Choose style:

Author Topic: Is ISO download corrupt?  (Read 272 times)

0 Members and 1 Guest are viewing this topic.

Offline Linux Lover

  • nOOb
  • *
  • Posts: 11
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): Peppermint 9 (x64)
Is ISO download corrupt?
« on: June 26, 2019, 05:34:52 pm »
I posted this in the launchpad bug reporting site just in case also.  Tried downloading the PM 10 x64 .iso several times to several different partitions via torrent and also standard download & could never seem to verify the GPG per the given instruction file on download page. 



Hello. I tried to verify the GPG signature of PMint 10 x64 but it was unsuccessful. I have pasted the terminal results below.

ubuntu@Pmint-9-x64 /media/ubuntu/XT $ gpg --list-keys
/home/ubuntu/.gnupg/pubring.kbx
-------------------------------
pub rsa4096 2011-09-23 [SC]
      647F28654894E3BD457199BE38DBBDC86092693E
uid [ unknown] Greg Kroah-Hartman <gregkh@linuxfoundation.org>
uid [ unknown] Greg Kroah-Hartman <gregkh@kernel.org>
uid [ unknown] Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>
sub rsa4096 2011-09-23 [E]

pub rsa2048 2008-05-01 [SC]
      60AA7B6F30434AE68E569963E50C6A0917C622B0
uid [ unknown] Kernel PPA <kernel-ppa@canonical.com>

ubuntu@Pmint-9-x64 /media/ubuntu/XT $ gpg --keyserver keyserver.ubuntu.com --recv-keys AECF1D2F
gpg: key E499FD0BAECF1D2F: 2 signatures not checked due to missing keys
gpg: no writable keyring found: Not found
gpg: error reading '[stream]': General error
gpg: Total number processed: 0
ubuntu@Pmint-9-x64 /media/ubuntu/XT $

I even tried to verify md5sum (not an expert in this stuff) in terminal based on another website I found which indicated first 6 & last 6 numbers should match & they don't:

ubuntu@Pmint-9-x64 /media/ubuntu/XT $ md5sum Peppermint-10-20190514-amd64.iso
f7c839534ebc322bef394402d47be811 Peppermint-10-20190514-amd64.iso

Offline scifidude79

  • Global Moderator
  • Hero
  • *****
  • Posts: 4029
  • Karma: 863
    • View Profile
  • Peppermint version(s): Peppermint 9
Re: Is ISO download corrupt?
« Reply #1 on: June 26, 2019, 06:51:00 pm »
I didn't try the torrent, but I did a direct download of the 64-bit .iso and verified both the MD5SUM and SHA256SUM and both matched.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25280
  • Karma: 2793
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is ISO download corrupt?
« Reply #2 on: June 26, 2019, 07:19:09 pm »
For some reason
Code: [Select]
gpg --keyserver keyserver.ubuntu.com --recv-keys AECF1D2F
didn't download my GPG key .. please try that command again and post the output.



And if you're using Peppermint 9 to check the MD5sum for the Peppermint 10 ISO .. just right-click the ISO image you downloaded, and select "Calculate MD5 Checksum"



But looking at your output from
Code: [Select]
md5sum Peppermint-10-20190514-amd64.iso
the md5 checksum is correct (and as posted on our website) - f7c839534ebc322bef394402d47be811

« Last Edit: June 26, 2019, 07:44:41 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Linux Lover

  • nOOb
  • *
  • Posts: 11
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): Peppermint 9 (x64)
Re: Is ISO download corrupt?
« Reply #3 on: June 26, 2019, 10:30:55 pm »
ubuntu@Pmint-9-x64 /media/ubuntu/XT $ gpg --keyserver keyserver.ubuntu.com --recv-keys AECF1D2F
gpg: key E499FD0BAECF1D2F: 2 signatures not checked due to missing keys
gpg: no writable keyring found: Not found
gpg: error reading '[stream]': General error
gpg: Total number processed: 0

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1823
  • Karma: 250
    • View Profile
Re: Is ISO download corrupt?
« Reply #4 on: June 27, 2019, 12:02:50 am »
Could you confirm that the sha256sum matches with the one provided on the main page?

EDIT: Sorry, didn't read the whole thread...  :-[
« Last Edit: June 27, 2019, 12:28:27 am by pin »

Offline Linux Lover

  • nOOb
  • *
  • Posts: 11
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): Peppermint 9 (x64)
Re: Is ISO download corrupt?
« Reply #5 on: June 27, 2019, 03:25:34 am »
Actually, I didn't verify the sha256, scifidude79 said he did.  I did just do it & got the correct sha256 which I verified by copy & pasting into ctl + F on the download page.  This is the terminal result:

ubuntu@Pmint-9-x64 /media/ubuntu/XT $ sha256sum Peppermint-10-20190514-amd64.iso
b396b294763ae4fb983ae041d46c8f3411569d619aac8a4d48217fcb9f6414fe  Peppermint-10-20190514-amd64.iso

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1823
  • Karma: 250
    • View Profile
Re: Is ISO download corrupt?
« Reply #6 on: June 27, 2019, 03:29:46 am »
Your call but, I'm happy with a match of the sha256sum and feel confortable enough with it to use it.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25280
  • Karma: 2793
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is ISO download corrupt?
« Reply #7 on: June 27, 2019, 04:55:29 am »
what's the output from:
Code: [Select]
ls -l ~/.gnupg
and
Code: [Select]
namei -mo ~/.gnupg
« Last Edit: June 27, 2019, 05:00:42 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Linux Lover

  • nOOb
  • *
  • Posts: 11
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): Peppermint 9 (x64)
Re: Is ISO download corrupt?
« Reply #8 on: June 27, 2019, 02:31:45 pm »
ubuntu@Pmint-9-x64 /media/ubuntu/XT $ ls -l ~/.gnupg
total 92
drwx------ 2 ubuntu ubuntu  4096 Jan 21 04:31 crls.d
-rw-rw-r-- 1 ubuntu ubuntu     0 Jun 20 02:02 gpa.conf
drwx------ 2 ubuntu ubuntu  4096 Aug  1  2018 private-keys-v1.d
-rw-r--r-- 1 root   root   79275 Jan 21 17:56 pubring.kbx
srwxrwxr-x 1 ubuntu ubuntu     0 Jun 20 02:02 S.uiserver
-rw------- 1 ubuntu ubuntu  1200 Jan 21 17:56 trustdb.gpg

ubuntu@Pmint-9-x64 /media/ubuntu/XT $ namei -mo ~/.gnupg
f: /home/ubuntu/.gnupg
 drwxr-xr-x root   root   /
 drwxr-xr-x root   root   home
 drwxr-xr-x ubuntu ubuntu ubuntu
 drwx------ ubuntu ubuntu .gnupg

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25280
  • Karma: 2793
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is ISO download corrupt?
« Reply #9 on: June 27, 2019, 02:50:20 pm »
For some reason your keyring is owned by root.

Try running
Code: [Select]
sudo chown ubuntu:ubuntu ~/.gnupg/pubring.kbx
then
Code: [Select]
chmod 600 ~/.gnupg/pubring.kbx
now do you still get an error from:
Code: [Select]
gpg --keyserver keyserver.ubuntu.com --recv-keys AECF1D2F
?
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Linux Lover

  • nOOb
  • *
  • Posts: 11
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): Peppermint 9 (x64)
Re: Is ISO download corrupt?
« Reply #10 on: June 27, 2019, 04:03:48 pm »
I'm unsure but seems to be getting better in my limited understanding compared to previous results.  Here is the cli output:

ubuntu@Pmint-9-x64 /media/ubuntu/XT $ sudo chown ubuntu:ubuntu ~/.gnupg/pubring.kbx
ubuntu@Pmint-9-x64 /media/ubuntu/XT $ chmod 600 ~/.gnupg/pubring.kbx
ubuntu@Pmint-9-x64 /media/ubuntu/XT $ gpg --keyserver keyserver.ubuntu.com --recv-keys AECF1D2F
gpg: key E499FD0BAECF1D2F: 2 signatures not checked due to missing keys
gpg: key E499FD0BAECF1D2F: public key "Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25280
  • Karma: 2793
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is ISO download corrupt?
« Reply #11 on: June 27, 2019, 04:21:34 pm »
Yep, all fixed .. you can now verify the ISO GPG signature if you wish.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Linux Lover

  • nOOb
  • *
  • Posts: 11
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): Peppermint 9 (x64)
Re: Is ISO download corrupt?
« Reply #12 on: June 27, 2019, 06:36:44 pm »
looks good, this was my cli result for the curious:


gpg --list-keys
/home/ubuntu/.gnupg/pubring.kbx
-------------------------------
pub   rsa4096 2011-09-23 [SC]
      647F28654894E3BD457199BE38DBBDC86092693E
uid           [ unknown] Greg Kroah-Hartman <gregkh@linuxfoundation.org>
uid           [ unknown] Greg Kroah-Hartman <gregkh@kernel.org>
uid           [ unknown] Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>
sub   rsa4096 2011-09-23 [E]

pub   rsa2048 2008-05-01 [SC]
      60AA7B6F30434AE68E569963E50C6A0917C622B0
uid           [ unknown] Kernel PPA <kernel-ppa@canonical.com>

pub   rsa2048 2013-05-02 [SC]
      4A9F906613AFABEDCFA392C2E499FD0BAECF1D2F
uid           [ unknown] Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>
sub   rsa2048 2013-05-02 [E]
sub   rsa2048 2015-05-03 [ S]
sub   rsa2048 2015-05-03 [E]

gpg --keyserver keyserver.ubuntu.com --recv-keys AECF1D2F
gpg: key E499FD0BAECF1D2F: 2 signatures not checked due to missing keys
gpg: key E499FD0BAECF1D2F: "Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg --fingerprint AECF1D2F
pub   rsa2048 2013-05-02 [SC]
      4A9F 9066 13AF ABED CFA3  92C2 E499 FD0B AECF 1D2F
uid           [ unknown] Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>
sub   rsa2048 2013-05-02 [E]
sub   rsa2048 2015-05-03 [ S]
sub   rsa2048 2015-05-03 [E]

gpg --verify Peppermint-10-20190514-amd64.iso.sig Peppermint-10-20190514-amd64.iso
gpg: Signature made Mon 13 May 2019 08:49:42 AM EDT
gpg:                using RSA key E499FD0BAECF1D2F
gpg: Good signature from "Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4A9F 9066 13AF ABED CFA3  92C2 E499 FD0B AECF 1D2F
« Last Edit: June 27, 2019, 07:40:56 pm by Linux Lover »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25280
  • Karma: 2793
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is ISO download corrupt?
« Reply #13 on: June 27, 2019, 09:38:41 pm »
Yep, it contains the line
Code: [Select]
gpg: Good signature from "Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>"
so the signature verified the ISO as intact, unaltered, and signed with my key. :)
« Last Edit: June 27, 2019, 09:40:44 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec