Development/Howto/Check Downloads

From Mandriva

Jump to: navigation, search

Check your downloaded images (asc files)

How to use the ascii armored signature files (with extension .asc to check the integrity of your downloads.

Files with an .asc extension on Mandriva public mirrors are Mandriva GPG signed checksum files. These files help you to check that your download has been succesfully completed.

To check if the downloaded ISO file is correct, you can either use the md5 file or the sha1 file, which are both different checksum methods. In the directory where you have downloaded the <file>.iso, use the command:

$ md5sum -c file.md5.asc

to check your file with the md5 checksum, or

$ sha1sum -c file.sha1.asc

to check it with the sha1 checksum.

The file with asc extension, created with the Mandriva official GPG signature, can also be verified. If you know that the ISO file you have downloaded has a correct sum, and that the checksum file is signed correctly with the Mandriva official GPG key, then you can be sure that the ISO file you have is the real official one from Mandriva.

To check the GPG signature you must use the gpg program available in the gnupg package. You must have the Mandriva key on your keyring, see: Mandriva Official GPG key, and then type in a terminal:

$ gpg --verify file.asc

Retrieved from "http://wiki.mandriva.com/Development/Howto/Check_Downloads"

Category: Developers Howto

Development/Howto/Check Downloads

From Mandriva

Views

Personal tools

Navigation

Search

Toolbox