This README file accompanies six other files:
   PKGS_OS10-Enterprise-10.5.2.8.380stretch-installer-x86_64.bin
   PKGS_OS10-Enterprise-10.5.2.8.380stretch-installer-x86_64.bin.gpg
   PKGS_OS10-Enterprise-10.5.2.8.380stretch-installer-x86_64.bin.sha256
   PKGS_OS10-Enterprise-10.5.2.8.380stretch-installer-x86_64.bin.sha256.base64
   PKGS_OS10-Enterprise-10.5.2.8.380stretch-installer-x86_64.bin.sig
   DellOS10.cert.pem

The '.bin' file is the actual installer.
The '.bin.gpg', '.bin.sha256', and '.bin.sig' files may be used to verify the installer.
The '.sha256.base64' and DellOS10.cert.pem files are used internally for content validation.

You can verify that the installer you have downloaded is complete and correct
by the following methods:


To verify using the .gpg file:
Run this command:
      gpg --verify \
         PKGS_OS10-Enterprise-10.5.2.8.380stretch-installer-x86_64.bin.gpg \
         PKGS_OS10-Enterprise-10.5.2.8.380stretch-installer-x86_64.bin 
   that must report the following:
gpg: Signature made Mon 18 Oct 2021 07:38:27 PM PDT using RSA key ID 47CB9029
gpg: Good signature from "DellEMC OS10 Networking Signing Key <gpg.NW@dell.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8AFD 006B D6B7 363B 67F6  7608 58DF 862A D836 AEA3
     Subkey fingerprint: D70B 3F7B 1079 EF11 EE32  5B84 1F76 F5F0 47CB 9029

   It is possible that you would get a response like the following:
gpg: Signature made Fri 26 Jul 2019 09:10:29 AM PDT using RSA key ID 47CB9029
gpg: Can't check signature: public key not found
   In that case you can add the required public key using the command
      gpg  --keyserver  keyserver.ubuntu.com  --recv-keys  47CB9029

   That will report output similar to this:
gpg: requesting key A9FCCB65 from hkp server keyserver.ubuntu.com
gpg: key D836AEA3: public key "DellEMC OS10 Networking Signing Key <gpg.NW@dell.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

   You can then rerun the verify command.

   If the .bin file is somehow incorrect, you will see a message like the following:
gpg: Signature made Mon 18 Oct 2021 07:38:27 PM PDT using RSA key ID 47CB9029
gpg: BAD signature from "DellEMC OS10 Networking Signing Key <gpg.NW@dell.com>"


To verify the installer using the .sig file:
   openssl x509 -pubkey -in DellOS10.cert.pem -outform pem -noout > DellOS10.cert.key
   openssl dgst -sha256 -verify DellOS10.cert.key \
      -signature BINFILE_HERE.sig \
      BINFILE_HERE

If command reports a BAD signature, you should not use it.
Instead, download the .tar file again and start over.