On Fri, Dec 09, 2022 at 07:19:32AM +0100, Andreas Ehlert wrote: > hello openbsd folks, > > thanks a lot for your os. > i have an issue for your interest. > > the install image install72.img have an failure. > the installation routine can not find the sha256.sig > file to check the base files with checksum. > > i take a look on the usb stick and i found the sha256 > under 7.2/amd64 but not sha256.sig > > the installation is only possible without verification of the base files. > > i think this is a security issue for a fresh 7.2 installation. > > when i make a wish. i wish peace, love and unity for the human race and a > installation routine with checksum verification of the base files. > > best regards and thanks a lot, > andreas ehlert > > -- > Andreas Ehlert | Neue Promenade 29 | 15377 Buckow | Tel.: 015773834625 | > eMail: evl...@web.de
This is answered in the FAQ, on the download page. https://www.openbsd.org/faq/faq4.html#Download > The install72.iso and install72.img images do not contain an SHA256.sig > file, so the installer will complain that it can't check the signature > of the included sets: > > Directory does not contain SHA256.sig. Continue without verification? [no] > > This is because it would make no sense for the installer to verify them. > If someone were to make a rogue installation image, they could certainly > change the installer to say the files were legitimate. If the image's > signature has been verified beforehand, it is safe to answer "yes" at > that prompt.
