On 11/21/09, Theo de Raadt <dera...@cvs.openbsd.org> wrote: >> I'm installing -current from snapshots, from time to time. I use to >> download the .iso file then burn it and check the files on cdrom >> against SHA256 file downloaded together with .iso. >> >> Since some time, the x*.tgz are reported as FAILED in this check. I >> send another email to the list, I got one answer but I'm not able yet >> to get the idea. So, I ask again, is still this SHA256 used for _all_ >> files or it is just for non x* files in snapshots? Should I use it to >> check the files snaphots or not ? Because if I don;t have this check, >> how could I be sure about files integrity after download and even >> after burning ? > > The SHA256's of the sets build just before bsd.rd are encoded directly > into the bsd.rd. > > This is no PKI. It means the bsd.rd can only validate the sets that > were built at the same time. If time passes, the bsd.rd will not recognize > the next set of files. > > We cannot even promise that the SHA256 file in the directory matches what > the bsd.rd file knows. The ftp servers are not atomic. >
Pardon me, but I think I was omitted some details I wrote them in the past post. I just go to ftp.openbsd.org and download .iso file and SHA256 file. Having them both in the same directory I just run a 'cksum -a sha256 -c SHA256'. I'm interested only in .iso file integrity, so this must report OK , the other checks are FAILED ( file not found). Using cdio I burn a cdrom , mount it and then run inside i386 directory the same command 'cksum -a sha256 -c SHA256', SHA256 being the file I mentioned first - the one downloaded with the .iso file, from the same ftp directory. That's how I get FAILED for x*.tgz files. Now, you said something about bsd.rd, I think this is only if I install using the ftp method. Actually, I'm using the previous burned cdrom. Im familiar just with simple CRC chceck theory, but if SHA256 stuff has something to do with the kernel version I run, it may be out of my understanding then. If this is so, can someone suggest a method to check the correct download of .iso file and the files burned on the cdrom, in that order, please. many thanks.
