This guide is for users who want to manually verify Rocky Linux ISO images. This isn’t needed for RPMs since GPG keys are automatically checked with your system’s keychain.
- Open up rocky-linux/checksums on the RESF Forgejo.
- Select your major version, such as
rocky-linux-9. - Then, select your minor version, such as
9.5. - Select the appropriate file, such as
9.5-x86_64.ISO.checksum. - Click the green button with an ID, next to a padlock.
- Open up Ubuntu’s keyserver
- Type the GPG key ID displayed (hint: its the uppercase ID, not the shortened lowercase one) on RESF Forgejo, and click Search Key.
- Once the results are considered trustworthy, go back to RESF Forgejo, and back again, and verify the hash like usual.
Here is a simple video tutorial.