On Wed, Mar 16, 2011 at 10:54 AM, Steve McIntyre <[email protected]> wrote: > With reference to > http://lists.debian.org/debian-cd/2011/03/msg00071.html, I've written > something up.
Thanks for doing this, Steve. It serves my purposes well enough, but I think adding some step-by-step directions for less-technical users would be helpful, too. To that end, I'm attaching a reasonable first pass at those directions in both HAML and HTML formats. Feel free to include them in the new web page if you find them useful, or use them as a starting point for some alternative procedure. You might also look at the Ubuntu Howto at https://help.ubuntu.com/community/HowToMD5SUM. It's obviously Ubuntu-specific, but it's available under a CC license if you think it might offer a better starting point. This issue is important to me, so please let me know if I can help further.
Verifying a Debian ISO Image with GPG
In order to verify the official Squeeze ISO images, you should perform the following steps.
-
Install GNU Privacy Guard if it's not already installed on your
system.
dpkg -l gnupg || sudo aptitude install gnupg -
Retrieve the Debian CD signing key from the Debian keyserver.
gpg --keyserver keyring.debian.org --recv-keys 6294BE9B -
Verify the key fingerprint.
gpg --fingerprint 6294BE9B | fgrep 'DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B' -
If you have a Debian or Ubuntu system with the debian-keyring
package installed, you may also verify that the key has been
signed by official Debian developers.
gpg --keyring /usr/share/keyrings/debian-keyring.gpg -kvv 6294BE9B -
Verify the detached signatures against either the MD5 or SHA1
checksums.
-
gpg --verify MD5SUMS.sign MD5SUMS -
gpg --verify SHA1SUMS.sign SHA1SUMS
-
-
Verify the ISO image using either of the checksum files. Because
the checksum files contain data for all ISOs, you may safely
ignore messages such as
"FAILED open or read"
or
"No such file or directory."
-
md5sum --check MD5SUMS 2>&- | egrep 'OK$' -
sha1sum --check SHA1SUMS 2>&- | egrep 'OK$'
-
debian_iso_verify.haml
Description: Binary data
