代码拉取完成,页面将自动刷新
| Release Branch | ISO Image | SHA-256 Checksum File | Checksum Signature |
|---|---|---|---|
| 1.0 | https://aka.ms/mariner-1.0-x86_64-iso | https://aka.ms/mariner-1.0-x86_64-iso-checksum | https://aka.ms/mariner-1.0-x86_64-iso-checksum-signature |
| 2.0 | https://aka.ms/mariner-2.0-x86_64-iso | https://aka.ms/mariner-2.0-x86_64-iso-checksum | https://aka.ms/mariner-2.0-x86_64-iso-checksum-signature |
Once the ISO image, the checksum, and the checksum signature files are downloaded, it is strongly recommended that the integrity of the image is verified. This is a two-step process. First, ensure that the checksum file has not been tampered with by verifying the signature against Mariner's RPM signing public key. Second, check that the ISO image was not corrupted during the download. The following bash script shows the commands necessary to check both steps:
# Assumption: we are in the directory containing the downloaded files
# Replace "1.0" in these variables with the release branch being verified
CHECKSUM_FILE="mariner-1.0-x86_64.iso.sha256"
SIGNATURE_FILE="mariner-1.0-x86_64.iso.sha256.gpg"
# Download the Mariner RPM signing public key
wget https://raw.githubusercontent.com/microsoft/CBL-Mariner/2.0/SPECS/mariner-repos/MICROSOFT-RPM-GPG-KEY
# Import the RPM signing public key into the local GPG keystore
gpg --import MICROSOFT-RPM-GPG-KEY
# Verify that the checksum file was produced by the Mariner team
# The output of this command should contain the following string:
# 'Good signature from "Mariner RPM Release Signing <marinerrpmprod@microsoft.com>"'
gpg --verify "$SIGNATURE_FILE" "$CHECKSUM_FILE"
# Verify that the ISO image checksum matches the expected checksum
# We need to fix the line endings on the signature file to get sha256sum to accept it
dos2unix "$SIGNATURE_FILE"
sha256sum --check "$CHECKSUM_FILE"
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。