sha256-signing-troublecall

Hi support,

I am trying to follow the directions found on Caution-https://dcar.dsop.io/repomap/redhat/ubi/ubi7 < Caution-https://dcar.dsop.io/repomap/redhat/ubi/ubi7 > regarding downloading and verifying the signature of the ‘1443 Run’ of the redhat/ubi/ubi7 tar file containing the ubi7 stig’d image. However, it is not clear what the supplied sha256 digest is actually referring to nor can I find that digest for the downloaded tar file or the image contained within.

Is this a good email to send such a question to? If not, can a better support email be suggested? Regardless, can someone describe more precisely how to validate a/the tarball digest that can be downloaded from the above page?

Thanks in advance,

Sandy Currier

p.s. the gpg public key verify step (via the above page) complains that the key is not certified with a trusted signature. Given the mismatches, am sending email to get a better understanding of digest verification before running images. Thanks.