Linux Mint 18 “Sarah” MATE released!

[clem]

http://blog.linuxmint.com/?p=3052

[Schultz]

Good job. Been using it for over 24 hours and everything is great. I especially like the increase of choice of screensavers (mostly the Pac Man one ). Did these come via the newer version of Mate 1.14, or are they available in all of Mint's DEs?

[Terrortec]

Where can I find update instructions from mate 17.3 to mate 18, once they are done?
On the release site? Or in the forums? Where will they be announced?

[jimallyn]

Where can I find update instructions from mate 17.3 to mate 18, once they are done?
On the release site? Or in the forums? Where will they be announced?

The update will be in the Update Manager. A number of people have suggested that they are going to do a fresh install of 18 rather than update 17 to 18, as they feel this will be more stable. Myself, I'm going to wait a couple weeks and see if it goes OK for other people, then I'll probably do the update. Oh, and you can be sure that you will hear about it here on the forums!

[Cosmo.]

The upgrade information will be given in the Mint blog, but you will find in this section of the forum an announcement (with link). ... when it's ready.

[Terrortec]

Thanks!
I think I will try the update first, as my my current installation already is heavily customized towards my needs and because lots of hardware/driver related problems. If it doesn't work fine after updating, I still can just format and do a fresh install afterwards anyway.

[caz]

Thanks for the latest version, Mint 18 is working fine and dandy here.

I was pleased to see that GPU rendering for Blender works out of the box with Mint 18. None of the usual hunting down of files, I just changed compute device to CUDA in Blender and my system was up and running.

Cheers guys, great job.

[Pheeble]

I'm having a problem trying to get the gpg key for Mint 18 Mate. What am I doing wrong here?

Code: Select all

gpg --keyserver keyserver.linuxmint.com --recv-key A25BAE09
gpg: requesting key A25BAE09 from hkp server keyserver.linuxmint.com
gpgkeys: key A25BAE09 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper general error
gpg: keyserver communications error: unknown pubkey algorithm
gpg: keyserver receive failed: unknown pubkey algorithm

gpg --keyserver keyserver.ubuntu.com --recv-key A25BAE09
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpgkeys: key A25BAE09 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper general error
gpg: keyserver communications error: unknown pubkey algorithm
gpg: keyserver receive failed: unknown pubkey algorithm

[Cosmo.]

Usually you do not need the keyserver argument in the command-line.

But if you use it, do it this way (only one of them):

Code: Select all

--keyserver hkp://keyserver.ubuntu.com:11371
--keyserver hkp://pool.sks-keyservers.net

[Pheeble]

It turned out to be a proxy-related problem.

I needed to specify port 80 using keyserver.ubuntu.com to get through the proxy:

Code: Select all

gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A25BAE09

This only worked for keyserver.ubuntu.com. The 'keyserver.linuxmint.com' failed whatever I did - is that keyserver no longer valid?

Code: Select all

$ gpg --keyserver hkp://keyserver.linuxmint.com:80 --recv-key A25BAE09
gpg: requesting key A25BAE09 from hkp server keyserver.linuxmint.com
gpgkeys: key A25BAE09 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: key not found
gpg: keyserver communications error: bad public key
gpg: keyserver receive failed: bad public key

[Cosmo.]

If you try to open keyserver.linuxmint.com in your browser you will see, that a wrong configuration of the Sucuri proxy gets reported.

[Messiaen]

Hello,

I encounter problems with the integrity and authenticity check of the LM 18 Mate 64 Bit iso files.

I downloaded the files "sha256sum.txt" and "sha256sum.txt.gpg" from here http://blog.linuxmint.com/?p=3052 and chose for the iso file download on the same page this server: "Germany Hochschule Esslingen University of Applied Sciences".

When following the instructions given here https://linuxmint.com/verify.php, I get doubtful outputs on the command line:

1. Importing the signing key from a Keyserver via "gpg --recv-key A25BAE09" yields this output:

Code: Select all

gpg --recv-key A25BAE09
gpg: Schlüssel A25BAE09 von hkp-Server keys.gnupg.net anfordern
gpg: Schlüssel A25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" 1 neue Signatur
gpg: Keine uneingeschränkt vertrauenswürdigen Schlüssel gefunden
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:         neue Signaturen: 1

This is the line of concern:
[/color] gpg: Keine uneingeschränkt vertrauenswürdigen Schlüssel gefunden <-- No unlimited trustworthy keys found

2. Then I entered "gpg --list-keys --with-fingerprint" which gave an output of a key on the command line.

3. Then I put the ISO image "linuxmint-18-mate-64bit.iso" and the files "sha256sum.txt" and "sha256sum.txt.gpg" into the same directory and typed "gpg --verify sha256sum.txt.gpg sha256sum.txt". However the output of this command does not mention that the signature is "Good", but yields instead:

Code: Select all

gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Unterschrift vom Do 30 Jun 2016 13:13:33 CEST mittels RSA-Schlüssel ID A25BAE09
gpg: Korrekte Unterschrift von »Linux Mint ISO Signing Key <root@linuxmint.com>«
gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!
gpg:          Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört.
Haupt-Fingerabdruck  = 27DE B156 44C6 B3CF 3BD7  D291 300F 846B A25B AE09

This is the line of concern:
gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! <-- WARINING: This key has no trustworthy signature!

What's wrong here? Can I trust the downloaded LM 18 Mate iso file? I'd really like to install the new Mint 18, but am afraid that the iso file is corrupt.

Thanks in advance!

Regards,
Oli

[Cosmo.]

You can trust, provided, that you have checked with step #2 the fingerprint and it matched. This is obviously the case, as the last line in the second output confirms.

Some details (given with the assumption, that the fingerprint was OK; if not, there would really something wrong):
You downloaded at first the public gpg-key by Mint / Clem and the fingerprint confirms, that the key is OK.
The point is, that you do - most likely - not have an own gpg-key pair (with an own private key). If you would have it, you could sign Clems key with your own key and tell the system, that you have checked Clems key properly. In this case the system would know, that Clem's key is trustful. As long as this is not the case, the system complains, that it does not know this (obviously). That is what the 4th line in both outputs and your red line tell you. But not knowing this does not mean, that it is not.

The important parts in this process are the checked fingerprint and the 3rd line in the second output.

Creating own key-pairs is something what users do, who use gpg for encrypting and signing e-mails. Most people do not. You could do it anyway, but it would not really change much for this purpose.

[Messiaen]

Hello Cosmo,

thanks for the quick reply. According to your first line, I can trust the iso file. That's good news!

Considering myself an average user, please don't mind that I could not follow your detailed explanations. In this context, please allow me some reflection on that:

Personally, I am very satisfied with LM and I use it already for many years from version 6 on. The advice for a need to check the iso files didn't exist in earlier versions of LM - or at least it was not as prominent. Presumably, the january mishap with the hacked LM 17.3 led to this measure.

As one of the main objectives of LM is to provide an easily usable system out-of-the-box for normally skilled users like me, I wonder if such a procedure is in practice compatible with the aforementioned goal of LM. The advice for a need to check the iso files is already disturbing - if not repelling - by itself and even more, if the process is not running as described (like in my case). Therefore, I hope that an easier way for an integrity and authenticity check of LM may be found in future.

Best regards,
Oli

[Cosmo.]

Presumably, the january mishap with the hacked LM 17.3 led to this measure.

Exact.

As one of the main objectives of LM is to provide an easily usable system out-of-the-box for normally skilled users like me, I wonder if such a procedure is in practice compatible with the aforementioned goal of LM. The advice for a need to check the iso files is already disturbing - if not repelling - by itself and even more, if the process is not running as described (like in my case). Therefore, I hope that an easier way for an integrity and authenticity check of LM may be found in future.

Checking the authenticity of the ISO-file is out of security reasons mandatory. Otherwise I am fully with you. The problem has been discussed in the forum on other places, but it is worth, to add additional voices. I had written a few days ago a detailed arguing, why a user-friendly solution is urgently needed for Mint, which you might find worth to read.

Of course there is to distinguish between Mint users and other users, especially Windows users; other members pointed this out already. The Mint team is of course only able to provide a solution for those, who use Mint already; that should be done quickly. They can perhaps provide a (partially) solution for other Linux distributions, but of course they cannot do anything for Windows. Windows is to my knowledge not even able with build-in tools to do manual checks similar, as they are at now described; this is a mistake of Windows.

[Messiaen]

Hello Cosmo,

thanks for pointing me to your arguing, which expresses exactly my thoughts - I couldn't agree more to that. Unfortunately I was not aware of that discussion, as it is "hidden" in the Cinnamon thread, hence in a "world" which is not mine (actually I like cinnamon in cuisine, but not on my desktop ).

In fact, as you depicted in reason 2, user-friendliness is the key argument for the big majority of computer users for two decisions:

1. The choice of an OS (e.g. Windows vs. Mac vs. Linux)
2. In case of Linux, the choice of a distribution (e.g. Mint vs. Ubuntu vs. Debian)

I could already convince several people to abandon Windows and to give Linux Mint a try. All of them were at first hesitant and then positively surprised with the ease of use (among that the formal absence of a command line). Moreover: All stuck to Linux Mint, which proves that the concept of this distribution was apparently reasonable. Personally, the biggest proof to me that LM must really be easy to use was, that my dear old father is able to use it - even including the simple admin job of the updates (of course, the setup and installation of his PC had been my job).

In conclusion, LM was up to now on a good way, but - as you wrote - the product image of LM is endangered, if the user-friendliness does not cover the whole process, which definitely starts at the download of the iso files, but only once the system is installed.

Fortunately, LM has a provoking slogan: "From freedom came elegance."

This leads me to the provocative question: Where is the elegance in LM's integrity and authenticity check?

Best regards,
Oli

[Cosmo.]

Regarding convincing Windows users: There is at least one workaround for the problem: Once you have downloaded and verified the integrity of the ISO with Mint's current method, you can give the verified ISO to others. In this case Windows users can omit the verifying step.

If the convicted Windows users are too far away to give them a copy of the ISO file directly, you can at least send them a notice with the verified sha256sum, so they can omit the gpg-verifying, which is more cumbersome than the sha256-check, so that those users only need to install a checksum tool for sha256; that should be rather easily to do.

[kost]

I follow these instructions https://linuxmint.com/verify.php to verify the iso image.

Did I follow the instructions correctly?? Is the output correct?? Can I trust the iso??

Code: Select all

$ gpg --recv-key A25BAE09
gpg: requesting key A25BAE09 from hkp server keys.gnupg.net
gpg: key A25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
$ gpg --list-keys --with-fingerprint/home/kostas/.gnupg/pubring.gpg
-------------------------------
pub   4096R/A25BAE09 2016-06-07
      Key fingerprint = 27DE B156 44C6 B3CF 3BD7  D291 300F 846B A25B AE09
uid                  Linux Mint ISO Signing Key <root@linuxmint.com>

$ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Thu 30 Jun 2016 02:13:33 PM EEST using RSA key ID A25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7  D291 300F 846B A25B AE09
$ sha256sum -b linuxmint-18-mate-64bit.iso
c634f48b248489eef782067484a04978f046e9ccd507d9df35c798a1db9bef22 *linuxmint-18-mate-64bit.iso

[mandoman]

I ran into those same issues, and in my case the iso I downloaded, and checked with those same results was flawed. I used it because the fingerprint was the same, but nothing else matched. After struggling with it for a day, trying to get things like the Command Line to show a cursor, and Banshee going haywire, I pulled my Mint 17.2 Mate 64bit iso out and reinstalled it. It did as I hoped it would by installing all updates, and then offering the upgrade to 17.3, which I ran. My computer is now back to running the way I want, and I'm not messing with Mint 18 until either better instructions are provided, or the glitches are fixed. I know, I can hear it now, "THERE ARE NO GLITCHES". Well, for having no glitches, it is the hardest iso I've ever encountered to work with.

[Terrortec]

Maybe the devs should remove all this non functional gpg stuff and spend the saved time for making other things better.