Re: (2nd try) Add extra page at /CD/verify.html

To: Steve McIntyre <steve@einval.com>
Cc: debian-cd@lists.debian.org
Subject: Re: (2nd try) Add extra page at /CD/verify.html
From: "Todd A. Jacobs" <codegnome.consulting+debian@gmail.com>
Date: Wed, 16 Mar 2011 15:41:42 -0700
Message-id: <[🔎] AANLkTinw3S59Y=HCtNYEu0kiFXFXRSyr=o2s4An_sp7y@mail.gmail.com>
In-reply-to: <[🔎] 20110316175439.GG17267@einval.com>
References: <[🔎] 20110316175439.GG17267@einval.com>

On Wed, Mar 16, 2011 at 10:54 AM, Steve McIntyre <steve@einval.com> wrote:
> With reference to
> http://lists.debian.org/debian-cd/2011/03/msg00071.html, I've written
> something up.

Thanks for doing this, Steve. It serves my purposes well enough, but I
think adding some step-by-step directions for less-technical users
would be helpful, too.

To that end, I'm attaching a reasonable first pass at those directions
in both HAML and HTML formats. Feel free to include them in the new
web page if you find them useful, or use them as a starting point for
some alternative procedure.

You might also look at the Ubuntu Howto at
https://help.ubuntu.com/community/HowToMD5SUM. It's obviously
Ubuntu-specific, but it's available under a CC license if you think it
might offer a better starting point.

This issue is important to me, so please let me know if I can help further.

Verifying a Debian ISO Image with GPG

In order to verify the official Squeeze ISO images, you should perform the following steps.

Install GNU Privacy Guard if it's not already installed on your system.
dpkg -l gnupg || sudo aptitude install gnupg
Retrieve the Debian CD signing key from the Debian keyserver.
gpg --keyserver keyring.debian.org --recv-keys 6294BE9B
Verify the key fingerprint.
gpg --fingerprint 6294BE9B | fgrep 'DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B'
If you have a Debian or Ubuntu system with the debian-keyring package installed, you may also verify that the key has been signed by official Debian developers.
gpg --keyring /usr/share/keyrings/debian-keyring.gpg -kvv 6294BE9B
Verify the detached signatures against either the MD5 or SHA1 checksums.
- gpg --verify MD5SUMS.sign MD5SUMS
- gpg --verify SHA1SUMS.sign SHA1SUMS
Verify the ISO image using either of the checksum files. Because the checksum files contain data for all ISOs, you may safely ignore messages such as "FAILED open or read" or "No such file or directory."
- md5sum --check MD5SUMS 2>&- | egrep 'OK$'
- sha1sum --check SHA1SUMS 2>&- | egrep 'OK$'

Attachment: debian_iso_verify.haml
Description: Binary data

Reply to:

Follow-Ups:
- Re: (2nd try) Add extra page at /CD/verify.html
  - From: "Todd A. Jacobs" <codegnome.consulting+debian@gmail.com>

References:
- (2nd try) Add extra page at /CD/verify.html
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Excel Avançado (Versão 2007)
Next by Date: Re: (2nd try) Add extra page at /CD/verify.html
Previous by thread: Re: (2nd try) Add extra page at /CD/verify.html
Next by thread: Re: (2nd try) Add extra page at /CD/verify.html
Index(es):
- Date
- Thread