So what can you do if the installurl file dose not mach  the mirror site
that you downloaded the iso from. In my case I download it from New York
however I have Sonic which is San Francisco.

On Feb 22, 2018 7:36 AM, "Marcus MERIGHI" <mcmer-open...@tor.at> wrote:

> t...@equalit.ie (tomr), 2018.02.22 (Thu) 12:35 (CET):
> > On 02/21/18 04:39, Kevin Chadwick wrote:
> > > On Tue, 20 Feb 2018 19:23:05 +0200
> > >
> > >
> > >> Isn't the same true when I download file sets from any mirror? After
> > >> all I download SHA256.sig abd file sets from mirror, how can I trust
> > >> it?
> > >
> > > I am not a developer but my take is that they do not want to tell you
> it
> > > is verified if you have been given a CD etc.. Anything could have been
> > > booted and tell you it is verified.
> > >
> > > You can verify the .iso manually and you can use e.g. isomaster to add
> > > sha256.sig to the CD in which case it will verify them. I have used
> > > this in the past as a scratched rw seemingly fails sooner on verify
> than
> > > reading and also won't try to upgrade.
> > >
> > > If you have already manually verified bsd.rd and booted from that as I
> > > and I guess most developers do most often when upgrading then you do
> > > want it to tell you the http retrieval verified.
> > >
> > > I guess it was the simplest way considering installer size
> > > constraints/battles to avoid misinforming the user.
> > >
> >
> > I have a little snapshot upgrade script which:
> >
> > - downloads snapshots/amd64/SHA256.sig from a mirror
> > - compares that against my latest local copy, exits if they are the same
> > (ie no new snapshot)
> > - TODO: grabs SHA256.sig from ftp.openbsd.org and compares, exits if the
> >  mirror is not in sync
> > - downloads snapshots/amd64/installXX.fs from the mirror
> > - verifies installXX.fs with signify
> > - vnd mounts installXX.fs and copies the files to where I expect them
> > for upgrade
> > - copies the (now verified) SHA256.sig into place
> > - copies the latest bsd.rd to / so I can boot from it
> > - informs me that a new snapshot is ready to install
> >
> > It's not cron'ed, I just run it when I feel like maybe upgrading.
> >
> > Somewhere on the todo list is to figure out how to build a custom bsd.rd
> > containing auto_upgrade.conf so that it's more or less automatic (works
> > great for local VMs, but I don't always control the upstream DHCP server
> > and anyway iwm firmware isn't ready at that point in the installer).
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Information for inst:upobsd-0.0.20180106
>
> Comment:
> download, verify and patch bsd.rd image
>
> Description:
> upobsd is a ksh(1) script designed to download, verify and optionally patch
> bsd.rd image.
>
> upobsd will download bsd.rd image using ftp(1) from mirror defined in
> installurl(5), will verify the downloaded file using signify(1) and local
> key
> inside /etc/signify to ensure integrity, and optionally patch the image for
> adding auto_install.conf or auto_upgrade.conf file to add support of
> offline
> autoinstall(8).
>
> Maintainer: Sebastien Marie <sema...@online.fr>
>
> WWW: https://bitbucket.org/semarie/upobsd
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Marcus
>
>

Reply via email to