验证 iso 文件的问题

tag-icon tag-icon gpg
验证 iso 文件的问题

我从 alt.fedoraproject.org 下载了一个 iso: https://download.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-netinst-x86_64-38-1.6.iso

然后是校验和和 gpg 信息(尝试将 gpg pub 密钥导入我的密钥环):

wget https://download.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/iso/Fedora-Everything-38-1.6-x86_64-CHECKSUM | gpg2 --import

[...]
gpg: no valid OpenPGP data found.
gpg: Total number processed:

然后

#gpg2 --verify-files Fedora-Everything-38-1.6-x86_64-CHECKSUM
gpg: Signature made Friday 14 April 2023 07:55:46 AM +00
gpg:                using RSA key 6A51BBABBA3D5467B6171221809A8D7CEB10B464
gpg: Can't check signature: No public key

该文件如下所示:

cat Fedora-Everything-38-1.6-x86_64-CHECKSUM

 -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Fedora-Everything-netinst-x86_64-38-1.6.iso: 718284800 bytes
SHA256 (Fedora-Everything-netinst-x86_64-38-1.6.iso) = 4d042dedc8886856db10bc882074b84dcce52f829ea7b3f31d8031db8d84df20
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEalG7q7o9VGe2FxIhgJqNfOsQtGQFAmQ5BwIACgkQgJqNfOsQ
tGTtpA//cPYmUDm1wKUorqdheszMCC2vgPHb1Eldg+WS6Ltqk4c4w2PyIFI4SHZX
LEC9KDDeR3BKPFMxoH6I1+MZjvVNoIm02saVsQtwOohvO0fIifxPuO0R3qEJYmvq
DOHTUGjOXKoW8VYx5OHe/XMCHdxYwttOayr/Q08Pyxm4MF54KzcR+URxZ/qcmHZq
ypM/twbLQzRXTLc2us+OCtDMDaCYJTSyw+c2UNGJpvU2GbTUMWu+0NAVCp58Kxoi
Q90Gp9pmqTFVi1i5JtJVYhofpsBd5xIigGvetwnXcK5QOYm2MSQoi8lZTxvCOxIC
gviIEsG+G+G3gZmVmg1OGqpysd+9wF7TeB6v6fOBSPMk8lpYKVsMw2IdTmHUuJu5
iDGHV594JW1UaMoFhBt1BQHKAxtJ5UxYJXxy0bhjtsab3P2ralwfBaf55NcZX6kc
4UjRif952qvLj1xIBHY7BsKhzDX7ATvMwT8fa3v3K9Hzk0+cFqQepx5ijomU+M5P
RY9oY58Kk9AH98ePswKC5kgS8Fuwiq0aojRaDkotqyvS16TeUKKGARGQeFA8QGDo
alwkLE3QnDBbOSoid9xOktwUQA6C9nY5b3GJvqnTJfX1uHRgbkFqyy9kXUNq+ryM
no3WZeGWB4BPxpZuGx4zhpqOHfin++VIlojySEiOUwDuCgyP1Uw=
=H199
-----END PGP SIGNATURE-----

shasum 验证工作正常,因此完整性没问题,但我仍然需要验证 iso 文件。

所以我尝试:

$:gpg2 -v --recv-keys 6A51BBABBA3D5467B6171221809A8D7CEB10B464
gpg: no running Dirmngr - starting '/usr/bin/dirmngr'
gpg: waiting for the dirmngr to come up ... (5s)
gpg: connection to dirmngr established
gpg: data source: https://keys.openpgp.org:443
gpg: armor header: Comment: 6A51 BBAB BA3D 5467 B617  1221 809A 8D7C EB10 B464
gpg: pub  rsa4096/809A8D7CEB10B464 2022-02-08  
gpg: key 809A8D7CEB10B464: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg:           w/o user IDs: 1

没有 UID 的钥匙有什么价值?

我该如何验证我下载的文件?

谢谢大家!

相关内容