… (WIP)
Preparation
- Create a directory called live_image in your home directory.
- Move the live image you downloaded in this directory.
- Download the following files and move them into the live_image directory.
Hyperbola live image
File | Description |
---|---|
hyperbola-milky-way-v0.3.1-dual.iso.sha512 | Contains the SHA512 sums to check the integrity of the Hyperbola live image. |
hyperbola-milky-way-v0.3.1-dual.iso.sha512.sig | Signed by the Hyperbola team to check the authenticity of the sha512sum file of the Hyperbola live image. |
Hypertalking live image
File | Description |
---|---|
hypertalking-milky-way-v0.3.1-dual.iso.sha512 | Contains the SHA512 sums to check the integrity of the Hypertalking live image. |
hypertalking-milky-way-v0.3.1-dual.iso.sha512.sig | Signed by the Hyperbola team to check the authenticity of the sha512sum file of the Hypertalking live image. |
Your live_image directory should now contain 3 files: Your live image and the sha512 file and the signed one, like this:
- hyperbola-milky-way-v0.3.1-dual.iso
- hyperbola-milky-way-v0.3.1-dual.iso.sha512
- hyperbola-milky-way-v0.3.1-dual.iso.sha512.sig
Integrity check
To verify the integrity of your live image, generate its SHA512 sum and compare it to the one found in the sha512sum file.
In most GNU/Linux distributions the SHA512 sum can be generated by opening a terminal and running the following commands:
$ cd
$ cd live_image
$ sha512sum -b *.iso
The last command should show you the SHA512 sum of your live file. Compare it to the sha512sum file. If it match, you've successfully verified the integrity of your live image.
$ sha512sum -c hyperbola-milky-way-v0.3.1-dual.iso.sha512
Authenticity check
To verify the authenticity of the sha512sum file, we need to check the signature on the signed file.
Import the Hyperbola signing key:
$ gpg --keyserver pgp.mit.edu --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"
$ gpg --keyserver pgp.mit.edu --recv-key F9704456
$ gpg --list-key --with-fingerprint F9704456
Check the output of the last command, to make sure the fingerprint is C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456.
Verify the authenticity of the sha512sum file, like this:
$ cd
$ cd live_image
$ gpg --verify hyperbola-milky-way-v0.3.1-dual.iso.sha512.sig
The output of the last command should tell you that the file signature is 'good' and that it was signed with the following key: F9704456.
Acknowledgement
This wiki article is based on Mint's download page. We may have removed non-FSDG bits from it.