best iso download style with error checking - opensuse leap 15.4 - firefox - kde

I need some help finding the best method and guide me setp by step through it, so I don’t have to download twice. I never was able to get the gpg signature to work, just the shal256sum.

There is something called meta-link which I think requires a firefox add-on.

Is there a command line to check the file as you download it? I vaguely remember something about that.

Thanks.

“You didn’t get it to work” is relativ vague. You know this help: https://en.opensuse.org/SDB:Download_help#Checksums ?

https://en.opensuse.org/SDB:Download_help#Downloading_via_BitTorrent
https://en.opensuse.org/SDB:Download_help#Downloading_via_Metalinks
https://en.opensuse.org/SDB:Metalink

You can use the command “aria2c” to download from the metalink. You may need to install the “aria2” package.

command to download pgp sig fails.

gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
 
 # If you experience a "Failed to receive key from key server: no name" error, try this instead:
 
 gpg --keyserver pgp.mit.edu --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284

Both fail to download key.

what’s the specific command for aria2?

Hi
Why are you posting the same question after the last release?

https://forums.opensuse.org/showthread.php/555733-opensuse-leap-15-3-gpg-keys-import-fails


gpg --keyserver keys.gnupg.net --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284


gpg: key B88B2FD43DBDC284: public key "openSUSE Project Signing Key <opensuse@opensuse.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Bit Torrent is working fast. I’ll check the sha256sum as well.

I’ll post here when I download and burn without error.

The torrent file disappeared and won’t let me download it again. I couldn’t find the file after I downloaded it.

The checksum didn’t work. Torrent downloaded a different filename.

How do I use aria2 to download the iso file?

I couldn’t get torrent to work, metalink means installing an addon. I went to just downloading directly and download the sha256sum,

Does anyone have the sha512sum for opensuse leap 15.4?

The sha256sum matched. PGP keys failed to download.

Thanks.

Hi
There is no sha512sum.

https://opensuse.github.io/openSUSE-docs-revamped-temp/image_choice/#authenticity-integrity-checks-nix


gpg --verify Downloads/openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso.sha256.asc Downloads/openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso.sha256

gpg: Signature made Sat 28 May 2022 03:47:12 PM CDT
gpg:                using RSA key B88B2FD43DBDC284
gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE  22AA B88B 2FD4 3DBD C284

Did you try a different server?


gpg --keyserver keyserver.ubuntu.com --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284

If you can’t reach them, then I suspect your ISP/VPN (or however your connecting to the interent) is blocked/blacklisted, take it up with your internet provider.

I normally use:


aria2c -V -R "url-of-iso"

[QUOTE=malcolmlewis;3137369]Hi
There is no sha512sum.

https://opensuse.github.io/openSUSE-docs-revamped-temp/image_choice/#authenticity-integrity-checks-nix


gpg --verify Downloads/openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso.sha256.asc Downloads/openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso.sha256

gpg: Signature made Sat 28 May 2022 03:47:12 PM CDT
gpg:                using RSA key B88B2FD43DBDC284
gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE  22AA B88B 2FD4 3DBD C284

> gpg --keyserver keyserver.ubuntu.com --recv-keys 0x22C07BA534178CD02E
FE22AAB88B2FD43DBDC284 
gpg: key B88B2FD43DBDC284: "openSUSE Project Signing Key <opensuse@opensuse.org>" not changed 
gpg: Total number processed: 1 
gpg:              unchanged: 1 
> gpg --fingerprint "openSUSE Project Signing Key <opensuse@opensuse.or
g>" 
pub   rsa2048 2008-11-07 [SC] [expires: 2024-05-02] 
      22C0 7BA5 3417 8CD0 2EFE  22AA B88B 2FD4 3DBD C284 
uid            unknown] openSUSE Project Signing Key <opensuse@opensuse.org> 

[FONT=monospace]>ls open* 
openSUSE-Leap-15.4-DVD-x86_64-Media.iso      openSUSE-Leap-15.4-DVD-x86_64-Media.iso.sha256 
openSUSE-Leap-15.4-DVD-x86_64-Media.iso.asc
>[/FONT][FONT=monospace][FONT=monospace]gpg --verify openSUSE-Leap-15.4-DVD-x86_64-Media.iso.asc             
gpg: verify signatures failed: Unexpected error

[FONT=monospace]> cat openSUSE-Leap-15.4-DVD-x86_64-Media.iso.asc          
B88B2FD43DBDC284 openSUSE Project Signing Key <opensuse@opensuse.org> 

-----BEGIN PGP PUBLIC KEY BLOCK----- 
Version: GnuPG v2.0.15 (GNU/Linux) 

mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G 
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ 
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO 
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig 
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD 
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl 
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC 
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C 
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI 
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha 
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr 
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk 
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a 
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y 
=i2TA 
-----END PGP PUBLIC KEY BLOCK-----[/FONT][/FONT]
[/FONT]

??

>Did you try a different server?

The ubuntu server works.

I’ll be back later…

The pgp key check still doesn’t work. I’m getting an error as seen above.

I have no idea where you got this file from. This file does not exist on https://download.opensuse.org/distribution/leap/15.4/iso/

And in any case its format is incorrect which explains “Unexpected error” from gpg.

P.S. and would you please refrains from adding all sort of weird formatting to CODE which makes it hard to answer. It does not make your posts more readable. On the contrary, if you cannot spend a small amount of your time making your post easier to handle, why do you expect others to waste their time removing all this redundant formatting in answers?

I was showing the checksum file I downloaded. … I’m NOT an [expert] on using PGP, keep that in mind…

The link below is for the tumbleweed version. Is that the correct link for the asc file for the leap version? That’s the tumbleweed link. If not where is the link to asc file for leap version?
Intel or AMD 64-bit desktops, laptops, and servers (x86_64)

PGP checksums are very confusing. sha512sum/sha256sum is much simpler to understand. Making a sha512sum available instead of sha256sum would be helpful.

Verify Your Download Before Use

Many applications can verify the checksum of a download. To verify your download can be important as it verifies you really have got the ISO file you wanted to download and not some broken version.  
For each ISO, we offer a checksum file with the corresponding SHA256 sum.  
For extra security, you can use GPG to verify who signed those .sha256 files.  
It should be **22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284**](https://download.opensuse.org/tumbleweed/repo/oss/gpg-pubkey-3dbdc284-53674dd4.asc) 
For more help verifying your download please read [Checksums Help](https://en.opensuse.org/SDB:Download_help#Checksums)

You have downloaded it from where? download.o.o does not have file with this name, and the content is not checksum or signature, it is public key.

Is that the correct link for the asc file for the leap version?..
openSUSE Leap 15.4 - Get openSUSE

There is no link to asc file on get.o.o at all. Only to the ISO and cheksum itself, not to the (detached) signature of this checksum.

Making a sha512sum available instead of sha256sum would be helpful.

In which way? How exactly running sha512sum is easier than running sha256sum?

Web search, which most people use, shows this page:

click download –> Intel or AMD 64-bit desktops, laptops, and servers (x86_64) – >

openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso

(checksums help)
SDB:Download help - openSUSE Wiki

gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
# If you experience a "Failed to receive key from key server: no name" error, try this instead:
gpg --keyserver pgp.mit.edu --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
gpg --fingerprint "openSUSE Project Signing Key <opensuse@opensuse.org>" 

The key wouldn’t download. So, I used the alternet download posted.

> gpg --verify Leap-15.4-DVD-x86_64-Media.iso.asc Leap-15.4-DVD-x86_64-Medi
a.iso.sha256
gpg: keybox '/home/lehann_beinne/.gnupg/pubring.kbx' created
gpg: can't open 'Leap-15.4-DVD-x86_64-Media.iso.asc': No such file or directory
gpg: verify signatures failed: No such file or directory

openSUSE-Leap-15.4-DVD-x86_64-Media.iso
openSUSE-Leap-15.4-DVD-x86_64-Media.iso.asc
openSUSE-Leap-15.4-DVD-x86_64-Media.iso.sha256

In which way? How exactly running sha512sum is easier than running sha256sum?

After all those commands and no success, how is that easier than this?

> sha256sum openSUSE-Leap-15.4-DVD-x86_64-Media.iso
4683345f242397c7fd7d89a50731a120ffd60a24460e21d2634e783b3c169695  openSUSE-Leap-15.4-DVD-x86_64-Media.iso

file Leap-15.4-DVD-x86_64-Media.iso.sha256


4683345f242397c7fd7d89a50731a120ffd60a24460e21d2634e783b3c169695 openSUSE-Leap-15.4-DVD-x86_64-Media.iso

> sha256sum -c openSUSE-Leap-15.4-DVD-x86_64-Media.iso.sha256 
openSUSE-Leap-15.4-DVD-x86_64-Media.iso: OK

Done, checksum verified, the last command does it. Change the change the website’s command to: sha256sum – > sha512sum. That is the change.
Most of the time, I just paste the output and compare the checksums manually in kate.

As for the gpg key verify, what I am doing wrong? The command sequence should be complete to get and verify the key.

Hi
Did you not try the alternative server as indicated (keyserver.ubuntu.com)?


gpg --keyserver keyserver.ubuntu.com --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284

Likely your locale is the issue… or vpn, or however your connecting to the net.

I have no idea what this means. You still did not explain where you got this file from or why you decided to use this file in the first place.

> gpg --verify Leap-15.4-DVD-x86_64-Media.iso.asc Leap-15.4-DVD-x86_64-Medi
a.iso.sha256
gpg: keybox '/home/lehann_beinne/.gnupg/pubring.kbx' created
gpg: can't open 'Leap-15.4-DVD-x86_64-Media.iso.asc': No such file or directory
gpg: verify signatures failed: No such file or directory
openSUSE-Leap-15.4-DVD-x86_64-Media.iso
openSUSE-Leap-15.4-DVD-x86_64-Media.iso.asc
openSUSE-Leap-15.4-DVD-x86_64-Media.iso.sha256

Your second code block includes three lines. We have no idea what these three lines mean, how they were generated or why you thought it important to show these three lines and how they are related to the first code block. As you apparently expect us to read your mind, I arbitrary declare that these three lines are the output of ls command, in which case you use file name that does not exist in your gpg command.