In data venerdì 3 luglio 2020 20:16:35 CEST, Carlos E. R. ha scritto:
On 03/07/2020 17.25, cagsm wrote:
On Fri, Jul 3, 2020 at 1:57 PM Stakanov <stakanov@disroot.org> wrote:
Is it not available any more?
what do you exactly mean by this?
and the metadata links there at the entries of each and every file shows their hash sums and other detail information. e.g.
http://download.opensuse.org/distribution/leap/15.2/iso/openSUSE-Leap-15. 2-DVD-x86_64.iso.mirrorlist> there should also be sha signature files in that directory .sha256 e.g. named at the end
is that what you are looking for?
There is no PGP/GPG signature info. But neither is for 15.1
It is "hidden" here:
<https://software.opensuse.org/distributions/leap>
+++..................... Verify Your Download Before Use
Many applications can verify the checksum of a download. To verify your download can be important as it verifies you really have got the ISO file you wanted to download and not some broken version. You could verify the file in the process of downloading. For example a checksum (SHA256) will be used automatically if you choose Metalink in the field above and use the add-on DownThemAll! in Firefox.
For each ISO, we offer a checksum file with the corresponding SHA256 sum.
For extra security, you can use GPG to verify who signed those .sha256 files. It should be 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
For more help verifying your download please read Checksums Help .....................++-
---> <https://en.opensuse.org/SDB:Download_help#Checksums>
Let's see.
~> aria2c --check-integrity=true "http://download.opensuse.org/distribution/leap/15.2/iso/openSUSE-Leap-15.2 -DVD-x86_64.iso" ... Download Results: gid |stat|avg speed |path/URI ======+====+===========+==================================================== === 428333|OK | 1.0MiB/s|/data/storage_b/Isos/Leap/15.2/openSUSE-Leap-15.2-DVD-x86_64.iso.m eta4 b42ba8|OK | 12MiB/s|/data/storage_b/Isos/Leap/15.2/openSUSE-Leap-15.2-DVD-x86_64.iso
Status Legend: (OK):download completed.
~> aria2c --check-integrity=true "http://download.opensuse.org/distribution/leap/15.2/iso/openSUSE-Leap-15.2 -DVD-x86_64.iso.sha256" ... ~> gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256 gpg: Signature made 2020-07-02T17:17:06 CEST gpg: using RSA key B88B2FD43DBDC284 gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [full] cer@Telcontar:/data/storage_b/Isos/Leap/15.2>
cer@Telcontar:/data/storage_b/Isos/Leap/15.2> time sha256sum -c openSUSE-Leap-15.2-DVD-x86_64.iso.sha256 openSUSE-Leap-15.2-DVD-x86_64.iso: OK sha256sum: WARNING: 14 lines are improperly formatted
real 0m15,134s user 0m13,446s sys 0m0,402s cer@Telcontar:/data/storage_b/Isos/Leap/15.2>
So, it does verify, with a warning about the format of the file. I don't know about that.
I can also do:
~> gpg --fingerprint B88B2FD43DBDC284 pub rsa2048 2008-11-07 [SC] [expires: 2024-05-02] 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 uid [ full ] openSUSE Project Signing Key <opensuse@opensuse.org>
cer@Telcontar:/data/storage_b/Isos/Leap/15.2>
And compare that string "22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284" with the one published here <https://software.opensuse.org/distributions/leap>
It is 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 It should be 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
Matches, all is well. Oh, thank you. That was the one that I was looking for!
Kudos! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org