You are not logged in.
- Topics: Active | Unanswered
#1 2025-05-05 02:42:54
- Captian_Spencer
- Member
- Registered: 2025-05-05
- Posts: 1
Where am I going wrong with the ISO download?
Hi all.
Apologies in advance but I think I'm in the wrong forum.
I have tried several times to download the 010525 iso and when I try to burn it to USB I get an error sayiing that the signature does not match. I tried to verify it in a terminal and I get a warning;
gpg: assuming signed data in 'archlinux-2025.05.01-x86_64.iso'
gpg: Signature made Thu 01 May 2025 11:12:01 BST
gpg: using EDDSA key 3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C
gpg: issuer "pierre@archlinux.org"
gpg: Good signature from "Pierre Schmitz <pierre@archlinux.org>" [unknown]
gpg: aka "Pierre Schmitz <pierre@archlinux.de>" [unknown]
gpg: WARNING: The key's User ID is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3E80 CA1A 8B89 F69C BA57 D98A 76A5 EF90 5444 9A5C
That said, I am on Hyprland (wayland) and tried using KDE iso imagewriter and that gives me the error.
Edit - Just used the SUSE imagewriter, and it wrote to USB without any errors. Should I stll use it given the output saying the warning above? Thanks in advance.
Offline
#2 2025-05-05 03:38:08
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,593
- Website
Re: Where am I going wrong with the ISO download?
Welcome to the forum.
You do nothing wrong and the validation gone right:
gpg: Good signature from "Pierre Schmitz <pierre@archlinux.org>" [unknown]
If you’re concerned about that part:
gpg: WARNING: The key's User ID is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Validation went right, confirming that somebody with key 76A5EF9054449A5C signed that image. GnuPG just warns you, that it has no means of telling, if this somebody is in fact the person Pierre Schmitz.
You could mark the key as trusted, but you don’t have to just for validation. The only downside is, that you’re going to see that warning.
And I’d would say, but count that as my own opinion, that one shouldn’t mark keys as trusted merely to avoid warnings. This should be a purposeful action into which some thought and effort is put, not merely a step to get rid of a message.
Paperclips in avatars? | Sometimes I seem a bit harsh — don’t get offended too easily!
Offline