Appendix: Validating ClusterWare ISOsΒΆ
To validate a downloaded Scyld ClusterWare ISO file, first import the gpg key that was used to sign the RPMs and ISOs:
curl -sSL https://updates.penguincomputing.com/RPM-GPG-KEY-scyld-clusterware | gpg --import -
Then download the CHECKSUM.asc file from the repo, e.g,:
wget https://<AUTHENTICATION_TOKEN>@updates.penguincomputing.com/clusterware/12/el8/iso/CHECKSUM.asc
and verify the CHECKSUM.asc file:
[admin@head]$ gpg --verify CHECKSUM.asc
gpg: Signature made Thu 05 Jan 2023 07:01:37 PM PST using DSA key ID 0A1E1108
gpg: Good signature from "Penguin Computing <support@penguincomputing.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: AEFA 2C55 EB4A 88EF BE71 022B 0722 4B0A 0A1E 1108
Confirm that the downloaded ISO is named in CHECKSUM.asc.
For example, for clusterware-11.9.2-g0000.el8.x86_64.iso
:
grep clusterware-11.9.2-g0000.el8.x86_64.iso CHECKSUM.asc
should find the ISO. Now compare the checksum of the ISO with the ISO named in CHECKSUM.asc:
diff <(sha256sum clusterware-11.9.2-g0000.el8.x86_64.iso) \
<(grep clusterware-11.9.2-g0000.el8.x86_64.iso CHECKSUM.asc)
and expect to see no differences.