Checksum and gpg fails

Downloaded with torrent.

md5sum -c endeavouros-2019.12.22-x86_64.iso.md5sum
endeavouros-2019.12.22-x86_64.iso: FAILED

gpg --verify endeavouros-2019.12.22-x86_64.iso.sig endeavouros-2019.12.22-x86_64.iso
gpg: Signature made Mon 23 Dec 2019 17:10:52 CET
gpg: using RSA key 497AF50C92AD2384C56E1ACA003DB8B0CB23504F
gpg: issuer “
gpg: BAD signature from “EndeavourOS” [unknown]

unknown --> as you do not have added the key to your ring:
gpg --recv CB23504F

Yes, I did.

gpg --recv CB23504F
gpg: keyserver receive failed: No data

Doesn’'t work, so I did

gpg --keyserver --recv-keys CB23504F
gpg: key 003DB8B0CB23504F: public key “EndeavourOS” imported
gpg: Total number processed: 1
gpg: imported: 1

yes keyserver have issues at the moment…

just recheck ISO files both are valid fresh downloaded directly and over torrent…

I imported the key before 1st check, and it failed. MD5 too.

Just tried both and both were fine.

gpg --verify endeavouros-2019.12.22-x86_64.iso.sig endeavouros-2019.12.22-x86_64.iso
gpg: WARNUNG: Unsichere Zugriffsrechte des Home-Verzeichnis `/home/lukas/.gnupg'
gpg: Signatur vom Mo 23 Dez 2019 17:10:52 CET
gpg:                mittels RSA-Schlüssel 497AF50C92AD2384C56E1ACA003DB8B0CB23504F
gpg:                Aussteller ""
gpg: Korrekte Signatur von "EndeavourOS <>" [unbekannt]
gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!
gpg:          Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört.
Haupt-Fingerabdruck  = 497A F50C 92AD 2384 C56E  1ACA 003D B8B0 CB23 504F

md5sum -c endeavouros-2019.12.22-x86_64.iso.md5sum 
endeavouros-2019.12.22-x86_64.iso: OK

Where did you donwload the ISO?

I downloaded it via the torrent and the checksums were fine again.

I assume there was an error with your download.
I think you should redownload!

1 Like