this post was submitted on 24 Oct 2024
21 points (100.0% liked)

Linux

47941 readers
1093 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I know I see the little button that does it automatically but I don't want to use that I want to know how to do it correctly. -Problem is, every guide says to use the .asc file. I don't have that, tails gave me a .IMG file, a .SIG file, and then I downloaded a tails-signing.key file. How do I manually verify this file with just those files?

top 2 comments
sorted by: hot top controversial new old
[–] vegetaaaaaaa@lemmy.world 3 points 5 days ago
wget --continue --timestamping --show-progress https://tails.boum.org/tails-signing.key
wget --continue --timestamping --show-progress https://tails.boum.org/torrents/files/tails-amd64-6.8.1.iso.sig
gpg --import "tails-signing.key"
wget --continue --timestamping --show-progress https://mirrors.wikimedia.org/tails/stable/tails-amd64-6.8.1/tails-amd64-6.8.1.img
gpg --keyid-format 0xlong --verify tails-amd64-6.8.1.iso.sig tails-amd64-6.8.1.img

(adapted from my script https://gitlab.com/nodiscc/distrib-dl / https://github.com/nodiscc/distrib-dl)

[–] Limonene@lemmy.world 9 points 6 days ago

Have you imported the tails-signing.key yet? Usually you can double-click on that to import it using whatever graphical gpg frontend is set up on your system. It may ask you how well you trust the owner of the key. You can answer that question however you want without affecting this verification process.

Next, it looks like you run the instructions from this page: https://tails.net/install/expert/index.en.html#verify

Some of those command line parameters look a little paranoid. The basic command you want to run is: gpg --verify somefile.sig somefile.img