Fedora Verification Instructions
Fedora Verification Instructions
Posted Jan 22, 2026 10:25 UTC (Thu) by neal (subscriber, #7439)Parent article: Responses to gpg.fail
The presentation opens with a very impressive attack that appears to show the researchers following the Fedora download verification instructions, and then booting an image that is clearly not Fedora. The instructions were:
- Download an ISO image
- Download the Fedora OpenPGP certificate
- Download the signed checksum file
- Use
gpgvto verify the signed data in the checksum file - Use
sha256sumto verify the image using the checksum file
sha256sum used the original checksum file, but that is not exactly what gpgv verified. Instead, sha256sum should have used the verified data.
There's a discussion on the fedora-devel mailing list about this, which has resulted in an issue against the Fedora Website. Within a couple of days, the webmasters updated the instructions. And now instead the broken two-step verification:
gpgv --keyring ./fedora.gpg Fedora-Workstation-43-1.6-x86_64-CHECKSUM sha256sum --ignore-missing -c Fedora-Workstation-43-1.6-x86_64-CHECKSUMThere is one step where the verified output is sent to
sha256sum:
gpgv --keyring ./fedora.gpg --output - \
Fedora-Workstation-43-1.6-x86_64-CHECKSUM \
| sha256sum -c --ignore-missing
sq verify --cleartext --signer-file ./fedora.gpg \
Fedora-Workstation-43-1.6-x86_64-CHECKSUM \
| sha256sum -c --ignore-missing
Of particular note: neither gpgv nor sq had to be updated to fix this issue. (That's not to say that misusing a tool is not an issue with the tool. IMHO, tools should make it hard to make mistakes, and we should constantly be on the look out for ways to improve our tooling.)