checksums/README.md

# checksums

This repository contains checksums for images, ISO's, and so on for Rocky Linux.
They are sorted by version into various directories.

| Release              | Purpose                              |
|----------------------|--------------------------------------|
| keys                 | Rocky Linux GPG Keys                 |
| rocky-linux-8        | Rocky Linux 8                        |
| rocky-linux-9        | Rocky Linux 9                        |
| rocky-linux-rc       | Rocky Linux Release Candidates       |
| rocky-linux-X/images | Rocky Linux Images per release       |
| scr                  | Scripts to pull the latest checksums |

This repository is mirrored here: https://git.resf.org/rocky-linux/checksums

# Why this repository?

One of the goals of this repository is to be a main point of reference for all
checksums for our images, regardless of release. It can also be a historical
reference as well because all versions will be available.

This repository is also a result of the following things:

* Keykeeper (part of the peridot build system) does not sign arbitrary files
or artifacts outside of the build system

* We are planning to move Rocky Linux 8 into the new build system, and along
with it, the keys that sign the packages and repository metadata

* Some users would rather have a place they can go to that is outside of the
mirror(s) to verify the signatures are valid and the checksums actually match
what they claim.

# So the commits are signed, how do I verify?

To verify our signature, click on "commits", click on the green "Verified"
button where you will see a GPG key ID. You can then search for this ID at
any of the following:

https://keys.openpgp.org
https://keyserver.ubuntu.com
update readme for clarity 2022-07-23 02:33:32 +00:00			`# checksums`
init 2022-06-25 16:16:33 +00:00
			`This repository contains checksums for images, ISO's, and so on for Rocky Linux.`
			`They are sorted by version into various directories.`
update checksums for GA images 2022-07-06 06:34:43 +00:00
add current GPG keys to a keys directory 2022-08-06 23:05:03 +00:00			`\| Release \| Purpose \|`
			`\|----------------------\|--------------------------------------\|`
			`\| keys \| Rocky Linux GPG Keys \|`
			`\| rocky-linux-8 \| Rocky Linux 8 \|`
			`\| rocky-linux-9 \| Rocky Linux 9 \|`
			`\| rocky-linux-rc \| Rocky Linux Release Candidates \|`
			`\| rocky-linux-X/images \| Rocky Linux Images per release \|`
			`\| scr \| Scripts to pull the latest checksums \|`
update readme for clarity 2022-07-23 02:33:32 +00:00
			`This repository is mirrored here: https://git.resf.org/rocky-linux/checksums`

			`# Why this repository?`

			`One of the goals of this repository is to be a main point of reference for all`
			`checksums for our images, regardless of release. It can also be a historical`
			`reference as well because all versions will be available.`

			`This repository is also a result of the following things:`

			`* Keykeeper (part of the peridot build system) does not sign arbitrary files`
			`or artifacts outside of the build system`

			`* We are planning to move Rocky Linux 8 into the new build system, and along`
			`with it, the keys that sign the packages and repository metadata`

			`* Some users would rather have a place they can go to that is outside of the`
			`mirror(s) to verify the signatures are valid and the checksums actually match`
			`what they claim.`

			`# So the commits are signed, how do I verify?`

			`To verify our signature, click on "commits", click on the green "Verified"`
			`button where you will see a GPG key ID. You can then search for this ID at`
			`any of the following:`

			`https://keys.openpgp.org`
			`https://keyserver.ubuntu.com`