特殊:Badtitle/NS100:VerifyIsoHowto:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Oneleaf留言 | 贡献
新页面: {{From|https://help.ubuntu.com/community/VerifyIsoHowto}} {{Languages|UbuntuHelp:VerifyIsoHowto}} The steps are * Download `MD5SUMS` and `MD5SUMS.gpg` * Get the key used for the signatur...
 
Wikibot留言 | 贡献
无编辑摘要
 
(未显示同一用户的6个中间版本)
第1行: 第1行:
{{From|https://help.ubuntu.com/community/VerifyIsoHowto}}
{{From|https://help.ubuntu.com/community/VerifyIsoHowto}}
{{Languages|UbuntuHelp:VerifyIsoHowto}}
{{Languages|UbuntuHelp:VerifyIsoHowto}}
Verifying Ubuntu ISO images assumes basic knowledge of [[UbuntuHelp:CommandlineHowto|the command-line]], [[UbuntuHelp:HowToMD5SUM|checking MD5 checksums]] and [[UbuntuHelp:GnuPrivacyGuardHowto|using GnuPG]].
The steps are
The steps are
<ol><li>Download `MD5SUMS` and `MD5SUMS.gpg`
</li><li>Get the key used for the signature
</li><li>Verify the signature
</li><li>Check the ISO with `md5sum`</li></ol>


* Download `MD5SUMS` and `MD5SUMS.gpg`
After verifying the ISO file, you can [BurningIsoHowto burn it to a CD].
* Get the key used for the signature
* Verify the signature
* Check the ISO with `md5sum`
 
== Download MD5SUMS and MD5SUMS.gpg ==
== Download MD5SUMS and MD5SUMS.gpg ==
 
Just download the two files from any of the mirrors. Store them in the same directory. For Hardy, the CD image MD5s can be found at http://releases.ubuntu.com/8.04/MD5SUMS and the Hardy DVDs can be found at http://cdimage.ubuntu.com/releases/8.04/release/MD5SUMS. If you're using another version of Ubuntu, change "8.04" in those URLs to your version number (e.g. 8.10 for Intrepid Ibex).
Just download the two files from any of the mirrors. Store them in the same
directory.
 
== Get the key ==
== Get the key ==
 
=== Find out what key was used to issue the signature ===
By running GnuPG to verify the signature we can find out what key is needed:
By running GnuPG to verify the signature we can find out what key is needed:
<pre><nowiki>
<pre><nowiki>
$ gpg --verify MD5SUMS.gpg MD5SUMS
$ gpg --verify MD5SUMS.gpg MD5SUMS
第22行: 第19行:
gpg: Can't check signature: public key not found
gpg: Can't check signature: public key not found
</nowiki></pre>
</nowiki></pre>
The key ID is `0xFBB75451`.
The key ID is `0xFBB75451`.
 
=== Obtain the public key from the Ubuntu key server ===
The easiest way is to configure GnuPG to use a keyserver. Any of the ones
To add the wanted key automatically to your keyring from the Ubuntu keyserver and calculate its trust:
listed in the default configuration should do it. (`hkp://subkeys.pgp.net`
works just fine.) Add it to your keyring:
 
<pre><nowiki>
<pre><nowiki>
$ gpg --recv-keys 0xFBB75451
$ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xFBB75451
gpg: requesting key FBB75451 from hkp server keyserver.ubuntu.com
gpg: key FBB75451: public key "Ubuntu CD Image Automatic Signing Key <[email protected]>" imported
gpg: key FBB75451: public key "Ubuntu CD Image Automatic Signing Key <[email protected]>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:  2  signed:  12  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:  12  signed:  8  trust: 0-, 0q, 0n, 6m, 6f, 0u
gpg: depth: 2  valid:  4  signed:  4  trust: 1-, 0q, 0n, 0m, 3f, 0u
gpg: depth: 3  valid:  1  signed:  0  trust: 0-, 0q, 0n, 0m, 1f, 0u
gpg: next trustdb check due at 2008-04-14
gpg: Total number processed: 1
gpg: Total number processed: 1
gpg:              imported: 1
gpg:              imported: 1
$
</nowiki></pre>
</nowiki></pre>
== Verify signature ==
== Verify signature ==
Now when you verify the `MD5SUMS` file you'll get a result resembling this:
Now when you verify the `MD5SUMS` file you'll get a result resembling this:
<pre><nowiki>
<pre><nowiki>
$ gpg --verify MD5SUMS.gpg MD5SUMS
$ gpg --verify MD5SUMS.gpg MD5SUMS
第49行: 第47行:
Primary key fingerprint: C598 6B4F 1257 FFA8 6632  CBA7 4618 1433 FBB7 5451
Primary key fingerprint: C598 6B4F 1257 FFA8 6632  CBA7 4618 1433 FBB7 5451
</nowiki></pre>
</nowiki></pre>
 
In this example a "Good signature" validates the integrity of the MD5SUMS file. The warning message indicates your current GnuPG trust database does not have trust information for that signing key, unless you have actually verified and signed one of the public keys belonging to signers of the Ubuntu CD Image signing key. For more information about the OpenPGP Web of Trust see:
(You might want to increase your own trust in the key you just downloaded.
* [http://www.gnupg.org/gph/en/manual.html#AEN554 Building your web of trust]
That is something for another page though.)
* [http://www.ba.infn.it/~fminafra/Docs/gpg-trustdb.html GnuPG trstdb how-to]
 
== Check the ISO ==
== Check the ISO ==
 
=== On hard disk ===
The file `MD5SUMS` contains MD5 hashes of the ISO images. Run `md5sum` on the
The file MD5SUM contains MD5 hashes of the ISO images. Run `md5sum` on the
ISO and compare the result with the relevant line in `MD5SUMS`.
ISO and compare the result with the relevant line in `MD5SUM`. See [[UbuntuHelp:HowToMD5SUM|this link]] for more information on `MD5SUM`.
 
<pre><nowiki>
<pre><nowiki>
$ md5sum ubuntu-5.04-dvd-i386.iso
$ md5sum ubuntu-5.04-dvd-i386.iso
765dc370887735af71bc2cf6fcc9fafd  ubuntu-5.04-dvd-i386.iso
765dc370887735af71bc2cf6fcc9fafd  ubuntu-5.04-dvd-i386.iso
</nowiki></pre>
</nowiki></pre>
 
=== Optional ===
Check again after burning since growisofs adds extra blank bytes increasing file size from 3048179712 (0xB5AF8800) to 3048210432 (0xB5B00000) bytes
Check again after burning since growisofs adds extra blank bytes increasing file size from 3048179712 (0xB5AF8800) to 3048210432 (0xB5B00000) bytes
<pre><nowiki>
<pre><nowiki>
$ md5sum ubuntu-5.10-dvd-i386.iso
$ md5sum ubuntu-5.10-dvd-i386.iso
第76行: 第71行:
$
$
</nowiki></pre>
</nowiki></pre>
 
=== While booting ===
You can also check a disc while you are booting from it.  This is useful for testing that your target hardware can properly read all of the disc.
You can also check a disc while you are booting from it.  This is useful for testing that your target hardware can properly read all of the disc.
Divide the image size in bytes by 512 to get the size in blocks.  Boot from the disc, and when the installer has reached the disk partitioning stage, switch to a shell (alt-2) and run the following command, adding the size of the ISO image in blocks as the argument "count".
Divide the image size in bytes by 512 to get the size in blocks.  Boot from the disc, and when the installer has reached the disk partitioning stage, switch to a shell (alt-2) and run the following command, adding the size of the ISO image in blocks as the argument "count".
<pre><nowiki>
<pre><nowiki>
$ dd if=/dev/cdroms/cdrom0 count=5953476 | md5sum
$ dd if=/dev/cdroms/cdrom0 count=5953476 | md5sum
e41c0631f6f2c138a417b59bcb880fce
e41c0631f6f2c138a417b59bcb880fce
</nowiki></pre>
</nowiki></pre>
'''Other Languages:'''
'''Other Languages:'''
* Spanish (Español): ComoVerificarIso
* Spanish (Español): [[UbuntuHelp:ComoVerificarIso|ComoVerificarIso]]
[[category:CategoryDocumentation]]


[[category:UbuntuHelp]]
[[category:UbuntuHelp]]

2009年5月12日 (二) 19:27的最新版本

{{#ifexist: :VerifyIsoHowto/zh | | {{#ifexist: VerifyIsoHowto/zh | | {{#ifeq: {{#titleparts:VerifyIsoHowto|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:VerifyIsoHowto|1|-1|}} | zh | | }}

Verifying Ubuntu ISO images assumes basic knowledge of the command-line, checking MD5 checksums and using GnuPG. The steps are

  1. Download `MD5SUMS` and `MD5SUMS.gpg`
  2. Get the key used for the signature
  3. Verify the signature
  4. Check the ISO with `md5sum`

After verifying the ISO file, you can [BurningIsoHowto burn it to a CD].

Download MD5SUMS and MD5SUMS.gpg

Just download the two files from any of the mirrors. Store them in the same directory. For Hardy, the CD image MD5s can be found at http://releases.ubuntu.com/8.04/MD5SUMS and the Hardy DVDs can be found at http://cdimage.ubuntu.com/releases/8.04/release/MD5SUMS. If you're using another version of Ubuntu, change "8.04" in those URLs to your version number (e.g. 8.10 for Intrepid Ibex).

Get the key

Find out what key was used to issue the signature

By running GnuPG to verify the signature we can find out what key is needed:

$ gpg --verify MD5SUMS.gpg MD5SUMS
gpg: Signature made Thu 12 May 2005 12:41:32 BST using DSA key ID FBB75451
gpg: Can't check signature: public key not found

The key ID is `0xFBB75451`.

Obtain the public key from the Ubuntu key server

To add the wanted key automatically to your keyring from the Ubuntu keyserver and calculate its trust:

$ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xFBB75451
gpg: requesting key FBB75451 from hkp server keyserver.ubuntu.com
gpg: key FBB75451: public key "Ubuntu CD Image Automatic Signing Key <[email protected]>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:  12  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:  12  signed:   8  trust: 0-, 0q, 0n, 6m, 6f, 0u
gpg: depth: 2  valid:   4  signed:   4  trust: 1-, 0q, 0n, 0m, 3f, 0u
gpg: depth: 3  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 1f, 0u
gpg: next trustdb check due at 2008-04-14
gpg: Total number processed: 1
gpg:               imported: 1
$ 

Verify signature

Now when you verify the `MD5SUMS` file you'll get a result resembling this:

$ gpg --verify MD5SUMS.gpg MD5SUMS
magnus@die[~/dload].$ gpg --verify MD5SUMS.gpg MD5SUMS
gpg: Signature made Thu 12 May 2005 12:41:32 BST using DSA key ID FBB75451
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C598 6B4F 1257 FFA8 6632  CBA7 4618 1433 FBB7 5451

In this example a "Good signature" validates the integrity of the MD5SUMS file. The warning message indicates your current GnuPG trust database does not have trust information for that signing key, unless you have actually verified and signed one of the public keys belonging to signers of the Ubuntu CD Image signing key. For more information about the OpenPGP Web of Trust see:

Check the ISO

On hard disk

The file MD5SUM contains MD5 hashes of the ISO images. Run `md5sum` on the ISO and compare the result with the relevant line in `MD5SUM`. See this link for more information on `MD5SUM`.

$ md5sum ubuntu-5.04-dvd-i386.iso
765dc370887735af71bc2cf6fcc9fafd  ubuntu-5.04-dvd-i386.iso

Optional

Check again after burning since growisofs adds extra blank bytes increasing file size from 3048179712 (0xB5AF8800) to 3048210432 (0xB5B00000) bytes

$ md5sum ubuntu-5.10-dvd-i386.iso
e41c0631f6f2c138a417b59bcb880fce

$ wc -c ubuntu-5.10-dvd-i386.iso
3048179712

$ dd if=/dev/dvdwriter | head -c 3048179712 | md5sum
e41c0631f6f2c138a417b59bcb880fce
$

While booting

You can also check a disc while you are booting from it. This is useful for testing that your target hardware can properly read all of the disc. Divide the image size in bytes by 512 to get the size in blocks. Boot from the disc, and when the installer has reached the disk partitioning stage, switch to a shell (alt-2) and run the following command, adding the size of the ISO image in blocks as the argument "count".

$ dd if=/dev/cdroms/cdrom0 count=5953476 | md5sum
e41c0631f6f2c138a417b59bcb880fce

Other Languages: