Revision of Verify Trisquel Download from Sun, 04/02/2023 - 19:36
The revisions let you track differences between multiple versions of a post.
Trisquel Signing Keys
pub dsa1024 2007-01-14 [SC]
E6C27099CA21965B734AEA31B4EFB9F38D8AEBF1
uid [ unknown] Trisquel GNU/Linux (Trisquel GNU/Linux signing key) <name at domain>
sub elg2048 2007-01-14 [E]
pub rsa4096 2017-01-07 [SC]
60364C9869F92450421F0C22B138CA450C05112F
uid [ unknown] Trisquel GNU/Linux <name at domain>
sub rsa4096 2017-01-07 [E]
pub rsa4096 2022-10-19 [SC]
D24DDAC9226D5BA5E9F3BED3F5DAAAF74AD4C938
uid [ unknown] Trisquel GNU/Linux Archive Automatic Signing Key (11/aramo) <name at domain>
This wiki assumes you already have GPG and wget installed on your computer.
Otherwise, to install GPG and wget, open your Terminal and run:
sudo apt-get install wget gnupg
Verification For Existing Users
If you're already running Trisquel then you already have the GPG key to verify downloads, which was installed at the system level.
First download Trisquel as you normally would. Make sure to download both the .iso and the corresponding GPG signature, ending in .asc.
Verify the file, such as a command like this. This command uses the existing keys that are already installed and trusted by your system to verify the download:
gpg --no-default-keyring --keyring /usr/share/keyrings/trisquel-archive-keyring.gpg --verify trisquel-netinst_11.0_amd64.iso.asc trisquel-netinst_11.0_amd64.iso
Verification For New Users
New users don't have the benefit of having already-trusted keys.
First download the keys:
wget https://archive.trisquel.info/trisquel/trisquel-archive-signkey.gpg
Then import the keys into GPG:
gpg --import trisquel-archive-signkey.gpg
Verify the file, such as a command like this. This command uses the keys you've just imported to verify the download:
gpg --verify trisquel-netinst_11.0_amd64.iso.asc trisquel-netinst_11.0_amd64.iso
Check Exit Status
In both cases of new and existing users, instead of looking for a "good signature" or "bad signature" response, which might be included as something as a part of key comment, check GPG's exit status:
echo $?
An exit status of 0
indicates success, while any other indicates a failure.