Spiderspoon wrote: ⤴Sat Apr 14, 2018 9:05 pmIt doesn't need to be done often, only when you download a new iso.
Once you can verify your new downloaded .iso file in Linux, it's even easier. Here is a script file which I have modified a little from one posted a couple of years ago on this forum by forum member "austin.texas". You can keep this script in a convenient location, for example in /home/username/bin. Then download your new iso file to the ~/Downloads folder and copy this script to that folder and execute the script with the .iso name as the parameter:
Code: Select all
#!/bin/bash
# Save this file in the ~/bin folder (or other convenient locations) as LM_iso_verify.sh
# When you want to check the integrity of the downloaded LMxx.x .iso file:
#
# Download or move your Mint xx.x.iso file to your Downloads folder.
# Move this sumLM18.sh file to the Downloads folder
# and make sure it is marked as executable. (Or if you keep it in /home/<your user name>/bin,
# then it is should already be on the PATH, and you don't need to move it.)
#
# Open a terminal window and cd to ~/Downloads, then
# run the script with "./LM_iso_verify.sh Mint-xx.x-correct-filename.iso"
# EXAMPLE: ./LM_iso_verify.sh linuxmint-18.3-cinnamon-64bit.iso
# or if the script is in /home/bin or otherwise on the PATH, then
# EXAMPLE: LM_iso_verify.sh linuxmint-18.3-cinnamon-64bit.iso
# Check for one parameter on the command line (the .iso file name)
if [ $# -ne 1 ]; then
echo "Usage: $(basename "$0") linuxmint-xx.x-correct-filename.iso"
exit 1
fi
# Check if that file exists in the working directory and is readable
if [ ! -r "$1" ]; then
echo "File $1 does not exist or is not readable"
exit 1
fi
# Importing the signing key (LM18 and higher)
gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
# This is for LM18.3 versions - modify these wget lines as needed for other versions
# Download the Mint 18.3 sha256 sum txt files
# If heanet.ie site isn't working, comment out these two lines and uncomment the wget lines for the alternate site
# or use another alternate of your choice.
wget https://ftp.heanet.ie/mirrors/linuxmint.com/stable/18.3/sha256sum.txt
wget https://ftp.heanet.ie/mirrors/linuxmint.com/stable/18.3/sha256sum.txt.gpg
# University of Oklahoma mirror - an alternate site if above heanet.ie isn't working
#wget http://reflection.oss.ou.edu/linuxmint/isos/linuxmint.com/stable/18.3/sha256sum.txt
#wget http://reflection.oss.ou.edu/linuxmint/isos/linuxmint.com/stable/18.3/sha256sum.txt.gpg
# Verify the signature on the sha256 sum text file
gpg --verify sha256sum.txt.gpg sha256sum.txt
echo "It should report that the signature is Good, $USER."
echo "You can ignore any warning about ...not certified..."
echo "..."
# compare the sha256 sum of your ISO image and the original Mint sha256 sum
echo "Calculating the sha256 sum for $1 and comparing it to the downloaded signed sha256 sum"
echo "Be patient, $USER. I am not that good at math"
echo "..."
sha256sum --check --ignore-missing sha256sum.txt
echo "Done."
The output looks like this:
Code: Select all
steve@steve-Z97X ~ $ cd ~/Downloads
steve@steve-Z97X ~/Downloads $ ./LM_iso_verify.sh linuxmint-18.3-cinnamon-64bit.iso
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: key A25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
--2018-04-14 23:48:35-- http://reflection.oss.ou.edu/linuxmint/isos/linuxmint.com/stable/18.3/sha256sum.txt
Resolving reflection.oss.ou.edu (reflection.oss.ou.edu)... 129.15.2.43
Connecting to reflection.oss.ou.edu (reflection.oss.ou.edu)|129.15.2.43|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 774 [text/plain]
Saving to: ‘sha256sum.txt’
sha256sum.txt 100%[=================================================>] 774 --.-KB/s in 0s
2018-04-14 23:48:35 (257 MB/s) - ‘sha256sum.txt’ saved [774/774]
--2018-04-14 23:48:35-- http://reflection.oss.ou.edu/linuxmint/isos/linuxmint.com/stable/18.3/sha256sum.txt.gpg
Resolving reflection.oss.ou.edu (reflection.oss.ou.edu)... 129.15.2.43
Connecting to reflection.oss.ou.edu (reflection.oss.ou.edu)|129.15.2.43|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 819 [text/plain]
Saving to: ‘sha256sum.txt.gpg’
sha256sum.txt.gpg 100%[=================================================>] 819 --.-KB/s in 0s
2018-04-14 23:48:35 (257 MB/s) - ‘sha256sum.txt.gpg’ saved [819/819]
gpg: Signature made Wed 13 Dec 2017 10:16:15 AM CST using RSA key ID A25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
It should report that the signature is Good, steve.
You can ignore any warning about ...not certified...
...
Calculating the sha256 sum for linuxmint-18.3-cinnamon-64bit.iso and comparing it to the downloaded signed sha256 sum
Be patient, steve. I am not that good at math
...
linuxmint-18.3-cinnamon-64bit.iso: OK
Done.
steve@steve-Z97X ~/Downloads $
And that's all you have to do to verify.
Notes: Read the instructions in the script - you will need to modify the wget commands for the particular .iso file version. Also, in this file which originally used the heanet mirror, I changed that to another mirror conveniently located near me - if the heanet site ever gets fixed (permission problem of some kind), you may want to change it back, or use another mirror located near you.
EDIT: edited script file comments to say that you don't have to move the script file to the Downloads folder if it is on the PATH. If you keep it in ~/bin, that directory is on the PATH.
EDIT#2: changed script back to use heanet site which is now working again. I left the OU site in as an alternate.
In theory, theory and practice are the same. In practice, they ain't.