Clonezilla Live - Verify the download files |
The steps to verify a downloaded file from Clonezilla project.
Here we take clonezilla-live-3.2.0-5-amd64.iso and
clonezilla-live-3.2.0-5-amd64.zip as an example:
- Download CHECKSUMS.TXT, CHECKSUMS.TXT.gpg, clonezilla-live-3.2.0-5-amd64.iso and clonezilla-live-3.2.0-5-amd64.zip from Clonezilla website.
-
Retrieve key from key server:
# gpg --keyserver hkp://keys.openpgp.org --recv-key 667857D045599AFD Or # gpg --keyserver hkp://pgpkeys.mit.edu --recv-key 667857D045599AFD
-
Run the following command to verify CHECKSUMS.TXT:
# gpg --verify CHECKSUMS.TXT.gpg CHECKSUMS.TXT gpg: Signature made Fri 03 Jul 2020 07:59:54 PM CST gpg: using RSA key 54C0821A48715DAFD61BFCAF667857D045599AFD gpg: Good signature from ...
The "Good signature" shows the downloaded CHECKSUMS.TXT is successfully verified by CHECKSUMS.TXT.gpg.
-
Use the CHECKSUMS.TXT to verify the downloaded iso and zip file. Make sure they are in the same directory with CHECKSUMS.TXT. We use the command b2sum to verify the checksums, but you can use md5sum, sha1sum, sha256sum or sha512sum, too:
# b2sum -c CHECKSUMS.TXT 2>&1 | grep OK clonezilla-live-3.2.0-5-amd64.iso: OK clonezilla-live-3.2.0-5-amd64.zip: OK
The "OK" after the file name shows the downloaded clonezilla-live-3.2.0-5-amd64.iso and clonezilla-live-3.2.0-5-amd64.zip are successfully checked by the BLAKE2 message digest.
For more details, you can refer to this tutorial.