From d7a14b078c866026a5a27426d37d1f03cacee4fb Mon Sep 17 00:00:00 2001 From: Jakub Wilk Date: Tue, 18 Sep 2018 21:45:05 +0200 Subject: [PATCH] Fix live image integrity check "gpg SHA512SUMS.sign" would do the right thing only if the file actually contained a detached signature. Use explicit and robust "gpg --verify SHA512SUMS.sign SHA512SUMS" instead. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c9bd082..d124a99 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,7 @@ $ curl -LfO https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/S $ !!.sign -$ gpg SHA512SUMS.sign +$ gpg --verify SHA512SUMS.sign SHA512SUMS [...] gpg: Good signature from "Debian CD signing key " [unknown] [...]