verify 9.0 .iso; md5sum, sha256sum, and .asc file links not working for me; nothing to match gpg key to
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
Hello,
I still use trisquel 8.0 regularly with little issue. I wish to use 9.0 on a flash drive to see how it works on my machines before any permanent upgrade.
I am unable to verify the 9.0 .iso with the links provided on the download page. I right click on md5sum and 'save link as target', but the saved file doesn't open for me. I also left click and I get a server error. Same is true for the sha256sum and .iso.asc links as well.
I also downloaded the truncated gpg key from the key server, but seems nothing to verify against.
I also went to the archive site and checked the 'sums' there. None matched the trisquel_9.0_i686.iso file's sums. For some reason, as an aside?, the lists there show _i386_ rather than _i686_.
Thank you.
http://ftp.acc.umu.se/mirror/trisquel/iso/trisquel_9.0_amd64.iso
http://ftp.acc.umu.se/mirror/trisquel/iso/trisquel_9.0_amd64.iso.md5
5dd5ebd742bf1d40e9ae5357eb281a90 trisquel_9.0_amd64.iso
I checked the ISO and it gives the same hash as above.
Thanks for your reply.
I am trying to verify the 9.0_i686.iso file.
Further concerns arose when I went to some of the mirror sites, e.g. Berkeley and FSF mirrors.
The 9.0_i686.iso files are named Tris k el rather than Tris q uel. The gpg key that I am able to download to my keyring does not match the .iso or .iso.asc.
That said, the links you provide are not presented on the official Trisquel download web page. I wouldn't know the ramifications.
Thanks.
Academic Computer Club Sweden is one of the official mirrors.
The 9.0_i686.iso files are named Tris k el rather than Tris q uel.
Triskel (with a K) is the name of the KDE version. That means you're downloading the KDE version rather than the MATE version.
Here you'll find all the ISOs.
Thanks for the link.
The torrent file downloads fine directly from the mirror.
Thanks for your assisting.
I have found numerous download mirrors.
The problem is the inability to verify any of those files, including the checksums and the .asc, with the gpg signature of the developer(s). I believe the developer is named Ruben, but there has been another gpg signature key associated as well that imports upon query.
The checksum links on the 'downloads' page of trisquel.info site return an apache server error of not found.
Running gpg --verify for the .asc against the .iso returns gpg: no valid OpenPGP data found. gpg: the signature could not be verified.
Running gpg --list-packets trisquel_9.0_i686.iso.asc returns gpg: no valid OpenPGP data found. gpg: processing message failed: eof.
Thanks.
> The 9.0_i686.iso files are named Tris k el rather than Tris q uel. The gpg key that I am able to download to my keyring does not match the .iso or .iso.asc.
There are 9.0_i686.iso files for both Triskel and Trisquel, but because the listing is in alphabetic order you need to scroll down to the bottom of the page to find the Trisquel 9.0_i686.iso files.
> The checksum links on the 'downloads' page of trisquel.info site return an apache server error of not found.
I am getting the same error with the torrent files on trisquel.info.
Many people seem to be confused by that Trisquel/Triskel thing.
Maybe the KDE version should retain the Trisquel name and simply add the KDE modifier:
"Trisquel+KDE" or "Trisquel/KDE" or "Trisquel-KDE".
Hello jxself.
I appreciate the explanation on the k vs. q.
I still can't figure out why there doesn't seem to be a developer signed .iso.asc and signed .iso for version 9.0 that resolves using gnupg.
Thanks.
$ gpg --verify trisquel_9.0_amd64.iso.asc trisquel_9.0_amd64.iso
gpg: Signature made Mon 19 Oct 2020 03:14:55 AM EEST
gpg: using RSA key B138CA450C05112F
gpg: Good signature from "Trisquel GNU/Linux <name at domain>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6036 4C98 69F9 2450 421F 0C22 B138 CA45 0C05 112F
$
https://ftp.acc.umu.se/mirror/trisquel/iso/trisquel_9.0_amd64.iso
https://ftp.acc.umu.se/mirror/trisquel/iso/trisquel_9.0_amd64.iso.asc
https://archive.trisquel.info/trisquel/trisquel-archive-signkey.gpg
Hello loldier.
Thanks.
I used those urls substituting i686 for amd64 on both. gpg --verify did return a good signature, although using a truncated RSA key.
gpg: Signature made Sun 18 Oct 2020 05:16:01 PM PDT using RSA key ID 0C05112F
gpg: Good signature from "Trisquel GNU/Linux <name at domain>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6036 4C98 69F9 2450 421F 0C22 B138 CA45 0C05 112F
I don't know the reason for that.
The .iso checksum matched the sha256sum. So it is resolved.
- Vous devez vous identifier ou créer un compte pour écrire des commentaires