To verify the ArchLabs .iso users will first need to get Nate’s public gpg key from a keyserver, verify the .asc, then run the checkum against the iso.
- Get Nate’s key from a public keyserver (if pgp.mit.edu doesn’t work keyserver.ubuntu.com is also another very reputable keyserver, there has recently been some problems with gpg keyservers because of GDPR)
gpg --keyserver pgp.mit.edu --recv-keys 9E4F11C6A072942A7B3FD3B0B81EB14A09A25EB0
- Verify the .asc (as long as it says “Good Signature” that’s what matters, you will see a WARNING and this is normal and because you don’t posess Nate’s private key to be able to sign files yourself, Arch, Debian, etc. all have this same warning)
gpg --verify archlabs-2022.08.21-x86_64.iso.sha256sum.asc
- Run the checksum against the iso (the .iso and the .asc need to be in the same directory, as long as you see “OK” that’s what matters)
sha256sum -c archlabs-2022.08.21-x86_64.iso.sha256sum.asc