Re: Patch for the CD FAQ
Here goes my third version of the patch aiming to address the verification of
burnt optical media, as well as the downloaded iso images. Thanks to taffit for
the feedback given on #debian-www irc channel.
The -diff from previous version is:
* the whole entry is now renamed to: "How can I verify the downloaded ISO
images and burnt optical media"
* more exhaustive and user-friendly explanations, as well as examples.
* fix my erroneous wml code.
I also thought of splitting the entry in two, 'ISO images' vs. 'optical
media', but the common portion dominates the specifics, so I think it is more
logical to keep them into one single entry instead of duplicating text in
 attached is an improved version: verify-faq.3.diff.
pub 4096R/0E4BD0AB <people.fccf.net/danchev/key pgp.mit.edu>
RCS file: /cvs/webwml/webwml/english/CD/faq/index.wml,v
retrieving revision 1.101
diff -u -r1.101 index.wml
--- index.wml 14 Dec 2011 16:49:30 -0000 1.101
+++ index.wml 18 Dec 2011 10:51:04 -0000
@@ -433,24 +433,85 @@
-<toc-add-entry name="verify">How can I verify that the downloaded
-CD images are correct?</toc-add-entry>
+<toc-add-entry name="verify">How can I verify the downloaded
+ISO images and burnt optical media?</toc-add-entry>
-Detailed information is available on the <a
-href="../verify">authenticity verification page</a>.
+<p>Detailed information how to authenticate the signed checksum files
+containing the checksums of the ISO image files is available on the
+<a href="../verify">authenticity verification page</a>. After having
+the checksum files cryptographically verified, we can check that:
-<p>An <tt>md5sum</tt> program for Windows systems is available
-as part of the <a href="http://www.cygwin.com">Cygwin suite</a>
-(install the <q>coreutils</q> package), or you may be able to find standalone
-binaries compiled for <a href="http://www.mingw.org/">MinGW</a>.</p>
-<p>If you want to check many CD image files or burned CDs easily
-on Unix/Linux systems, the
+ <li>Checksums of the <em>downloaded ISO image files</em>
+ match the corresponding checksums found in the checksum files.
+ The checksum computation of an ISO image files is performed by
+ checksum tools like <q>md5sum</q>, <q>sha1sums</q>, <q>sha512sums</q>.
+ <li>Checksums of an already <em>written optical media</em>
+ match corresponding checksums found in the checksum files. In
+ contrast to the above, this is a slightly more demanding operation.
+<p>The problem with the verification of the written optical media is,
+that some of them will possibly deliver more bytes than those found in
+the ISO image. The trailing garbage is impossible to avoid with CD
+written in TAO mode, incremental recorded DVD-R[W], formatted DVD-RW,
+DVD+RW, BD-RE, and also with USB keys. Therefore we need to read exactly
+that many sectors of bytes from the media as they are found in the ISO
+image itself, since reading any more bytes from the media would alter
+the checksum result.</p>
+ <li>The <q>isosize</q> program can be used to find out the appropriate
+ amount of bytes to be read from the optical media. It shows the
+ <q>sector count</q> and the <q>sector size</q> from the optical media,
+ where <q><device></q> is the device file of the loaded optical media.
+ <br/><tt>$ /sbin/isosize -x <device></tt>
+ <br/><tt>sector count: 25600, sector size: 2048
+ <li>Then <q>sector count</q> and <q>sector size</q> are passed to <q>dd</q>
+ to read the appropriate amount of bytes from the optical media and the byte
+ stream is then piped to the appropriate checksum tool (md5sum, sha1sum, etc).
+ <br/><tt>$ dd if=<device> count=<sector count> bs=<sector size> | sha1sum
+ <li>The computed checksum is to be compared against the corresponding checksum found
+ in the appropriate checksum file (MD5SUMS, SHA1SUMS, etc).
+<p>Alternatively, there is an exhaustive, but easy to use, script called
+check_debian_iso</a> which can verify <em>ISO image files</em> and
+<em>optical media</em> reading the appropriate amount of bytes from it,
+then computing the checksum and comparing it against the corresponding
+checksum found in a checksum file.</p>
+ <li><em>ISO image file verification.</em>
+ This will compare the checksum of the debian-6.0.3-amd64-netinst.iso
+ image file against the corresponding checksum found in the MD5SUMS
+ checksum file.
+ <br/><tt>$ ./check_debian_iso MD5SUMS debian-6.0.3-amd64-netinst.iso</tt>
+ <li><em>Optical media verification.</em>
+ This will compare the checksum of the media accessible as /dev/dvd against the
+ checksum of debian-6.0.3-amd64-DVD-1.iso as found in the MD5SUMS
+ checksum file. Note that the ISO image file itself is not needed,
+ its name is merely used to find out the corresponding checksum from
+ the checksum file.
+ <br/><tt>$ ./check_debian_iso MD5SUMS debian-6.0.3-amd64-DVD-1.iso /dev/dvd</tt>
+#<p>If you want to check many CD image files or burned CDs easily
+#on Unix/Linux systems, the
-script can be a great help.</p>
+#script can be a great help.</p>