On 11/21/2016 05:48 AM, James Knott wrote:
I wasn't "barking" at you. However, if that's the process the site should say so. I have been downloading ISOs for almost 20 years and have never come across this before.
BTW, I didn't install 42.1, so I don't recall the details for it.
James the PGP key is on a totally separate line than the sha256sum in the checksum file; in the case there was a MitM attack on the actual checksum file, the checksum file's authenticity can be verified by its PGP key. Download both the .iso file and the checksum file and place them in the same directory. Run this command: `sha256sum -c openSUSE-Leap-42.2-NET-x86_64.iso.sha256` The output should say: openSUSE-Leap-42.2-NET-x86_64.iso: OK sha256sum: WARNING: 14 lines are improperly formatted The "OK" is letting you know that the checksum passed. The improperly formatted error message about line 14 can be ignored but maybe Carlos or someone else knows why, as I don't. I would guess that it's because the PGP key (and other text/lines) is making the sha256sum file non-standard as the sha256sum program reads the additional line(s) and does't know how to interpret them. The semi-automated method I described above, the user runs on the actual checksum file itself, not on the .iso. You can also run sha256sum on the .iso and compare that to the checksum (not the PGP key, once again) in the checksum file. A third option is now Plasma has a feature where you right-click on any file, click "Properties", and go to the "Checksums" tab. Click on "Calculate" and either before, during or after the CPU has finished running the job, paste the sha256sum from the checksum file into the "Expected checksum" field. In this case, obviously you would be running the "KDE GUI sha256sum method" on the .iso file. When it's done calculating, it will inform you whether you have a matching checksum or not. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org