Fedora

Verify your ISO download.

Windows user? Follow these instructions instead.

Once you have downloaded an ISO, verify it for security and integrity. If you downloaded your ISO via BitTorrent, the file has already been verified as part of the download process (just make sure that you got the torrent from torrent.fedoraproject.org). Otherwise, to verify your ISO, start by downloading the proper SHA1SUM file into the same directory as the ISO:

Install DVD / Rescue CD

• i386
• x86_64
• ppc

Live Media (both GNOME and KDE)

• i386
• x86_64

Next, import Fedora's GPG key(s):

$ curl https://fedoraproject.org/static/fedora.gpg | gpg --import

You can verify the details of the GPG key(s) here.

Now, verify that the SHA1SUM file is valid:

$ gpg --verify SHA1SUM

The SHA1SUM file should have a good signature from one of the following keys:

• 4EBFC273 - Fedora 10
• 0B86274E - Fedora 10 pre-releases
• 4F2A6FD2 - Fedora 9 and earlier
• 30C9ECF8 - Fedora 9 and earlier pre-releases

Finally, now that the SHA1SUM file has been verified, check that the ISO's checksum matches:

$ sha1sum -c SHA1SUM

If the output states that the file is valid, you're good to go!

Copyright © 2008 Red Hat, Inc. and others. All Rights Reserved. For comments or queries, please contact us.

The Fedora Project is maintained and driven by the community and sponsored by Red Hat. This is a community maintained site. Red Hat is not responsible for content.

• Sponsors
• Legal
• Trademark Guidelines