My notes titled “How to verify Clonezilla ISO files?” based on my experience on my debian 9 system.
1. Download Clonezilla ISO file from http://clonezilla.org/downloads.php
2. Download CHECKSUMS.TXT.gpg and CHECKSUMS.TXT
3. Place all these files into the same directory.
4. $ gpg --verify ./CHECKSUMS.TXT.gpg ./CHECKSUMS.TXT
gpg: Signature made Sal 27 Haz 2017 04:06:18 +03 gpg: using RSA key 667857D045599AFD gpg: Can't check signature: No public key
5. $ gpg --recv-keys 667857D045599AFD
If you see the following output, install “dirmngr” and try again.
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory gpg: connecting dirmngr at '/run/user/1000/gnupg/S.dirmngr' failed: No such file or directory gpg: keyserver receive failed: No dirmngr
6. $ gpg --recv-keys 667857D045599AFD
Output:
gpg: key 667857D045599AFD: public key "DRBL Project (Diskless Remote Boot in Linux) <drbl@clonezilla.org>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1
7. $ gpg --verify ./CHECKSUMS.TXT.gpg ./CHECKSUMS.TXT
Output:
gpg: Signature made Sal 27 Haz 2017 04:06:18 +03 gpg: using RSA key 667857D045599AFD gpg: Good signature from "DRBL Project (Diskless Remote Boot in Linux) <drbl@clonezilla.org>" [unknown] gpg: aka "DRBL Project (Diskless Remote Boot in Linux) <drbl@nchc.org.tw>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 54C0 821A 4871 5DAF D61B FCAF 6678 57D0 4559 9AFD
Developing software, offering legal services, and gaming like it’s still the ’90s. LLM Exeter, PhD(c) in Private Int’l Law. Defender of Kaer Morhen.