verify.rst 3.05 KB
Newer Older
Clement Lefebvre's avatar
Clement Lefebvre committed
1 2 3
Verify your ISO image
=====================

Clement Lefebvre's avatar
Clement Lefebvre committed
4
It is important to verify the integrity and authenticity of your ISO image.
Clement Lefebvre's avatar
Clement Lefebvre committed
5 6 7 8 9 10 11 12

The integrity check confirms that your ISO image was properly downloaded and that your local file is an exact copy of the file present on the download servers. An error during the download could result in a corrupted file and trigger random issues during the installation.

The authenticity check confirms that the ISO image you downloaded was signed by Linux Mint, and thus that it isn't a modified or malicious copy made by somebody else.

Download the SHA256 sums provided by Linux Mint
-----------------------------------------------

Clement Lefebvre's avatar
Clement Lefebvre committed
13
All `download mirrors <https://www.linuxmint.com/mirrors.php>`_ provide the ISO images, a ``sha256sum.txt`` file and a ``sha256sum.txt.gpg`` file. You should be able to find these files in the same place you downloaded the ISO image from.
Clement Lefebvre's avatar
Clement Lefebvre committed
14

Clement Lefebvre's avatar
Clement Lefebvre committed
15
If you can't find them, browse the `Heanet download mirror <https://ftp.heanet.ie/mirrors/linuxmint.com/stable/>`_ and click the version of the Linux Mint release you downloaded.
Clement Lefebvre's avatar
Clement Lefebvre committed
16

Clement Lefebvre's avatar
Clement Lefebvre committed
17
Download both ``sha256sum.txt`` and ``sha256sum.txt.gpg``.
Clement Lefebvre's avatar
Clement Lefebvre committed
18

19 20
Do not copy their content, use "right-click->Save Link As..." to download the files themselves and do not modify them in any way.

Clement Lefebvre's avatar
Clement Lefebvre committed
21 22 23
Integrity check
---------------

Clement Lefebvre's avatar
Clement Lefebvre committed
24
To check the integrity of your local ISO file, generate its SHA256 sum and compare it with the sum present in ``sha256sum.txt``.
Clement Lefebvre's avatar
Clement Lefebvre committed
25 26 27 28 29 30

.. code-block:: console

    sha256sum -b yourfile.iso

.. hint::
31
    If you are using Windows follow the tutorial `How to verify the ISO image on Windows <https://forums.linuxmint.com/viewtopic.php?f=42&t=291093>`_.
Clement Lefebvre's avatar
Clement Lefebvre committed
32

Clement Lefebvre's avatar
Clement Lefebvre committed
33
If the sums match, your ISO image was successfully downloaded. If they don't, download it again.
Clement Lefebvre's avatar
Clement Lefebvre committed
34

Clement Lefebvre's avatar
Clement Lefebvre committed
35
`````
Clement Lefebvre's avatar
Clement Lefebvre committed
36 37 38 39

Authenticity check
------------------

Clement Lefebvre's avatar
Clement Lefebvre committed
40
To verify the authenticity of ``sha256sum.txt``, check the signature of ``sha256sum.txt.gpg`` by following the steps below.
Clement Lefebvre's avatar
Clement Lefebvre committed
41 42 43 44 45

Import the Linux Mint signing key:
``````````````````````````````````
.. code-block:: console

46
   gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key "27DE B156 44C6 B3CF 3BD7  D291 300F 846B A25B AE09"
Clement Lefebvre's avatar
Clement Lefebvre committed
47 48

.. note::
Clement Lefebvre's avatar
Clement Lefebvre committed
49 50 51 52
    If gpg complains about the key ID, try the following commands instead:

    .. code-block:: console

53
        gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key A25BAE09
Clement Lefebvre's avatar
Clement Lefebvre committed
54 55
        gpg --list-key --with-fingerprint A25BAE09

56
    Check the output of the last command, to make sure the fingerprint is ``27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09`` (with or without spaces).
Clement Lefebvre's avatar
Clement Lefebvre committed
57

Clement Lefebvre's avatar
Clement Lefebvre committed
58 59
Verify the authenticity of sha256sum.txt:
`````````````````````````````````````````
Clement Lefebvre's avatar
Clement Lefebvre committed
60 61 62 63
.. code-block:: console

    gpg --verify sha256sum.txt.gpg sha256sum.txt

Clement Lefebvre's avatar
Clement Lefebvre committed
64
The output of the last command should tell you that the file signature is ``good`` and that it was signed with the ``A25BAE09`` key.
Clement Lefebvre's avatar
Clement Lefebvre committed
65 66

.. note::
Clement Lefebvre's avatar
Clement Lefebvre committed
67
    GPG might warn you that the Linux Mint signature is not trusted by your computer. This is expected and perfectly normal.
Clement Lefebvre's avatar
Clement Lefebvre committed
68 69

.. hint::
Clement Lefebvre's avatar
Clement Lefebvre committed
70
    For more information on ISO verification, or to verify BETA, LMDE or old releases, read `How to Verify ISO images <https://linuxmint.com/verify.php>`_.