Re: xorriso and the "-md5 on" option
On Sat 21 Dec 2019 at 23:21:35 +0100, Thomas Schmitt wrote:
> Hi,
>
> > I am extracting files from a Debian ISO as follows:
> > xorriso -osirrox on -md5 on -indev debian-10.2.0-i386-DVD-10.iso -extract pool/main test/
> > Will the files in test/ have the same md5sum as the ones in the ISO?
>
> The first problem with this wish is that Debian ISOs are not created with MD5
> checksums on libisofs level. So xorriso cannot check the ISO and its data file
> contents for alterations.
>
> The overall integrity of an ISO can be verified by its lines in the various
> *SUMS files which accompany the ISO images in their download directories.
> The integrity of *SUMS can be verified by the *SUMS.sign files.
> For an example see
> https://wiki.debian.org/JigdoOnLive#Verify_the_Debian_Live_download
>
> If debian-10.2.0-i386-DVD-10.iso passes this verification and your disk
> hardware is healthy, then you can trust on getting extracted undamaged files.
This will do me.
> Nevertheless, since you are downloading a pool of .deb files, you may verify
> them by Debian's means after extraction.
> Others here will surely have proposals how to verify a whole pool tree.
I can get the MD5sum for each file in the ISO and for each extracted
file. I suppose it is a matter of meaningfully comaparing both lists.
> > What will the output show if there is a problem with extraction?
>
> If it went bad on a DVD then you will probably see messages about SCSI
> read errors.
> If you read from an image file with damaged data file content but with
> plausible meta data, then you might see no complaint at all.
>
> ------------------------------------------------------------------------
>
> The second problem is that xorriso verifies its MD5 checksums only while
> the files are still in the ISO image. A verification after extraction is not
> yet possible. But it seems to be a useful feature.
>
> So for now you would verify the files in the ISO by e.g.
>
> xorriso -md5 on -indev "$the_iso" \
> -check_md5_r sorry / -- \
> | tee /tmp/report_of_mismatched_files
This gives me:
xorriso : NOTE : Loading ISO image tree from LBA 0
xorriso : UPDATE : 10164 nodes read in 1 seconds
xorriso : NOTE : Detected El-Torito boot information which currently is set to be discarded
Drive current: -indev 'debian-10.2.0-i386-DVD-1.iso'
Media current: stdio file, overwriteable
Media status : is written , is appendable
Boot record : El Torito , MBR isohybrid cyl-align-on GPT APM
Media summary: 1 session, 1939608 data blocks, 3788m data, 1603m free
Volume id : 'Debian 10.2.0 i386 1'
Not a single file with MD5 checksum was found. (There is no MD5 checksum array loaded.)
and a file with the line
Not a single file with MD5 checksum was found. (There is no MD5 checksum array loaded.)
> You may list checksums and file paths in the ISO by
>
> xorriso -md5 on -indev "$the_iso" -find / -exec get_md5 -- >/tmp/md5sums
The output is an empty file.
xorriso : NOTE : Loading ISO image tree from LBA 0
xorriso : UPDATE : 10164 nodes read in 1 seconds
xorriso : NOTE : Detected El-Torito boot information which currently is set to be discarded
Drive current: -indev 'debian-10.2.0-i386-DVD-1.iso'
Media current: stdio file, overwriteable
Media status : is written , is appendable
Boot record : El Torito , MBR isohybrid cyl-align-on GPT APM
Media summary: 1 session, 1939608 data blocks, 3788m data, 1603m free
Volume id : 'Debian 10.2.0 i386 1'
If it is of consquence, the ISO was made by jigdo.
--
Brian.
Reply to: