Contains checksums of images, ISO's, and so on for Rocky Linux
Find a file
2024-11-19 10:33:56 -07:00
keys add rocky linux 10 fingerprints 2024-10-11 21:22:30 -07:00
rocky-linux-8 prepare for 8.10 2024-05-30 12:10:31 -07:00
rocky-linux-9 update checksums for 9.5 2024-11-19 10:33:56 -07:00
rocky-linux-rc update checksums for GA images 2022-07-05 23:34:43 -07:00
scr add 8.8 checksums 2023-05-18 14:28:01 -07:00
README.md add current GPG keys to a keys directory 2022-08-06 16:05:03 -07:00

checksums

This repository contains checksums for images, ISO's, and so on for Rocky Linux. They are sorted by version into various directories.

Release Purpose
keys Rocky Linux GPG Keys
rocky-linux-8 Rocky Linux 8
rocky-linux-9 Rocky Linux 9
rocky-linux-rc Rocky Linux Release Candidates
rocky-linux-X/images Rocky Linux Images per release
scr Scripts to pull the latest checksums

This repository is mirrored here: https://git.resf.org/rocky-linux/checksums

Why this repository?

One of the goals of this repository is to be a main point of reference for all checksums for our images, regardless of release. It can also be a historical reference as well because all versions will be available.

This repository is also a result of the following things:

  • Keykeeper (part of the peridot build system) does not sign arbitrary files or artifacts outside of the build system

  • We are planning to move Rocky Linux 8 into the new build system, and along with it, the keys that sign the packages and repository metadata

  • Some users would rather have a place they can go to that is outside of the mirror(s) to verify the signatures are valid and the checksums actually match what they claim.

So the commits are signed, how do I verify?

To verify our signature, click on "commits", click on the green "Verified" button where you will see a GPG key ID. You can then search for this ID at any of the following:

https://keys.openpgp.org https://keyserver.ubuntu.com