So what can you do if the installurl file dose not mach the mirror site that you downloaded the iso from. In my case I download it from New York however I have Sonic which is San Francisco.
On Feb 22, 2018 7:36 AM, "Marcus MERIGHI" <mcmer-open...@tor.at> wrote: > t...@equalit.ie (tomr), 2018.02.22 (Thu) 12:35 (CET): > > On 02/21/18 04:39, Kevin Chadwick wrote: > > > On Tue, 20 Feb 2018 19:23:05 +0200 > > > > > > > > >> Isn't the same true when I download file sets from any mirror? After > > >> all I download SHA256.sig abd file sets from mirror, how can I trust > > >> it? > > > > > > I am not a developer but my take is that they do not want to tell you > it > > > is verified if you have been given a CD etc.. Anything could have been > > > booted and tell you it is verified. > > > > > > You can verify the .iso manually and you can use e.g. isomaster to add > > > sha256.sig to the CD in which case it will verify them. I have used > > > this in the past as a scratched rw seemingly fails sooner on verify > than > > > reading and also won't try to upgrade. > > > > > > If you have already manually verified bsd.rd and booted from that as I > > > and I guess most developers do most often when upgrading then you do > > > want it to tell you the http retrieval verified. > > > > > > I guess it was the simplest way considering installer size > > > constraints/battles to avoid misinforming the user. > > > > > > > I have a little snapshot upgrade script which: > > > > - downloads snapshots/amd64/SHA256.sig from a mirror > > - compares that against my latest local copy, exits if they are the same > > (ie no new snapshot) > > - TODO: grabs SHA256.sig from ftp.openbsd.org and compares, exits if the > > mirror is not in sync > > - downloads snapshots/amd64/installXX.fs from the mirror > > - verifies installXX.fs with signify > > - vnd mounts installXX.fs and copies the files to where I expect them > > for upgrade > > - copies the (now verified) SHA256.sig into place > > - copies the latest bsd.rd to / so I can boot from it > > - informs me that a new snapshot is ready to install > > > > It's not cron'ed, I just run it when I feel like maybe upgrading. > > > > Somewhere on the todo list is to figure out how to build a custom bsd.rd > > containing auto_upgrade.conf so that it's more or less automatic (works > > great for local VMs, but I don't always control the upstream DHCP server > > and anyway iwm firmware isn't ready at that point in the installer). > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Information for inst:upobsd-0.0.20180106 > > Comment: > download, verify and patch bsd.rd image > > Description: > upobsd is a ksh(1) script designed to download, verify and optionally patch > bsd.rd image. > > upobsd will download bsd.rd image using ftp(1) from mirror defined in > installurl(5), will verify the downloaded file using signify(1) and local > key > inside /etc/signify to ensure integrity, and optionally patch the image for > adding auto_install.conf or auto_upgrade.conf file to add support of > offline > autoinstall(8). > > Maintainer: Sebastien Marie <sema...@online.fr> > > WWW: https://bitbucket.org/semarie/upobsd > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Marcus > >