RHEL CoreOS: verify the integrity of the downloaded ISO file

Solution Verified - Updated 2026-02-24T10:34:31+00:00 -

English

• No translations currently exist.

Environment

• Red Hat OpenShift Container Platform 4.

Issue

• How can the integrity of a RHEL CoreOS ISO file be verified?
  • Is there checksum file?
  • Is the checksum file signed?

Resolution

Checksum files

• The ISO files can be verified by using the checksum file sha256sum.txt available.
  • For example, this is the file for RHEL CoreOS 4.21.

Signing

• The checksum file of the OpenShift installers is signed and the images can be validated by using the own installer.

• Starting from version 4.21, the digitally signed file sha256sum.txt.gpg can be downloaded.

  • In order to verify its authenticity, Red Hat's signing keys are available.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.