# AlmaLinux OS Generic Cloud (cloud-init) image
The Generic Cloud image is a general purpose virtual machine image that contains the cloud-init (opens new window) package. During boot, cloud-init will take configuration options from cloud metadata and initialize a system accordingly. This may include network configuration, user's SSH key pair installation, attaching storage devices, etc.
# Download images
The AlmaLinux OS Generic Cloud image is available from our mirrors (opens new window) and from the main AlmaLinux OS repositories:
| AlmaLinux 8 | x86_64 | aarch64 | ppc64le | s390x |
| AlmaLinux 9 | x86_64 | aarch64 | ppc64le | s390x |
# Verify AlmaLinux 8 images
# Import the AlmaLinux OS PGP public key
In order to verify a downloaded image you need to import the AlmaLinux OS PGP public key first.
TIP
If you are using an AlmaLinux OS-powered system, you may skip the command
below because you already have the key stored in the /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux file.
Run the following command instead to import the key:
gpg --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
$ curl -O -s https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
Print the key fingerprint:
$ gpg --with-subkey-fingerprints RPM-GPG-KEY-AlmaLinux
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096 2021-01-12 [C] [expires: 2024-01-12]
5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8
uid AlmaLinux <[email protected]>
sub rsa3072 2021-01-12 [S] [expires: 2024-01-12]
The fingerprint is 5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8. If you see a
different fingerprint, it means you downloaded a compromised file. Please,
let us know a mirror from which you
downloaded the file, remove the file and retry the download from another
mirror.
Next you need to import the key:
$ gpg --import RPM-GPG-KEY-AlmaLinux
gpg: key 488FCF7C3ABB34F8: public key "AlmaLinux <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
# Download and verify the image
Download checksum file and its signature first:
$ curl -O -s https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/CHECKSUM
$ curl -O -s https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/CHECKSUM.asc
Verify the checksum file signature:
$ gpg --verify CHECKSUM.asc CHECKSUM
gpg: Signature made Sat 12 Nov 00:13:38 CET
gpg: using RSA key E53CF5EF91CEB0AD1812ECB851D6647EC21AD6EA
gpg: Good signature from "AlmaLinux <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5E9B 8F56 17B5 066C E920 57C3 488F CF7C 3ABB 34F8
Subkey fingerprint: E53C F5EF 91CE B0AD 1812 ECB8 51D6 647E C21A D6EA
Make sure that you see the Good signature from "AlmaLinux <[email protected]>"
message in the output.
Download the latest image version:
$ curl -O -s https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-latest.x86_64.qcow2
and verify its checksum:
$ sha256sum -c CHECKSUM 2>&1 | grep OK
AlmaLinux-8-GenericCloud-latest.x86_64.qcow2: OK
If the output is different, you should download the image again. Trying another mirror may be a good idea.
# Verify AlmaLinux 9 images
# Import the AlmaLinux OS PGP public key
In order to verify a downloaded image you need to import the AlmaLinux OS PGP public key first.
TIP
If you are using an AlmaLinux OS-powered system, you may skip the command
below because you already have the key stored in the /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 file.
Run the following command instead to import the key:
gpg --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
$ curl -O -s https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-9
Print the key fingerprint:
$ gpg --with-subkey-fingerprints RPM-GPG-KEY-AlmaLinux-9
pub rsa4096 2022-01-18 [SC]
BF18AC2876178908D6E71267D36CB86CB86B3716
uid AlmaLinux OS 9 <[email protected]>
sub rsa4096 2022-01-18 [E]
The fingerprint is BF18AC2876178908D6E71267D36CB86CB86B3716. If you see a
different fingerprint, it means you downloaded a compromised file. Please,
let us know a mirror from which you
downloaded the file, remove the file and retry the download from another
mirror.
Next you need to import the key:
$ gpg --import RPM-GPG-KEY-AlmaLinux-9
gpg: key D36CB86CB86B3716: public key "AlmaLinux <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
# Download and verify the AlmaLinux 9 image
Download checksum file and its signature first:
$ curl -O -s https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/CHECKSUM
$ curl -O -s https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/CHECKSUM.asc
Verify the checksum file signature:
$ gpg --verify CHECKSUM.asc CHECKSUM
gpg: Signature made Fri 18 Nov 2022 04:19:01 AM CET
gpg: using RSA key BF18AC2876178908D6E71267D36CB86CB86B3716
gpg: Good signature from "AlmaLinux OS 9 <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BF18 AC28 7617 8908 D6E7 1267 D36C B86C B86B 3716
Make sure that you see the Good signature from "AlmaLinux <[email protected]>"
message in the output.
Download the latest image version:
$ curl -O -s https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-latest.x86_64.qcow2
and verify its checksum:
$ sha256sum -c CHECKSUM 2>&1 | grep OK
AlmaLinux-9-GenericCloud-latest.x86_64.qcow2: OK
If the output is different, you should download the image again. Trying another mirror may be a good idea.