Bug#975331: Installation guide: No instructions for verifying image integrity after download

To: 975331@bugs.debian.org
Cc: xloem <0xloem@gmail.com>
Subject: Bug#975331: Installation guide: No instructions for verifying image integrity after download
From: Holger Wansing <hwansing@mailbox.org>
Date: Fri, 27 Nov 2020 18:56:52 +0100
Message-id: <[🔎] 20201127185652.a031a0726559818f689cff01@mailbox.org>
Reply-to: Holger Wansing <hwansing@mailbox.org>, 975331@bugs.debian.org
In-reply-to: <[🔎] 20201120213049.2acc4de6178d7c1c72281122@mailbox.org>
References: <160588548577.17793.16902533206261488611.reportbug@localhost.localdomain> <160588548577.17793.16902533206261488611.reportbug@localhost.localdomain> <[🔎] 20201120213049.2acc4de6178d7c1c72281122@mailbox.org> <160588548577.17793.16902533206261488611.reportbug@localhost.localdomain>

Hi,

Holger Wansing <hwansing@mailbox.org> wrote: 
> xloem <0xloem@gmail.com> wrote:
> > It is important to provide a reasonable way to verify the integrity of
> > installation media.
> 
> I have prepared a patch, to add a small chapter on this topic to the guide
> (and correct a misleading phrase in chapter 4.2).

I have overworked the patch a bit, mainly to include "BD images" link only for 
archs which have Bluray images.
Attached.

Any objections/comments?


Holger


-- 
Holger Wansing <hwansing@mailbox.org>
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

>From ba5fd20b78c562e4475b84f9bdaada48428649dd Mon Sep 17 00:00:00 2001
From: Holger Wansing <hwansing@mailbox.org>
Date: Sun, 22 Nov 2020 12:08:09 +0100
Subject: [PATCH] Add chapter about verifying integrity of installation images

---
 build/arch-options/amd64                 |  2 +-
 build/arch-options/i386                  |  2 +-
 build/templates/docstruct.ent            |  1 +
 en/install-methods/downloading-files.xml |  4 +-
 en/install-methods/install-methods.xml   |  1 +
 en/install-methods/verifying-files.xml   | 70 ++++++++++++++++++++++++
 6 files changed, 76 insertions(+), 4 deletions(-)
 create mode 100644 en/install-methods/verifying-files.xml

diff --git a/build/arch-options/amd64 b/build/arch-options/amd64
index 69ee45057..b3b81f95e 100644
--- a/build/arch-options/amd64
+++ b/build/arch-options/amd64
@@ -21,7 +21,7 @@ fdisk="fdisk.txt;cfdisk.txt"
 network="supports-tftp;supports-bootp;supports-nfsroot"
 boot="bootable-disk;bootable-usb;isohybrid-supported;manual-usb-prep-supported"
 frontend="newt;gtk"
-other="supports-wireless;supports-pcmcia;supports-serial-console"
+other="supports-wireless;supports-pcmcia;supports-serial-console;has-bd-iso"
 smp="smp-alternatives"
 goodies="supports-lang-chooser"
 
diff --git a/build/arch-options/i386 b/build/arch-options/i386
index 4024917ae..f1df4898e 100644
--- a/build/arch-options/i386
+++ b/build/arch-options/i386
@@ -21,7 +21,7 @@ fdisk="fdisk.txt;cfdisk.txt"
 network="supports-tftp;supports-bootp;supports-nfsroot"
 boot="bootable-disk;bootable-usb;isohybrid-supported;manual-usb-prep-supported"
 frontend="newt;gtk"
-other="supports-wireless;supports-pcmcia;supports-serial-console"
+other="supports-wireless;supports-pcmcia;supports-serial-console;has-bd-iso"
 smp="smp-alternatives"
 goodies="supports-lang-chooser"
 
diff --git a/build/templates/docstruct.ent b/build/templates/docstruct.ent
index 112c7881b..dd3e8d273 100644
--- a/build/templates/docstruct.ent
+++ b/build/templates/docstruct.ent
@@ -71,6 +71,7 @@
    <!ENTITY tftp-bootp.xml        SYSTEM "##SRCPATH##/install-methods/tftp/bootp.xml">
    <!ENTITY tftp-dhcp.xml         SYSTEM "##SRCPATH##/install-methods//tftp/dhcp.xml">
   <!ENTITY automatic-install.xml    SYSTEM "##SRCPATH##/install-methods/automatic-install.xml">
+  <!ENTITY verifying-files.xml    SYSTEM "##SRCPATH##/install-methods/verifying-files.xml">
 
 
  <!ENTITY boot-installer.xml      SYSTEM "##SRCPATH##/boot-installer/boot-installer.xml">
diff --git a/en/install-methods/downloading-files.xml b/en/install-methods/downloading-files.xml
index ad67f8f16..5ecd45eca 100644
--- a/en/install-methods/downloading-files.xml
+++ b/en/install-methods/downloading-files.xml
@@ -12,10 +12,10 @@ To find the nearest (and thus probably the fastest) mirror, see the
 </para>
 
   <sect2 id="where-files">
-  <title>Where to Find Installation Images</title>
+  <title>Where to Find Installation Files</title>
 
 <para>
-The installation images are located on each &debian; mirror in the directory
+Various installation files can be found on each &debian; mirror in the directory
 <ulink url="&url-debian-installer;images">debian/dists/&releasename;/main/installer-&architecture;/current/images/</ulink>
 &mdash; the <ulink url="&url-debian-installer;images/MANIFEST">MANIFEST</ulink>
 lists each image and its purpose.
diff --git a/en/install-methods/install-methods.xml b/en/install-methods/install-methods.xml
index 5b4710eac..e387fcb3e 100644
--- a/en/install-methods/install-methods.xml
+++ b/en/install-methods/install-methods.xml
@@ -10,5 +10,6 @@
 &boot-drive-files.xml;
 &install-tftp.xml;
 &automatic-install.xml;
+&verifying-files.xml;
 
 </chapter>
diff --git a/en/install-methods/verifying-files.xml b/en/install-methods/verifying-files.xml
new file mode 100644
index 000000000..1eda90734
--- /dev/null
+++ b/en/install-methods/verifying-files.xml
@@ -0,0 +1,70 @@
+<!-- retain these comments for translator revision tracking -->
+<!-- $Id$ -->
+
+ <sect1 id="verifying-files">
+ <title>Verifying the integrity of installation files</title>
+
+<para>
+
+You can verify the integrity of downloaded files against checksums
+provided in <filename>SHA256SUMS</filename> or <filename>SHA512SUMS</filename>
+files on Debian mirrors, in the same places where you find the installation images
+itself.
+Look at the following locations:
+
+</para>
+
+<itemizedlist>
+<listitem><para>
+
+<ulink url="https://cdimage.debian.org/debian-cd/current/&architecture;/iso-cd/";>checksum
+files for CD images</ulink>,
+
+</para></listitem>
+<listitem><para>
+
+<ulink url="https://cdimage.debian.org/debian-cd/current/&architecture;/iso-dvd/";>checksum
+files for DVD images</ulink>,
+
+</para></listitem>
+<listitem condition="has-bd-iso"><para>
+
+<ulink url="https://cdimage.debian.org/debian-cd/current/&architecture;/iso-bd/";>checksum
+files for BD images</ulink>,
+
+</para></listitem>
+<listitem><para>
+
+<ulink url="http://http.us.debian.org/debian/dists/&releasename;/main/installer-&architecture;/current/images/";>checksum
+files for other installation files</ulink>.
+
+</para></listitem>
+</itemizedlist>
+
+<para>
+
+To compute the checksum of a downloaded installation file, use
+
+<informalexample><screen>
+sha256sum filename.iso
+</screen></informalexample>
+
+respective
+
+<informalexample><screen>
+sha512sum filename.iso
+</screen></informalexample>
+
+and then compare the shown checksum against the corresponding one in the
+<filename>SHA256SUMS</filename> or <filename>SHA512SUMS</filename> file.
+
+</para><para>
+
+The <ulink url="&url-debian-cd-faq;">Debian CD FAQ</ulink> has
+<ulink url="https://www.debian.org/CD/faq/index.en.html#verify";>more useful information</ulink>
+on this topic (such as the script <filename>check_debian_iso</filename>, to semi-automate
+above procedure).
+
+
+</para>
+
+ </sect1>
-- 
2.20.1

Reply to:

References:
- Bug#975331: release-notes: Installation guide: No instructions for verifying image integrity after download
  - From: Holger Wansing <hwansing@mailbox.org>

Prev by Date: Bug#805305: tasksel: Please consider adding GNOME Flashback as a desktop choice
Next by Date: Bug#976112: Overwriting with random data message truncated
Previous by thread: Processed: Re: Bug#975331: release-notes: Installation guide: No instructions for verifying image integrity after download
Next by thread: choose-mirror_2.99+deb10u2_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread