Hi,
I am having trouble verifying CentOS 7 full DVD downloads from
http://isoredirect.centos.org/centos/7/isos/x86_64/
I have tried the following mirrors
http://mirror.linux.duke.edu/pub/centos ... os/x86_64/
http://packages.oit.ncsu.edu/centos/7.8 ... os/x86_64/
http://mirrors.seas.harvard.edu/centos/ ... os/x86_64/
When I attempt to verify the sha256sum.txt.asc with the sha256sum.txt file present with
gpg --verify sha256sum.txt.asc
I get the following message:
gpg: WARNING: not a detached signature; file 'sha256sum.txt' was NOT verified!
This message is not present when verifying CHECKSUM.asc for CentOS 8 from the Duke mirror.
So, it seems that I cannot download a CentOS 7 ISO that can be verified.
Is that correct? Or, did I miss something?
Thanks
Verifying CentOS 7 Downloads
Re: Verifying CentOS 7 Downloads
The content of the sha256sum.txt.asc has changed between 7 and 8 it seems.
In 7 it contains the sha256sum and the ascii armoured gpg sig to verify both at the same time. The process for using the 7 files is documented on https://wiki.centos.org/Download/Verify
On 8 the CHECKSUM.asc appears to contain the ascii armoured gpg sig to check that the CHECKSUM is correct. So on 8 it seems to be a two step process: first use CHECKSUM.asc to check that CHECKSUM hasn't been tampered with, the use CHECKSUM to check the sha256sum of the iso you're interested in.
In 7 it contains the sha256sum and the ascii armoured gpg sig to verify both at the same time. The process for using the 7 files is documented on https://wiki.centos.org/Download/Verify
On 8 the CHECKSUM.asc appears to contain the ascii armoured gpg sig to check that the CHECKSUM is correct. So on 8 it seems to be a two step process: first use CHECKSUM.asc to check that CHECKSUM hasn't been tampered with, the use CHECKSUM to check the sha256sum of the iso you're interested in.
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke
-
- Posts: 2
- Joined: 2020/08/21 15:16:59
Re: Verifying CentOS 7 Downloads
Thanks for looking into this--
I see now that the checksums are contained within a PGP signed message in the `sha256sum.txt.asc` file.
Moving the `sha256sum.txt` file out of the directory removed the warning from the output.
The checksum for the `.iso` is in the `.asc` file, so everything looks good.
I see now that the checksums are contained within a PGP signed message in the `sha256sum.txt.asc` file.
Moving the `sha256sum.txt` file out of the directory removed the warning from the output.
The checksum for the `.iso` is in the `.asc` file, so everything looks good.