[Software] where can a download a legit copy of debian 11

[workaholic]

where can a download a legit copy of Debian 11
i downloaded a torrent off of Qbittorrent but i don't trust it
i am looking for the official website

[sunrat]

That was easy to find with a quick web search - https://cdimage.debian.org/cdimage/archive/
If you already have a downloaded image file, which should be either 11.9.0 DVD1 or 11.9.0 live, or a netinstall, just download the matching checksum image to see if it is the same as the official release.
You can check if the checksum matches by putting the file, say SHA256SUMS, in the same directory as the image file and run:

Code: Select all

sha256sum -c SHA256SUMS

The checksums file contains checksums for all the image files so say you are checking DVD1 it will show OK for that one if checksum is correct, and "no file found" or something for all the others. If checksum matches you have the official image.

[Uptorn]

To expand on what sunrat shared, since you already have the Debian 11 installation iso, simply verifying that it is untampered with by running a checksum you can ascertain that it is indeed safe. You don't need to trust the download source at all, in this case.

Code: Select all

sha512sum -c --ignore-missing SHA512SUMS

The --ignore-missing switch will have sha512sum skip hashes for iso files that you haven't downloaded, providing a clean and simple readout. sha512/sha256 interchangeable depending on the hash sums file you have available.

Further, we probably want a degree of trust that the signer of the hash sums file is indeed one of the Debian signing keys.

Code: Select all

gpg --no-default-keyring --keyring /usr/share/keyrings/debian-role-keys.gpg --verify SHA512SUMS.sign

Make sure the key fingerprint matches one of the fingerprints posted up at Verifying authenticity of Debian images.