Validating ClusterWare ISOs

To validate a downloaded ICE ClusterWare ™ ISO file, first import the gpg key that was used to sign the RPMs and ISOs:

curl -sSL https://repo.ice.penguinsolutions.com/RPM-GPG-KEY-clusterware | gpg --import -

Then download the CHECKSUM.asc file from the repo, e.g,:

wget https://<AUTHENTICATION_TOKEN>@repo.ice.penguinsolutions.com/clusterware/13/el8/iso/CHECKSUM.asc

and verify the CHECKSUM.asc file:

[admin@head]$ gpg --verify CHECKSUM.asc
gpg: Signature made Thu 05 Jan 2023 07:01:37 PM PST using DSA key ID 0A1E1108
gpg: Good signature from "Penguin Computing <support@penguincomputing.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AEFA 2C55 EB4A 88EF BE71  022B 0722 4B0A 0A1E 1108

Confirm that the downloaded ISO is named in CHECKSUM.asc. For example, for clusterware-13.0.0-g0000.el8.x86_64.iso:

grep clusterware-13.0.0-g0000.el8.x86_64.iso CHECKSUM.asc

should find the ISO. Now compare the checksum of the ISO with the ISO named in CHECKSUM.asc:

diff <(sha256sum clusterware-13.0.0-g0000.el8.x86_64.iso) \
     <(grep      clusterware-13.0.0-g0000.el8.x86_64.iso CHECKSUM.asc)

and expect to see no differences.