Group: Software/FSDG distributions/Dynebolic signing key

To verify the signature of dynebolic-4.0.0-beta.iso you first need to copy inside a Jaromil.key, the following text version of Jaromil's public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBGEtBL4BDADewVgUfumdgb0lC3aV8YNenMqJW64jG2tqbuT2NeS0nPwFZwTf
lCLXe4jY/5kbCWQ07gvkwA9yngar8AYypRfdosoD4/mWorMRvD5XnIP7cRJyIfv6
Fb0DT8J9a6CQXz3MZZ/RUNi8SwtU4ojtOUEg9gAeL2k/2OCGzrUKaXznIv2Yl/vL
cl66Zt6EB6FHO24Ruf46LhEmCXiVy/CSP4JUX5feIQP61HrwbJ/8ruDGhZP3wgm+
g++CjmGz7ImzBMODjIOtvxxC0jxBY4okcJNSDNbj7AF9l4yWXrUt2Y+oj2q+5nhX
RwkI3XmVOpiUmRJH7HyAIQvIWzfedc3N6dvfY377tLXspaspAFqBSoiT6fNBHB0t
X0Ik80fYtrNQaVA50pi5emRS5hnQ91Y42FsPW3yul0eKjf5mepoc5Ca4CgQ6S8Lm
Y/gt/8a789czLgY0RtYc/q80/+m/wxZztXvCaD7uzCBzRZ0p1QCN/6AeCriAcv/M
vCGFWgDuBceqwMMAEQEAAbQaSmFyb21pbCA8amFyb21pbEBkeW5lLm9yZz6JAc4E
EwEKADgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQSRSSbC6Rbx4LGjI13Y
EfnS1cxxFQUCYS5jMAAKCRDYEfnS1cxxFc4MC/9rdXTQAtXlIdLh8o7Mstm0F5Un
Sbg4n2j/7tjiJlnt42lg4luUDubhx/OWcoHDI9V9z6aQoUkvlmKWsxjXnE1cie3T
+z/LC4+8OOV/c1NEAhSfKrV5UUj+rND5GFkfP5xPm+K7wpc9qv60BS/SAskc/qmz
WKpm053su0j0+cuLebqQZCnAiP1992yGAz4bRh12IGRvrEiVvQandHc/4/waXOHw
ChnGOOjc5vW8cSy7MhKSiDie2X6Z34u4z3Ji5Cm8/dopt/eIQxpdXo/rhxoJCu68
SXOsA8sL4XbUmmV9ChNNoPkjISLVQiRI1QgzQxsSVL62drsffQspO7lSPf0PBhzI
cGQM2aKy4IHAcakb1H448boT6Htv9FabJpxtUs0mLsFuadnanycTyPCH3XB2m0HZ
MCahol9orfLgEcZlEoJ98n4R66kDD8Oj7boAb9cps4hgHcuIGAYV3ZHzEWXMDgbU
YiO/ep/agYz4i99pLVNEOSGnwP2KyN7tcR2dF9C0K21haWxib3ggKGVtYWlsIGFj
Y291bnRzKSA8amFyb21pbEBkeW5lLm9yZz6JAc4EEwEKADgWIQSRSSbC6Rbx4LGj
I13YEfnS1cxxFQUCY6272QIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDY
EfnS1cxxFbhjC/9Vkbi5sXEyMUXsVu1xKGU7+KASV6V0qAepQrqra7wElNxcBlWk
ymAz+VB+pSbNv9J261KueSARfxIleXsVu7BSS5FjrIzQlCqzdn+udm1+j5jGmFav
wheWt5CjFdDEZ7sFGshdrQ8Kam4Gb88bwJoa+6hZBmQOHyunKOICbMJ/EUv00tew
bqgzfii8wnPEn8hJg4TndCdMKwgnuGCL77KIkD4TsBcNvOUvbQAG5u1N5NIo0Q7p
k0Bk9X9udDANQrrEI3ktlY2CGhwpy0qI8opLU1XqrGfJO7BRBua+iVJ7mRii66qM
FhjtdwNfq7Nv+GhL4FzzHWdHRdHaicfQXR8VV3FU0lYsZK0qelIk/Agf44+Pafh2
/iywWteN0RFllI/M/xlh30XKEDUYOLPfs7OXIINwW+r5OOG+hBb8evVnyL+PNL+S
6ztcAMZk0gAl1l4hbREBzDvYg4dDuZCxLHcd5KVZfboEio8Cj4jmSzocrzQFV1tz
Zo6L5/CGmjdwiX65AY0EYS0EvgEMALMpw5dq6fc6tAtGRDb/KhT+9ARy19l1W0a4
2AnbKwuOCrOhDoF5WDloP1tbJFxcUEycSITcAC76mBADXc0b5tJ80BKlAHF3QGps
AzX1EYfgHRjGEm17ARavUcJaWgrA36f0ognLv50ro754OEe2uiSt6XhLaCgUKA9Y
7vvQwyu1pnXqRUYFm3FlKnpMYAmQTj4g5WRSHKeSR2/jzAUdMDig+oIGWoe2oS8P
5e8uZmV4asCUpFg1hzXuxXqIXTbOzOKA0wzs0uA//whdV3f7rDEMRU7RHnJoXGyR
5lzHRWcuI7w6K6dXg5+NnKfglgrG6IIwET9aCvc6NfHXsXdy8jgml0mECHhSzmS7
Hv51otbTvepYchVcUO5n6Nh6VqzMOS/yHYUSUPkq+0TRaSxkjhsNdb/z0PHrcN+s
dQLoJOPdFcxjznQK1vdPQLaId1wHMPWFW91++LgyYgXjxZcP67AEMhdSagV3ieed
xCVvnLAQN6YAiPiGLosvvgz/at6sEQARAQABiQG2BBgBCgAgAhsMFiEEkUkmwukW
8eCxoyNd2BH50tXMcRUFAmEuY1QACgkQ2BH50tXMcRVvKQv9FBLRTsw1Q8lkPrq0
XtUuRjpo2Q+dW0gKMpoAem7VaMMos/2k1euXhBKdtBJGxyIdJknIzfGLsXQU3FA4
8h/mDHY6ptnZyQLcKGsdaAxY6b4H3rmjxUQtd3elVQvOJgU1PffVH9mSRJdC9ff6
+0Py/yWcgDz60QGqZfAr6TCjzyUJ+aAWhyNWkpxHe835RaCqkyyPG6W53kaaq1LM
VOSS8WcFSvI4euL4aAdsXXy7mQgB0R1/He6wHsh3aCggu38xXv21WeA36QX/djh5
Myqe+MD57f5WwoAlr57jlX+RwmmKPBvYV0Lk5ZXkRefZz+bfCrhyiD2dTdkNdoGd
voY8SkT2vJ2dVDcmo4bSfW+HymzsWHKYHSDKBWi7HqTTj2I1GSKAFGXEg8kgcmwj
0XFHe+7XxPNQQmlkBd7qpCkSwsB74ZvMR8pXUlkmSEg6lN/plZ4Yhcxuu3iH+yTL
7tI4YNfj5x+0+ilvLsi/0XpFLcADVx1+8PkTD9PI9OMq2yGt
=WDYT
-----END PGP PUBLIC KEY BLOCK-----

Then you can import the key like that:

gpg --import Jaromil.key

And then you will need to verify the signature of the checksum file:

gpg --verify dynebolic-4.0.0-beta.iso.sha512sum.asc

It should give something more or less like that with "Good signature":

gpg: assuming signed data in 'dynebolic-4.0.0-beta.iso.sha512sum'
gpg: Signature made Thu 21 Mar 2024 06:30:23 PM CET
gpg:                using RSA key 914926C2E916F1E0B1A3235DD811F9D2D5CC7115
gpg: Good signature from "mailbox (email accounts) <jaromil@dyne.org>" [unknown]
gpg:                 aka "Jaromil <jaromil@dyne.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9149 26C2 E916 F1E0 B1A3  235D D811 F9D2 D5CC 7115

Then you will need to verify the checksum:

sha512sum -c dynebolic-4.0.0-beta.iso.sha512sum

It will then show this message if things are OK:

dynebolic-4.0.0-beta.iso: OK