|Louis Abel 14f58866e4||1 month ago|
|keys||8 months ago|
|rocky-linux-8||4 months ago|
|rocky-linux-9||1 month ago|
|rocky-linux-rc||9 months ago|
|scr||4 months ago|
|README.md||8 months ago|
This repository contains checksums for images, ISO's, and so on for Rocky Linux. They are sorted by version into various directories.
|keys||Rocky Linux GPG Keys|
|rocky-linux-8||Rocky Linux 8|
|rocky-linux-9||Rocky Linux 9|
|rocky-linux-rc||Rocky Linux Release Candidates|
|rocky-linux-X/images||Rocky Linux Images per release|
|scr||Scripts to pull the latest checksums|
This repository is mirrored here: https://git.resf.org/rocky-linux/checksums
Why this repository?
One of the goals of this repository is to be a main point of reference for all checksums for our images, regardless of release. It can also be a historical reference as well because all versions will be available.
This repository is also a result of the following things:
Keykeeper (part of the peridot build system) does not sign arbitrary files or artifacts outside of the build system
We are planning to move Rocky Linux 8 into the new build system, and along with it, the keys that sign the packages and repository metadata
Some users would rather have a place they can go to that is outside of the mirror(s) to verify the signatures are valid and the checksums actually match what they claim.
So the commits are signed, how do I verify?
To verify our signature, click on "commits", click on the green "Verified" button where you will see a GPG key ID. You can then search for this ID at any of the following: