Hi!
I downloaded the last Ubuntu MATE release, 20.04 Focal Fossa, some weeks ago and just right now I am able to install it in my machine. I downloaded the ISO from the Ubuntu MATE website and today I did all the checks to see if the ISO file is not corrupt and/or tampered with.
I ran all the checks listed on the "Verifying For Corrupt" and "Verifying For Tampering" pages. I got no issues when verifying for corrupt, but I think I got a problem when I verified for tampering. This is my terminal output after running this command:
gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMS
Just one note: The files SHA256SUMS.gpg and SHA256SUMS I got from this URL:
cdimage.ubuntu . com/ubuntu-mate/releases/
The URL provided on the "Verifying For Tampering" is (note the cdimageS instead of cdimage):
cdimages.ubuntu. com/ubuntu-mate/releases/
And I couldn't access it! My browser said it was down! But I hope the SHA256SUMS.gpg SHA256SUMS are the same. Let me know if there is any problem about downloading those files from the URL I mentioned.
Well, the output for the command:
gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMS
Was this:
gpg: Signature made Qui 23 Abr 2020 10:35:29 -03
gpg: using RSA key D94AA3F0EFE21092
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu. com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
I got just one line with "Good signature" but in the "Verifying For Tampering" page, the output listed there has two lines with "Good signature". See:
Is that a problem? Should I have got the same two lines or is it OK with just one? Did I do anything wrong?
Thank you!
Marcelo