download verify

[mandibulate]

at this page:
https://fedoraproject.org/en/verify
There are these words:
Once you have downloaded an ISO, verify it for security and integrity. To verify your ISO, start by downloading the proper CHECKSUM file into the same directory as the ISO:

I am interacting with the Fedora web site with a Linux Machine.
The download as suggested does not.
The next obvious choice is to copy and paste but then what should be the file name and suffix.

the Fedora iso download has this:
Fedora 17-x86_64-Live-XFCE.iso
and i am sure i went with the appropriate link.
and this below is what happens, instead of a download as worded.

Thank you, before hand - for assisting me in this matter.

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

5e3e5e6df9f6d042604253d804900b5fe79614008fb56554dfecb6b4e67da73a *Fedora-17-x86_64-Live-Design-suite.iso
e7411e123b1c667a12951b15e61021c4fe4fbb9e664e42e91c4aa570bcc260c7 *Fedora-17-x86_64-Live-Electronic-Lab.iso
1aa7710b172a232e79504aab758cfca9416bcac55e35c227d9e044b6cc208d82 *Fedora-17-x86_64-Live-Games.iso
3a3d9ccd8553142895ef1c1aca300cbbf553982f266d2834021cc50bbbc5b40c *Fedora-17-x86_64-Live-LXDE.iso
c0d3c2ac6db8022184d690eeea7f5e968794709c7a012e6291f56a75314ff737 *Fedora-17-x86_64-Live-Robotics.iso
d2c2b61acf529fb8f61b8ebb125e260c2df46dcad956448cb4996128644128bd *Fedora-17-x86_64-Live-Scientific-KDE.iso
33d14ed8993e3e5ca101ca1a4274ea2404312b1a02bd69c3b02552cea4dbc07a *Fedora-17-x86_64-Live-Security.iso
e872932ff02f20adc76252fff5fa16717b10a6d91dbee779bf4792d36c939a28 *Fedora-17-x86_64-Live-SoaS.iso
7b448ce84098108af9ddd51f07de0d3aa59b9abf6495752f3aed5c4d79f24a75 *Fedora-17-x86_64-Live-XFCE.iso
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPvxiJAAoJEFDpTJkayjRlZFgQAN5R+BtaGdmLz/WS8rtQkKlA
8x1Bv/dZQSbAN+AZaGUbWAdr7cSxaryOFvHEDf5tRD7ldoZc5NxtaOagVTfZVw6Z
QCr6EUrvp+I80bgHQWdK2K+62J9ii7fQPxmTfIKsre7wb7+lK7YkIOyc1RlAcekQ
5NsbFxBJ5j8XVuSO/DSzkfsBNCrGoqroiofCgA1vnRsNly0XoCypvXxM1z3Ypp6S
POlcq7UJ11DEhGUzAlmOKOrrdnvApTm59/eBTFm/XFD+8W10PBI5jFQfZV59lTwJ
2aTLX4M5k8IwDTyIGiUQT6vUaIET3ZXqaq7IYWi7Bk9ofFgsBrIouLI8S+iiQEyr
Uuv5Y6Wtb38xkeMQxNqdHvhb2tRFMis2nX60fW6RzfJ5gvwacs5FAtbKNjWumatw
Vv3FxgvurFqPH1M3avzPlmtmguU94m96XlnWaO6jR8Dyy7XjmKNud4PmfLVfNTIU
Zh4Mueuhl4gIDkbUxmtGcwAJNabJFUTymUbwhKfWsWyQixcNJmkK41PWZgv+dIuY
GeXaYXHquZFD7yI1gdEkv8fEXfoETJzOjXGOgeqUn/vVjfFJ7Fgm6yS1VBtyKPDr
LBV4YcgcQ+zMdR8vKiqOaGqWBS7jyvpniaxK0zDIQm8/cgWUm7Z/gas4IQxyRWSO
0pAZBRkIqU4YRoXCBte0
=gVOO
-----END PGP SIGNATURE-----

[House99]

Open a Terminal, change with the command "cd" to the directory where the Fedora iso image is. Then enter in the terminal:
"sha256sum Fedora 17-x86_64-Live-XFCE.iso"
The output is the sha256 checksum which you can compare with your graphic.

House99

[george_toolan]

You don't know how to download a text file? Try

Code:

wget -c https://fedoraproject.org/static/checksums/Fedora-17-x86_64-Spins-CHECKSUM

Now if you want to verify security as well as integrity you'll have to follow the rest of the instructions on that page. And I'm pretty sure those instructions are for Linux operating systems ;-)

p.s. If you want to download the file with Firefox just press the right mouse button over the link and select "Save Link As...". The file name doesn't really matter as long as it ends in CHECKSUM.

[ghettoyhetti]

you can also utilize openssl by changing directory to your download location and type the following:

Code:

openssl sha256 <name_of_your_file>

For example:

openssl sha256 Fedora-17-x86_64-Live-Desktop.iso

[mandibulate]

Thank you House99
That works

Thank you George_toolan
while i read the man page on wget , i can say thanks for letting me know this utility exists.

Thank you ghettoyhetti
i will look into openssl
i work a grave yard shift and am taxed for time and sanity.

---------- Post added at 08:13 PM ---------- Previous post was at 06:18 PM ----------

Another Question in this topic.
if permissable.



while following the written instructions in the GUI at web address:
https://fedoraproject.org/en/verify
the instructions do not seem to work as written.
i was able to get thru the first portion of the instruction as written in the GUI with the assistance of the forums.
and did a #sha256sum fileName dot iso and compared that to what was available at
https://fedoraproject.org/static/che...Spins-CHECKSUM
And the keys match, if keys is the word used here.

the next portion of the GUI instructions at web address:
https://fedoraproject.org/en/verify
begining below the table.

the bottom of this forum posting is as far as these instructions would go and do not seem to work as offered.
working with the utility #shaw256sum and matching two sets of values, i would assume that, the iso file is verified.
Question: are these instructions as shown below the table actually necessary, when and while the utility #sha256sum output values match the values that are provided at
https://fedoraproject.org/static/che...Spins-CHECKSUM

Or how to interprit the instructions that are below the table at the page
https://fedoraproject.org/en/verify

thank you

-------------------------------------------------------------------------------
If follow the GUI instructions this is how far it goes.


#$ curl https://fedoraproject.org/static/fedora.gpg | gpg --import
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 24213 100 24213 0 0 88886 0 --:--:-- --:--:-- --:--:-- 104k
gpg: key 069C8460: "Fedora (15) <fedora@fedoraproject.org>" not changed
gpg: key 3AD31D0B: "Fedora-SPARC (15) <fedora@fedoraproject.org>" not changed
gpg: key A82BA4B7: "Fedora (16) <fedora@fedoraproject.org>" not changed
gpg: key 10D90A9E: "Fedora Secondary (16) <fedora@fedoraproject.org>" not changed
gpg: key 1ACA3465: "Fedora (17) <fedora@fedoraproject.org>" not changed
gpg: key F8DF67E6: "Fedora Secondary Arch (17) <fedora@fedoraproject.org>" not changed
gpg: key 22B3B81A: "Fedora (18) <fedora@fedoraproject.org>" not changed
gpg: key 34E166FA: "Fedora Secondary Arch (18) <fedora@fedoraproject.org>" not changed
gpg: key 217521F6: "Fedora EPEL <epel@fedoraproject.org>" not changed
gpg: key 0608B895: "EPEL (6) <epel@fedoraproject.org>" not changed
gpg: Total number processed: 10
gpg: unchanged: 10
------------------------------------------------------------------------
#$ gpg --verify-files *-CHECKSUM
gpg: can't open `*-CHECKSUM'

[george_toolan]

Quote:

#$ gpg --verify-files *-CHECKSUM
gpg: can't open `*-CHECKSUM'

You still haven't downloaded the text file ;-)

Code:

wget -c https://fedoraproject.org/static/checksums/Fedora-17-x86_64-Spins-CHECKSUM

This is only necessary if you want to verify the security of the files and to make sure nobody has tampered with the files and gave you a fake checksum afterwards.

[mandibulate]

okay
thanks george
got it.
while i work a graveyard shift i have brain dead syndrome.
i was able to learn PHP and C in a relatively short time, when i was working part time.
and need to get back to working part time and strict poverty to have the time to learn.
one or the other.
thanks

---------- Post added at 08:12 PM ---------- Previous post was at 01:33 PM ----------

i went thru the procedures as shown below.

#~/Downloads $ wget -c https://fedoraproject.org/static/che...Spins-CHECKSUM
#--2012-06-25 18:51:47-- https://fedoraproject.org/static/che...Spins-CHECKSUM
#Resolving fedoraproject.org... 152.19.134.146, 209.132.181.16, 66.35.62.166, ...
#Connecting to fedoraproject.org|152.19.134.146|:443... connected.
#ERROR: certificate common name `*.fedoraproject.org' doesn't match requested host name #`fedoraproject.org'.
#To connect to fedoraproject.org insecurely, use `--no-check-certificate'.

there is not a file in the downloads directory.

I then tossed the download in the trash and deleted the trash and did another d load and #wget.

same thing.

then disconnected the telephone line to the DSL router modem box waited 15 and did it again.

same deal.

the sha256 sum values of the download match what is available at:
https://fedoraproject.org/static/che...Spins-CHECKSUM

i dont know what to do next.

i will try the original Fedora version download that is not a spin and see what happens.
Thanks.

[george_toolan]

Interesting. How paranoid are you?

There seems to be something wrong with the certificate for the secure https connection or your wget is too old.

This has nothing to do with your modem ;-)

Code:

--2012-06-26 10:41:20--  https://fedoraproject.org/static/checksums/Fedora-17-x86_64-Spins-CHECKSUM
Resolving fedoraproject.org... 80.239.156.215, 209.132.181.16, 85.236.55.6, ...
Connecting to fedoraproject.org|80.239.156.215|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1795 (1.8K) [text/plain]
Saving to: “Fedora-17-x86_64-Spins-CHECKSUM”

100%[======================================>] 1,795       --.-K/s   in 0.001s  

2012-06-26 10:41:20 (1.84 MB/s) - “Fedora-17-x86_64-Spins-CHECKSUM” saved [1795/1795]

You could use an insecure http connection instead of https or use the --no-check-certificate switch.

Code:

wget -c http://fedoraproject.org/static/checksums/Fedora-17-x86_64-Spins-CHECKSUM

[mandibulate]

if i do re download immediately after a previous d load , the new download goes slow.

i often unplug to get a new ip address. paranoid , no. just know that activity is traced via ip address.
while there is concern that the down load may be tampered with and there are people who database ip address to human character preferences and etc. may as well make them work for their data.

i did read thru man wget. i am at first grade level with BASH scripting and Linux. looking forward to being comfortable in the drivers seat.

i am at the point to purchase a copy.
Thanks for the assistance.

[george_toolan]

They use cookies now to track you ;-)

You could try the do not track feature in your browser, but it probably doesn't have any effect (yet).