Hi,
I am having trouble verifying CentOS 7 full DVD downloads from
http://isoredirect.centos.org/centos/7/isos/x86_64/
I have tried the following mirrors
http://mirror.linux.duke.edu/pub/centos ... os/x86_64/
http://packages.oit.ncsu.edu/centos/7.8 ... os/x86_64/
http://mirrors.seas.harvard.edu/centos/ ... os/x86_64/
When I attempt to verify the sha256sum.txt.asc with the sha256sum.txt file present with
gpg --verify sha256sum.txt.asc
I get the following message:
gpg: WARNING: not a detached signature; file 'sha256sum.txt' was NOT verified!
This message is not present when verifying CHECKSUM.asc for CentOS 8 from the Duke mirror.
So, it seems that I cannot download a CentOS 7 ISO that can be verified.
Is that correct? Or, did I miss something?
Thanks
Verifying CentOS 7 Downloads
Re: Verifying CentOS 7 Downloads
The content of the sha256sum.txt.asc has changed between 7 and 8 it seems.
In 7 it contains the sha256sum and the ascii armoured gpg sig to verify both at the same time. The process for using the 7 files is documented on https://wiki.centos.org/Download/Verify
On 8 the CHECKSUM.asc appears to contain the ascii armoured gpg sig to check that the CHECKSUM is correct. So on 8 it seems to be a two step process: first use CHECKSUM.asc to check that CHECKSUM hasn't been tampered with, the use CHECKSUM to check the sha256sum of the iso you're interested in.
In 7 it contains the sha256sum and the ascii armoured gpg sig to verify both at the same time. The process for using the 7 files is documented on https://wiki.centos.org/Download/Verify
On 8 the CHECKSUM.asc appears to contain the ascii armoured gpg sig to check that the CHECKSUM is correct. So on 8 it seems to be a two step process: first use CHECKSUM.asc to check that CHECKSUM hasn't been tampered with, the use CHECKSUM to check the sha256sum of the iso you're interested in.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 2
- Joined: 2020/08/21 15:16:59
Re: Verifying CentOS 7 Downloads
Thanks for looking into this--
I see now that the checksums are contained within a PGP signed message in the `sha256sum.txt.asc` file.
Moving the `sha256sum.txt` file out of the directory removed the warning from the output.
The checksum for the `.iso` is in the `.asc` file, so everything looks good.
I see now that the checksums are contained within a PGP signed message in the `sha256sum.txt.asc` file.
Moving the `sha256sum.txt` file out of the directory removed the warning from the output.
The checksum for the `.iso` is in the `.asc` file, so everything looks good.