12
ISO verification (lemmy.world)
submitted 4 months ago by bitahcold@lemmy.world to c/archlinux@lemmy.ml
12 comments fedilink hide all child comments

Hello guys, I'm using Arch as a newbie. Learning about it. But worried about a thing. When I was creating the bootable media for install it, I downloaded the .iso and .iso.sig from any mirror that is near. I followed the things about verification of .iso but I got some errors and gave up. Just used the iso I didn't verificated. I am using the OS that iso installed. There is nothing wrong with usage. I can access all the things about Arch, not had any problems and any performance issues. No special internet usage, no broken things etc. but I'm a bit worried about is there any malicious software such as keyloggers, mining softwares... Can I verify my Arch after the installation? Can I see if there is any software malicious via htop-bpytop? Should I create the bootable media again with verification and reinstall my Arch?

you are viewing a single comment's thread
view the rest of the comments
[-] lemmyreader@lemmy.ml 1 points 4 months ago

Oh, I didn’t know that. I just downloaded iso and iso.sig then used gpg commands. The thing I’m worried about is, maliciousy chance of the iso. I probably used German or French mirror to download the iso. Then, failed the verification.

Suggesting the following for the archlinux-2024.05.01-x86_64.iso :

  • Put your downloaded iso file and the sig file in ~/Downloads/ if you haven't done so.
  • From your Arch Linux installation install the Sequoia sq tool : sudo pacman -S sequoia-sq
  • Continue with the following commands : cd ~/Downloads
  • sq network wkd fetch pierre@archlinux.org -o release-key.pgp
  • sq verify --signer-file release-key.pgp --detached archlinux-2024.05.01-x86_64.iso.sig archlinux-2024.05.01-x86_64.iso

This should unlike with the GnuPG method give no warnings or errors.

[-] bitahcold@lemmy.world 1 points 4 months ago* (last edited 4 months ago)

So sorry for labor. There is a lacking information by me. I created the bootable at my previous OS, so there is no same .iso file. Only extracted version on my USB and installed version that is running on my PC. Can I see the mirror source from the extracted version?

[-] lemmyreader@lemmy.ml 1 points 4 months ago

Like the other commenter said you are probably fine. If you still worry, backup your /home and go for a fresh install and restore /home.

[-] bitahcold@lemmy.world 1 points 4 months ago

Better guarantee it haha. I did nothing except using unnecessary documents and surfing on the net. And maybe some games. I used archinstall for it but now, I will set it up customized and nonscript. Maybe fresh restart would be better. Thanks for the help again. Goodbye!

load more comments (1 replies)
this post was submitted on 21 May 2024
12 points (92.9% liked)

Arch Linux

7605 readers
1 users here now

The beloved lightweight distro

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml