Re: How to verify install iso?

To: debian-user@lists.debian.org
Subject: Re: How to verify install iso?
From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
Date: Fri, 13 Dec 2013 12:27:19 +1100
Message-id: <[🔎] 52AA6277.8080104@gmail.com>
In-reply-to: <[🔎] 1386896344.688.74.camel@archlinux>
References: <[🔎] 1386896344.688.74.camel@archlinux>

On 13/12/13 11:59, Ralf Mardorf wrote:
> How can I verify that the debian-7.2.0-i386-netinst.iso is ok?

Aside from the methods exhaustively detailed in the links I've provided
- you can also use the installer to self-check.
e.g. with debian-7.2.0-i386-netinst.iso:-
Advanced options -> Expert install -> Check the CD-ROM(s) intergrity

> 
> http://www.debian.org/CD/verify.en.html
> http://www.debian.org/CD/verify.de.html
> 
> I neither understand the English nor the German explanation.

I'm guessing you should read the FAQ (link is top-right of that page
[*2]) if that's over your head.

> 
> Regards,
> Ralf
> 
> 

Readers Digest version:-

Paragraph 1: Debian CDs are digitally signed so you can check for
corruptions and to prove they are baked by Debian.

Paragraph 2: To check the signature use an appropriate tool. "md5sum",
"sha1sums", or "sha512sums".[*1]

Paragraph 3: Check the appropriate signature.Here's a list of keys that
have been used, the same ones are in the debian keyring package.

List of keys

Last paragraph: Official "role" keys have gradually replaced the use of
personal keys belonging to developers. However, a decision was made not
to go back and re-sign all the old releases that were already signed
using the older keys. [dunno what all that means]

Kind regards

[*1]
http://en.wikipedia.org/wiki/Secure_Hash_Algorithm
http://en.wikipedia.org/wiki/SHA-2
http://people.debian.org/~danchev/debian-iso/check_debian_iso

[*2]
http://www.debian.org/CD/faq/#verify

[*3]
http://www.debian.org/releases/
"Integrity of the data in the releases

Data integrity is granted by a digitally signed Release file. To ensure
that all files in the release belong to it, MD5 checksums of all
Packages files are copied into the Release file.

Digital signatures for this file are stored in the file Release.gpg,
using the current version of the archive signing key. For "stable" and
"oldstable" an additional signature is generated using an offline key
specifically generated for a release by a member of the Stable Release
Team."

Reply to:

Follow-Ups:
- Re: How to verify install iso?
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

References:
- How to verify install iso?
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

Prev by Date: Re: How to verify install iso?
Next by Date: Re: How to verify install iso?
Previous by thread: Re: How to verify install iso?
Next by thread: Re: How to verify install iso?
Index(es):
- Date
- Thread