Verify Oracle Linux Downloads

How to verify to Oracle Linux Download checksum

About Verifying Oracle Linux ISO Downloads


Oracle Linux downloads can be verified to ensure that they are exactly the downloads as published by Oracle and that they were downloaded without any corruption.

This page describes the steps to verify the integrity of Oracle Linux downloads regardless of download source.

Steps to Verify Oracle Linux Downloads


To verify Oracle Linux Downloads, you need:

  • A checksum file corresponding to the ISO you downloaded
  • The public GPG key to verify the Oracle key used to sign the the checksum file

The checksum file contains a list of files that are part of a download package with the corresponding checksums as well as a GPG signature. The GPG signature enables anyone to verify that checksum file was published by Oracle. The steps below describe how to verify they checksum file itself and then verify the contents of the Oracle Linux download by checking against the checksum file.

Import Oracle Linux GPG key


First, import the Oracle Linux GPG key corresponding to your Oracle Linux release:

Oracle Linux 8

  # curl https://yum.oracle.com/RPM-GPG-KEY-oracle-ol8 | gpg --import

Oracle Linux 7

  # curl https://yum.oracle.com/RPM-GPG-KEY-oracle-ol7 | gpg --import

Oracle Linux 6

  # curl https://yum.oracle.com/RPM-GPG-KEY-oracle-ol6 | gpg --import

Download and Verify Checksum File


Download the appopriate checksum file and place it in the same directory as the Oracle Linux download.

To verify the checksum file:

   $ gpg --verify-files <checksum-file>

After verifying the checksum file, verify the download as follows:

   
   $ grep <Oracle_Linux_Download > <checksum-file> | sha256sum -c

GPG Key Fingerprint

Oracle Linux 8

              
              # curl https://yum.oracle.com/RPM-GPG-KEY-oracle-ol8 -o RPM-GPG-KEY-oracle
              # gpg --quiet --keyid-format 0xlong --with-fingerprint RPM-GPG-KEY-oracle
              pub   4096R/0x82562EA9AD986DA3 2019-04-09 [SC] [expires: 2039-04-04]
                    Key fingerprint = 76FD 3DB1 3AB6 7410 B89D  B10E 8256 2EA9 AD98 6DA3
              uid                             Oracle OSS group (Open Source Software group) 
              sub   4096R/0x222F15DFD95DC12B 2019-04-09 [E] [expires: 2039-04-04]

              
            

Oracle Linux 7

              
              # curl https://yum.oracle.com/RPM-GPG-KEY-oracle-ol7 -o RPM-GPG-KEY-oracle
              # gpg --quiet --with-fingerprint RPM-GPG-KEY-oracle
              pub  2048R/EC551F03 2010-07-01 Oracle OSS group (Open Source Software group) <build@oss.oracle.com>
                    Key fingerprint = 4214 4123 FECF C55B 9086  313D 72F9 7B74 EC55 1F03
              
            

Oracle Linux 6

              # curl  https://yum.oracle.com/RPM-GPG-KEY-oracle-ol6 -o RPM-GPG-KEY-oracle
              # gpg --quiet --with-fingerprint RPM-GPG-KEY-oracle
              pub  2048R/EC551F03 2010-07-01 Oracle OSS group (Open Source Software group) <build@oss.oracle.com>
                    Key fingerprint = 4214 4123 FECF C55B 9086  313D 72F9 7B74 EC55 1F03
            
software.hardware.complete