0
qrty

What are the proper steps to validating my armbian download?

Recommended Posts

orangepiplus2e; debian 10, buster;

 

I tried the following, but it did not work:

https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-authenticity

 

If you won't help me figure out why it is not working, can you tell me what the 'correct' sha256sum is for my download?

 

https://dl.armbian.com/orangepiplus2e/Debian_buster_next_desktop.7z

Share this post


Link to post
Share on other sites
7z x Debian_buster_next_desktop.7z

You need to verify the image which is inside this 7z file. This is the content:

Armbian_5.93_Orangepiplus2e_Debian_buster_next_4.19.64_desktop.img
Armbian_5.93_Orangepiplus2e_Debian_buster_next_4.19.64_desktop.img.asc
sha256sum.sha

 

3 hours ago, qrty said:

can you tell me what the 'correct' sha256sum is for my download?


Is now obvious which SHA to use?

Share this post


Link to post
Share on other sites

HI Igor.

 

I already know that the sha to use is the one that comes with the download. The problem is getting the one from the website to compare it against.

 

What is this for: 7z x Debian_buster_next_desktop.7z ??

 

Thanks.

 

Share this post


Link to post
Share on other sites
22 minutes ago, qrty said:

What is this: 7z x Debian_buster_next_desktop.7z ??


It's a command to unpack .7z file on (Debian based) Linux (apt-get install gnupg p7zip) as written here: 
https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-authenticity

and
https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-integrity

Just read closely. There is written how to do that on Windows and MAC.

 

22 minutes ago, qrty said:

The problem is getting the one from the website to compare it against.


You don't need to check compressed file. You have to check IMAGE authenticity -> .img file with the SHA or you can verify PGP signature of that file.

Share this post


Link to post
Share on other sites
6 minutes ago, Igor said:


It's a command to unpack .7z file on (Debian based) Linux (apt-get install gnupg p7zip) as written here: 
https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-authenticity

and
https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-integrity

Just read closely. There is written how to do that on Windows and MAC.

Thanks. I have no problem unpacking the download. The problem is getting started for authenticity. The command does not work, though someone stated that the 1st gpg is not correct on the site (link provided), that it is missing "Ox" at the end of it. I will try it now.

 

For the 2nd gpg command, "gpg --verify Armbian_5.18_Armada_Debian_jessie_3.10.94.img.asc", am I suppose to use this exactly as written or insert my debian name?

 

Share this post


Link to post
Share on other sites

Command:

gpg --keyserver ha.pool.sks-keyservers.net --recv-key DF00FAF1C577104B50BF1D0093D6889F9F0E78D5

Response:

gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: key 93D6889F9F0E78D5: 2 signatures not checked due to missing keys
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 93D6889F9F0E78D5: public key "Igor Pecovnik <igor@armbian.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

Command:

gpg --verify Armbian_5.93_Orangepiplus2e_Debian_buster_next_4.19.64_desktop.img.asc

Response:

gpg: assuming signed data in 'Armbian_5.93_Orangepiplus2e_Debian_buster_next_4.19.64_desktop.img'
gpg: Signature made Mon 05 Aug 2019 06:40:03 PM CEST
gpg:                using RSA key DF00FAF1C577104B50BF1D0093D6889F9F0E78D5
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Good signature from "Igor Pecovnik <igor@armbian.com>" [ultimate]
gpg:                 aka "Igor Pecovnik (Ljubljana, Slovenia) <igor.pecovnik@gmail.com>" [ultimate]


 

Share this post


Link to post
Share on other sites

Is this the correct output? (you posted this)

 

gpg: keybox '/root/.gnupg/pubring.kbx' created gpg: key 93D6889F9F0E78D5: 2 signatures not checked due to missing keys gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 93D6889F9F0E78D5: public key "Igor Pecovnik <igor@armbian.com>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
0