# AlmaLinux OS Generic Cloud (cloud-init) image
The Generic Cloud image is a general purpose virtual machine image that contains the cloud-init (opens new window) package. During boot, cloud-init will take configuration options from cloud metadata and initialize a system accordingly. This may include network configuration, user's SSH key pair installation, attaching storage devices, etc.
# Download and verification
The AlmaLinux OS Generic Cloud image is available from our mirrors (opens new window) and from the main AlmaLinux OS repositories:
arm64/aarch64 (opens new window)
# Import the AlmaLinux OS PGP public key
In order to verify a downloaded image you need to import the AlmaLinux OS PGP public key first.
If you are using an AlmaLinux OS-powered system, you may skip the command
below because you already have the key stored in the
/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
file. Otherwise, download the key:
$ curl -s https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux -o RPM-GPG-KEY-AlmaLinux
Print the key fingerprint:
$ gpg --with-subkey-fingerprints RPM-GPG-KEY-AlmaLinux
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096 2021-01-12 [C] [expires: 2024-01-12]
5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8
uid AlmaLinux <[email protected]>
sub rsa3072 2021-01-12 [S] [expires: 2024-01-12]
The fingerprint is 5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8
. If you see a
different fingerprint, it means you downloaded a compromised file. Please,
let us know a mirror from which you
downloaded the file, remove the file and retry the download from another
mirror.
Next you need to import the key:
$ gpg --import RPM-GPG-KEY-AlmaLinux
gpg: key 488FCF7C3ABB34F8: public key "AlmaLinux <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
# Download and verify the image
Download checksum file and its signature first:
$ curl -s https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/CHECKSUM -o CHECKSUM
$ curl -s https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/CHECKSUM.asc -o CHECKSUM.asc
Verify the checksum file signature:
$ gpg --verify CHECKSUM.asc CHECKSUM
gpg: Signature made Thu 17 Jun 2021 10:50:03 AM UTC
gpg: using RSA key 51D6647EC21AD6EA
gpg: Good signature from "AlmaLinux <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5E9B 8F56 17B5 066C E920 57C3 488F CF7C 3ABB 34F8
Subkey fingerprint: E53C F5EF 91CE B0AD 1812 ECB8 51D6 647E C21A D6EA
Make sure that you see the Good signature from "AlmaLinux <[email protected]>"
message in the output.
Download the latest image version:
$ curl -s https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-latest.x86_64.qcow2 \
-o AlmaLinux-8-GenericCloud-latest.x86_64.qcow2
and verify its checksum:
$ sha256sum -c CHECKSUM 2>&1 | grep OK
AlmaLinux-8-GenericCloud-latest.x86_64.qcow2: OK
If the output is different, you should download the image again. Trying another mirror may be a good idea.