Hi, Franco Martelli wrote: > What you wrote in that section it's so searched/wanted by newcomers that > it's a pity that it's published as a section into "XorrisoDdTarget".
Actually it is not the first time that i felt the urge to describe the SHA and PGP verification: https://wiki.debian.org/JigdoOnLive#Verify_the_Debian_Live_download > consider to move that to a new wiki page with a title that > sounds like: "Verify authenticity of a Debian downloaded ISO image". I'm not against that idea. You could even get a wiki account https://wiki.debian.org/DebianWiki/EditorQuickStart#Account and do it on your own. But i think there are some issues to address: - How to generally advertise this page ? - How to name it ? - How to address all the stuff which is in https://www.debian.org/CD/faq/#verify and to which i pointed only briefly ? I think it is not good to send readers around in the web. Much better i'd like it all in one text (wearing my noob hat). So wouldn't it be better to start a petition at debian-cd mailing list for an augmented https://www.debian.org/CD/faq/#verify ? To my mind comes: - Mention "USB keys" already in the section title. - Replace "Detailed information ... authenticity verification page." by the last part of my new section: "PGP verification ...". (The current authenticity verification page is unsuitable for noobs.) - Add an example like $ grep -F debian-12.7.0-amd64-netinst.iso SHA512SUMS | sha512sum -c - debian-12.7.0-amd64-netinst.iso: OK $ to "Checksums of the downloaded ... "sha256sum"." (We don't want to show deprecated "fgrep" to noobs. Of course i continue to use it at home.) - Add a new section about /md5sum.txt of the ISO. "How to find the altered files in case of no match" Derived from my text "If the verification attempt yields a non-matching checksum ... - Augment " $ dd if=<device> count=<sector count> bs=<sector size> | sha512sum * The computed checksum is to be compared ... SHA256SUMS, etc)." By an example how to compare the computed checksum with the one in the SHA512SUMS file. I currently can only propose $ grep -F $(dd if=/dev/sdc count=323072 bs=2048 2>/dev/null | \ sha512sum | awk '{print $1}') SHA512SUMS \ || echo "NO MATCH !" which would yield e0bd9ba03084a6fd42413b425a2d20e3731678a31fe5fb2cc84f79332129afca2ad4ec897b4224d6a833afaf28a5d938b0fe5d680983182944162c6825b135ce debian-12.7.0-amd64-netinst.iso or NO MATCH ! But the command and the positive answer are quite ugly. (I could get "OK. MATCH." by "if ... then ... else ... fi" which would be a nice script but an extra ugly command line.) Ideas for a more elegant way would be appreciated. - Change "Optical media verification." to "Optical media and USB key verification." Have a nice day :) Thomas
