How to verify offline Firefox installer using its .asc file
I have downoloaed Firefox offline installer (a .xz file) from here: https://download-installer.cdn.mozilla.net/pub/firefox/releases/139.0b9/linux-x86_64/en-GB/ I have als… (আরও পড়ুন)
I have downoloaed Firefox offline installer (a .xz file) from here:
https://download-installer.cdn.mozilla.net/pub/firefox/releases/139.0b9/linux-x86_64/en-GB/
I have also downloaded a .asc file, presumably a pgp signature.
Now both files are saved locally in my computer.
Assuming Linux latest release, how do I verify the contents of the offline installer file (.xz) from the Linux Terminal? I have install gpg tools. And commands like ```gpg``` are available.
What I did so far:
gpg --show-keys --with-fingerprint firefox-139.0b9.tar.xz.asc
with this output:
gpg: no valid OpenPGP data found.
Do you really want us to verify the contents of the installers you provide? A sha256 sum would be great, though not as secure, for when the GPG predictably fails for the ordinary user due to its huge and useless complexity and bureaucracy.