How to verify a Parabola GNU/Linux-libre flash drive has not been tampered with in transit

How to verify a Parabola GNU/Linux-libre flash drive has not been tampered with in transit

# Open a terminal and follow the directions below to verify you’re flash drive is as it was intended by the Parabola GNU/Linux-libre developers.

# Import the signing key for Parabola GNU/Linux-libre
# This can be identified from parabola.nu

gpg --keyid-format long --keyserver hkp://pgp.cyberbits.eu --recv-keys 0x5A8D4B40

# Download the signature file from parabola.nu

wget https://repo.parabola.nu/iso/x86_64-systemd-cli-2022.04/parabola-x86_64-...

# Determine the size of the Parabola GNU/Linux-libre image; you can get a download link from parabola.nu

curl -s -L -I https://redirector.parabola.nu/iso/x86_64-systemd-cli-2022.04/parabola-x... | grep 'Content-Length'

Content-Length: 648019968

# Replace 648019968 below with that output of the above command, and replace /dev/sda with the address of your flash drive, and parabola-x86_64-systemd-cli-2022.04-netinstall.iso.sig with that of your signature file

sudo head -c 648019968 /dev/sda | TZ=UTC gpg --no-options --keyid-format long --verify parabola-x86_64-systemd-cli-2022.04-netinstall.iso.sig -

gpg: Signature made Sat 07 May 2022 10:26:26 AM UTC
gpg: using RSA key FBCC5AD7421197B7ABA72853908710913E8C7778
gpg: Good signature from "bill-auger " [unknown]
gpg: aka "bill-auger " [unknown]
gpg: aka "bill-auger " [unknown]
gpg: aka "[jpeg image of size 6017]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3954 A7AB 837D 0EA9 CFA9 7989 25DB 7D9B 5A8D 4B40
Subkey fingerprint: FBCC 5AD7 4211 97B7 ABA7 2853 9087 1091 3E8C 7778

Notice: It says good signature from the parabola GNU/Linux-libre developer Bill Auger, so this drive has not been tampered with while in transit.