[cumbria_lug] verifying postal media

Andrew hugmail1023 at yahoo.co.uk
Sun Jun 12 11:27:11 UTC 2011


I may also be missing something but I dont have the ISO file the disk
was created with as the disk was posted from a distribution vendor.

What Im stuck on is how to compare the contents of the disk with the
published SHA256 image checksum?

Creating an ISO from the disk and comparing this gives the following:

[10:48][me at blktwr:/media/mediahd/iso]$ gpg --verify-files *CHECKSUM
gpg: Signature made Wed 18 May 2011 22:00:04 BST using RSA key ID 069C8460
gpg: Good signature from "Fedora (15) <fedora at fedoraproject.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 25DB B54B DED7 0987 F4C1 0042 B4EB F579 069C 8460

[10:49][me at blktwr:/media/mediahd/iso]$ sha256sum -c *-CHECKSUM
Fedora-15-i386-DVD.iso: FAILED
sha256sum: Fedora-15-i386-netinst.iso: No such file or directory
Fedora-15-i386-netinst.iso: FAILED open or read
sha256sum: WARNING: 1 of 2 listed files could not be read
sha256sum: WARNING: 1 of 1 computed checksum did NOT match

On 12/06/11 08:34, Simon Hobson wrote:
> Perhaps I'm missing something here, but shouldn't just doing an MD5
> sum of the disk produce the same hash as doing it on the image file
> the disk was written from ?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/cumbria/attachments/20110612/c6d9826d/attachment.htm>


More information about the Cumbria mailing list