Published on June 28, 2016; tags: Linux
I just replaced the SSD in my laptop with a bigger one and installed a fresh Fedora Linux on it, essentially upgrading from F23 to F24.
Here are a few notes which could be useful to others and myself in the future.
How do you verify the downloaded image? You verify the checksum.
How do you verify the checksum? You check its gpg signature.
How do you verify the authenticity of the gpg key? You could just check the fingerprint against the one published on the website above, but this is hardly better than trusting the checksum, since they both come from the same source.
Here’s a better idea: if you already have a Fedora system, you have the keys at
In my case, I imported
/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-24-primary (yes, my F23 system already contained the F24 signing keys), and was able to check the checksum signature.
This protects you against a scenario when getfedora.org is compromised and the checksums/signatures/keys are replaced there.
Turned out the only optical disc in my house was damaged, and I didn’t have a USB stick big enough to burn the Fedora image either.
I did have an external USB drive with some free space on it, but it contained a lot of data, so I couldn’t just make it one big ISO partition.
There are several instructions on how to create bootable USB partitions, but most of them look fragile and complicated.
Luckily, Fedora makes this super easy.
livecd-tools(which is a packaged version of this repo)
livecd-iso-to-disk Fedora-Workstation-Live-x86_64-24-1.2.iso /dev/sdb1
I was impressed by how easy it was to set up full disk encryption. I just checked the box “Encrypt my data” in the installer, and it used a very sensible partitioning scheme close to what I used to set up manually before:
/home, and swap.
The only thing that I had to do was to enable TRIM support:
issue_discards = 1in
systemctl enable fstrim.timer && systemctl start fstrim.timer