Hello,
I am a beginner and i would like to switch to debian from linux mint.
I know that since i am a beginner i should use other os, like windows or ubuntu, but i am tired of having privacy issue, advertising every where and of having a system that decide automatically when to update, reboot or other issues.
Unfortunately as a beginner to me is very difficult to follow the intructions to verify debian iso, please could you help me with this, explaining step by step how to proceed?
Thank you so much, any help is appreciated.
Theese are the files i downloaded:
debian-12.7.0-amd64-DVD-1
SHA256SUMS.sign
SHA256SUMS
SHA512SUMS.sign
SHA512SUMS
[Software] How to verify debian iso image for beginners
-
Diesel330
- Posts: 198
- Joined: 2021-11-08 19:57
- Location: Eastern Europe
- Has thanked: 39 times
- Been thanked: 25 times
Re: [Software] How to verify debian iso image for beginners
This is not the appropriate method that you ask for, is just what I did when I moved to Debian, just use the torrents:
https://cdimage.debian.org/debian-cd/cu ... bt-hybrid/
Torrents guarantee the integrity of the file
As a suggestion, get the Cinnamon one
https://cdimage.debian.org/debian-cd/cu ... bt-hybrid/
Torrents guarantee the integrity of the file
As a suggestion, get the Cinnamon one
-
strapicarus
- Posts: 46
- Joined: 2022-07-20 17:55
- Has thanked: 6 times
- Been thanked: 6 times
Re: [Software] How to verify debian iso image for beginners
Hi,
https://forums.debian.net/viewtopic.php?t=159622
https://forums.debian.net/viewtopic.php?t=159622
https://wiki.debian.org/VerifyISOImageBefore importing the key:Code: Select all
$> gpg --verify /tmp/SHA512SUMS.sign /tmp/SHA256SUMS gpg: Signature made Sat Feb 10 21:13:13 2024 CET gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: Can't check signature: No public key
The checksum files SHA256SUMS and SHA512SUMS in the directories with the ISO images like the one for amd64 netinst can be verified by help of the PGP signature files SHA256SUMS.sign and SHA512SUMS.sign by e.g. these two commandsCode: Select all
gpg --keyserver keyring.debian.org --recv-keys DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg --with-fingerprint --verify SHA512SUMS.sign SHA512SUMS
Re: [Software] How to verify debian iso image for beginners
Code: Select all
apt install debian-keyringCode: Select all
gpg --no-default-keyring --keyring /usr/share/keyrings/debian-role-keys.gpg --verify SHA512SUMS.signThen check the hash of the image:
Code: Select all
sha512sum -c --ignore-missing SHA512SUMS
Re: [Software] How to verify debian iso image for beginners
Thank you everybody for the help, I will definitely use Diesel330 solution as soon as i resign to my gaps..
Meanwhile I am tring to use the "gpg method" I really want to see that "good signature" appears on my screen.
I am currently using linux mint debian edition 6.
I have placed all files in the same folder inside /Documents/folder in wich i have:
- .iso
- sha256/512.sign
- sha256/512.txt
I launched the terminal from that folder and paste this command:
gpg --verify SHA512SUMS.sign
but an error is saing:
gpg: no signed data
gpg: can't hash data file: No data
Would should i do?
Thank you..
Meanwhile I am tring to use the "gpg method" I really want to see that "good signature" appears on my screen.
I am currently using linux mint debian edition 6.
I have placed all files in the same folder inside /Documents/folder in wich i have:
- .iso
- sha256/512.sign
- sha256/512.txt
I launched the terminal from that folder and paste this command:
gpg --verify SHA512SUMS.sign
but an error is saing:
gpg: no signed data
gpg: can't hash data file: No data
Would should i do?
Thank you..
Re: [Software] How to verify debian iso image for beginners
Is it definitely the SHA512SUMS.sign or do you have SHA256SUMS.sign in that directory (either is fine, but the command should match whether it is 512 or 256).
Re: [Software] How to verify debian iso image for beginners
Thank you Diesel330, since I am sure I will come back to this post in the future im writing the steps i made:Diesel330 wrote: 2024-09-27 21:11 This is not the appropriate method that you ask for, is just what I did when I moved to Debian, just use the torrents:
https://cdimage.debian.org/debian-cd/cu ... bt-hybrid/
Torrents guarantee the integrity of the file
As a suggestion, get the Cinnamon one
1)I have downloaded the torrent link and all the 256 and 512 .sign file and .text from:
https://cdimage.debian.org/debian-cd/cu ... bt-hybrid/
2) Linux mint debian edition(the os I am currently using) has a built in torrent downloader so i can freely download the iso
3) I have placed all the file in the same folder inside /Documents having the followings:
debian-live-12.7.0-amd64-cinnamon.iso
SHA256SUMS
SHA256SUMS.sign
SHA256SUMS
SHA256SUMS.sign
4) I have launched the terminal from inside this folder and i followed None1975 tutorial, writing:
gpg --verify SHA512SUMS.sign
This command gave me this response:
gpg: assuming signed data in 'SHA512SUMS'
gpg: Signature made Sun 01 Sep 2024: 12:01:24 AM CEST
gpg: using RSA key (example: ASDAI2710283)
gpg: Good Signature from "Debian CD signing key <debian-cd@list.debian.ord>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: THere is no indication that the signature belongs to the owner.
Primary key fingerptiny: (example: ASDA I271 0283)
5) Then i folllowed the tutorial till the end (i will re-edit my post to write all the steps)
-
moreoronce
- Posts: 1
- Joined: 2024-10-07 12:33