Appendix: Validating ClusterWare ISOsΒΆ

To validate a downloaded Scyld ClusterWare ISO file, first import the gpg key that was used to sign the RPMs and ISOs:

curl -sSL | gpg --import -

Then download the CHECKSUM.asc file from the repo, e.g,:


and verify the CHECKSUM.asc file:

[admin@head]$ gpg --verify CHECKSUM.asc
gpg: Signature made Thu 05 Jan 2023 07:01:37 PM PST using DSA key ID 0A1E1108
gpg: Good signature from "Penguin Computing <>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AEFA 2C55 EB4A 88EF BE71  022B 0722 4B0A 0A1E 1108

Confirm that the downloaded ISO is named in CHECKSUM.asc. For example, for clusterware-11.9.2-g0000.el8.x86_64.iso:

grep clusterware-11.9.2-g0000.el8.x86_64.iso CHECKSUM.asc

should find the ISO. Now compare the checksum of the ISO with the ISO named in CHECKSUM.asc:

diff <(sha256sum clusterware-11.9.2-g0000.el8.x86_64.iso) \
     <(grep      clusterware-11.9.2-g0000.el8.x86_64.iso CHECKSUM.asc)

and expect to see no differences.