Fedora Spins Logo

How do I verify my image?

Once you have downloaded an image, verify it for security and integrity. To verify your image, start by downloading the proper CHECKSUM file into the same directory as the image you downloaded.

Next, import Fedora's GPG key(s):

$ curl -O https://fedoraproject.org/fedora.gpg

You can verify the details of the GPG key(s) here.

Now, verify that the CHECKSUM file is valid:

$ gpgv --keyring ./fedora.gpg Fedora-Spins-38-1.6-x86_64-CHECKSUM

The CHECKSUM file should have a good signature from one of the following keys:

  • 6A51BBABBA3D5467B6171221809A8D7CEB10B464 - Fedora 38
  • ACB5EE4E831C74BB7C168D27F55AD3FB5323552A - Fedora 37
  • 53DED2CB922D8B8D9E63FD18999F7CBF38AB71F4 - Fedora 36

Finally, now that the CHECKSUM file has been verified, check that the image's checksum matches:

$ sha256sum -c Fedora-Spins-38-1.6-x86_64-CHECKSUM --ignore-missing

If the output states that the file is valid, then it's ready to use!

How do I verify my downloaded image on another operating system?

Read these instructions to verify your image.