Page 1 of 1

How to verify mageia iso singnatures

PostPosted: Aug 6th, '13, 14:57
by ahsanraza
I download mageia but in download page there is written you should
check signatures if these does not match then don't use this iso.
I want to know how to check the signatures whereas I download the iso
file.the file name is Mageia-3-i586-DVD.iso and its size is 3.71gb I
downloaded this file from Canada server.

Re: How to verify mageia iso singnatures

PostPosted: Aug 6th, '13, 15:27
by filip
There is some possibly helpful information in this wiki page.

Re: How to verify mageia iso singnatures

PostPosted: Aug 6th, '13, 15:39
by ahsanraza
I did not understand the page you send.
I want to tell you that downloaded iso file is working.
It is correct or not?
or it is must to check the signatures?

and I also want to tell you I am using windows 7 I have downloaded iso file only.i cant understand what you are saying please describe me easy words.

Re: How to verify mageia iso singnatures

PostPosted: Aug 6th, '13, 16:16
by filip
What do you mean by "downloaded iso file is working"? How did you test it?

Checking the downloaded ISO file integrity is not a must but it's highly recommended. There are different methods for that but all involve md5 or sha1 value somehow as it tells the correct result for integrity (md5 or sha1) algorithm. This algorithm reads given ISO file and calculate (md5 or sha1) value for it. If both values (calculated one and the other given on the web page) are the same there is extremely high probability that ISO file has transferred fully and correctly and also that it wasn't tampered somehow.
For Windows there are many programs like this one to do it. Many programs for burning have also ability to check md5 or sha1 if you'll use optical media.

For install from USB flash stick you can see this page.

Re: How to verify mageia iso singnatures

PostPosted: Aug 18th, '15, 08:19
by filip
andwheeler wrote:Where arrive directions that instruct you to confirm the marks? I went to the Mageia 4 downloads page and they don't say anything in regards to marks. When I download the downpour document there is no signature records packaged with it (just hash checksums). More often than not, when programming is marked it is utilizing PGP/GPG or S/MIME. Share your source. Help me help you.

I'm not sure if I understand you correctly but you can find checksum (md5sum and sha1sum) when you click "Direct Link" on Mageia 5 downloads page.
I don't recommend to use Mageia 4 much longer as it will soon reach EOL. Date for that is September 19th, 2015 on it's download page.
If you use torrent it has built in mechanism to check downloaded file integrity.
You can check Mageia source code here.

Re: How to verify mageia iso singnatures

PostPosted: Aug 18th, '15, 12:50
by jkerr82508
Mageia iso's are not signed and so there is no signature to check. (The download page is misleading in that respect.) What the download page should say is that you can use the md5sum or sha1sum to check that the downloaded file is complete and correct, as described in filip's post.

The individual packages on the iso are signed with the Mageia PGP Public Key. That key is verified by the package manager when the packages are installed. The KEY is on the iso in the file /x86_64/media/core/media_info/pubkey.

Jim

Re: How to verify mageia iso singnatures

PostPosted: Aug 18th, '15, 19:16
by doktor5000
Submitted https://bugs.mageia.org/show_bug.cgi?id=16602 to our web team, to replace "signatures" by "checksums" on the download page.