Contains checksums of images, ISO's, and so on for Rocky Linux
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Louis Abel 14f58866e4
update checksums for 9.1
1 month ago
keys add current GPG keys to a keys directory 8 months ago
rocky-linux-8 remove qcow2 bits for azure 4 months ago
rocky-linux-9 update checksums for 9.1 1 month ago
rocky-linux-rc update checksums for GA images 9 months ago
scr update checksums 4 months ago add current GPG keys to a keys directory 8 months ago


This repository contains checksums for images, ISO's, and so on for Rocky Linux. They are sorted by version into various directories.

Release Purpose
keys Rocky Linux GPG Keys
rocky-linux-8 Rocky Linux 8
rocky-linux-9 Rocky Linux 9
rocky-linux-rc Rocky Linux Release Candidates
rocky-linux-X/images Rocky Linux Images per release
scr Scripts to pull the latest checksums

This repository is mirrored here:

Why this repository?

One of the goals of this repository is to be a main point of reference for all checksums for our images, regardless of release. It can also be a historical reference as well because all versions will be available.

This repository is also a result of the following things:

  • Keykeeper (part of the peridot build system) does not sign arbitrary files or artifacts outside of the build system

  • We are planning to move Rocky Linux 8 into the new build system, and along with it, the keys that sign the packages and repository metadata

  • Some users would rather have a place they can go to that is outside of the mirror(s) to verify the signatures are valid and the checksums actually match what they claim.

So the commits are signed, how do I verify?

To verify our signature, click on "commits", click on the green "Verified" button where you will see a GPG key ID. You can then search for this ID at any of the following: