SHA-256 is more resistant to theoretical attacks. For example, there are several different types of checksums. Traditionally, MD5 sums have been the most popular. The process may differ a bit for different ISOs, but it usually follows that general pattern. This confirms the ISO file hasn’t been tampered with or corrupted. You’ll generate the checksum of your downloaded ISO file, and verify it matches the checksum TXT file you downloaded.This confirms the checksum itself hasn’t been tampered with. You’ll use the PGP key to verify that the checksum’s digital signature was created by the same person who made the key–in this case, the maintainers of that Linux distribution.You may get this from the Linux distribution’s website or a separate key server managed by the same people, depending on your Linux distribution. You’ll get a public PGP key belonging to the Linux distribution.These may be two separate TXT files, or you may get a single TXT file containing both pieces of data. You’ll download a checksum and its digital signature from the Linux distribution’s website.You’ll download the Linux ISO file from the Linux distribution’s website–or somewhere else–as usual. To verify the checksum file: gpg -verify-files < checksum-file > Sample Command: gpg -verify-file OracleLinux-R8-U1-Server-x8664.The process of checking an ISO is a bit complex, so before we get into the exact steps, let’s explain exactly what the process entails: Download and Verify Checksum File Download the appopriate checksum file and place it in the same directory as the Oracle Linux download. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |