On 30/12/2020 00.28, Adrien Glauser wrote:
Hello Marcus,
Thanks for stepping in. From your instructions plus some digging I was able to successfully authenticate the sha256 file I was testing.
Nonetheless I think it's quite difficult for the new user (and I consider myself as such as far as this topic) to identify the recipe for authenticating sha256 files associated with our ISO images. In particular it's not trivial to identify the relevant .asc gpg signature that needs to be used to verify arbitrary images. In our toy example, the file at http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-KDE-Live-x86... is neither referenced or talked about anywhere from https://software.opensuse.org/distributions/tumbleweed. Only openSUSE's gpg public key is.
<https://www.opensuse.org/> Install Tumbleweed links to: <https://software.opensuse.org/distributions/tumbleweed> Down the page, see paragraph «Verify Your Download Before Use» which mentions "For more help verifying your download please read Checksums Help" which links to <https://en.opensuse.org/SDB:Download_help#Checksums> which also mentions the GPG procedure, and gives an example for Tumbleweed Netinstall. I have not verified if the instructions are still correct or if they match your experience. -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)