+++ This bug was initially created as a clone of Bug #504228 +++ I notice that the CHECKSUM files for Fedora 12 images declare the hash as SHA1 but it is actually SHA256. $ head -2 F12-Beta-x86_64-Live-CHECKSUM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 $ sha1sum -c F12-Beta-x86_64-Live-CHECKSUM sha1sum: F12-Beta-x86_64-Live-CHECKSUM: no properly formatted SHA1 checksum lines found $ sha256sum -c F12-Beta-x86_64-Live-CHECKSUM F12-Beta-x86_64-Live.iso: OK
The Hash: SHA1 is part of the PGP signature and has no relation to the hash used in the contents of the file.
Ah. Thanks for the clarification. Is there some cue to end-users what hash algorithm is in use in the CHECKSUM files? Or do we just run $ sha1sum -c F12-Beta-x86_64-Live-CHECKSUM ... $ sha224sum -c F12-Beta-x86_64-Live-CHECKSUM ... $ sha256sum -c F12-Beta-x86_64-Live-CHECKSUM ... $ sha384sum -c F12-Beta-x86_64-Live-CHECKSUM ... $ sha512sum -c F12-Beta-x86_64-Live-CHECKSUM ... etc, until we find one that works?
The process for verifying .iso images is detailed at https://fedoraproject.org/verify. The websites team is looking at adding a link to there from the get-prerelease page.
excellent, thank you.