Jump to content

What are the proper steps to validating my armbian download?


qrty

Recommended Posts

orangepiplus2e; debian 10, buster;

 

I tried the following, but it did not work:

https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-authenticity

 

If you won't help me figure out why it is not working, can you tell me what the 'correct' sha256sum is for my download?

 

https://dl.armbian.com/orangepiplus2e/Debian_buster_next_desktop.7z

Link to comment
Share on other sites

7z x Debian_buster_next_desktop.7z

You need to verify the image which is inside this 7z file. This is the content:

Armbian_5.93_Orangepiplus2e_Debian_buster_next_4.19.64_desktop.img
Armbian_5.93_Orangepiplus2e_Debian_buster_next_4.19.64_desktop.img.asc
sha256sum.sha

 

3 hours ago, qrty said:

can you tell me what the 'correct' sha256sum is for my download?


Is now obvious which SHA to use?

Link to comment
Share on other sites

HI Igor.

 

I already know that the sha to use is the one that comes with the download. The problem is getting the one from the website to compare it against.

 

What is this for: 7z x Debian_buster_next_desktop.7z ??

 

Thanks.

 

Link to comment
Share on other sites

22 minutes ago, qrty said:

What is this: 7z x Debian_buster_next_desktop.7z ??


It's a command to unpack .7z file on (Debian based) Linux (apt-get install gnupg p7zip) as written here: 
https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-authenticity

and
https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-integrity

Just read closely. There is written how to do that on Windows and MAC.

 

22 minutes ago, qrty said:

The problem is getting the one from the website to compare it against.


You don't need to check compressed file. You have to check IMAGE authenticity -> .img file with the SHA or you can verify PGP signature of that file.

Link to comment
Share on other sites

6 minutes ago, Igor said:


It's a command to unpack .7z file on (Debian based) Linux (apt-get install gnupg p7zip) as written here: 
https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-authenticity

and
https://docs.armbian.com/User-Guide_Getting-Started/#how-to-check-download-integrity

Just read closely. There is written how to do that on Windows and MAC.

Thanks. I have no problem unpacking the download. The problem is getting started for authenticity. The command does not work, though someone stated that the 1st gpg is not correct on the site (link provided), that it is missing "Ox" at the end of it. I will try it now.

 

For the 2nd gpg command, "gpg --verify Armbian_5.18_Armada_Debian_jessie_3.10.94.img.asc", am I suppose to use this exactly as written or insert my debian name?

 

Link to comment
Share on other sites

Command:

gpg --keyserver ha.pool.sks-keyservers.net --recv-key DF00FAF1C577104B50BF1D0093D6889F9F0E78D5

Response:

gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: key 93D6889F9F0E78D5: 2 signatures not checked due to missing keys
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 93D6889F9F0E78D5: public key "Igor Pecovnik <igor@armbian.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

Command:

gpg --verify Armbian_5.93_Orangepiplus2e_Debian_buster_next_4.19.64_desktop.img.asc

Response:

gpg: assuming signed data in 'Armbian_5.93_Orangepiplus2e_Debian_buster_next_4.19.64_desktop.img'
gpg: Signature made Mon 05 Aug 2019 06:40:03 PM CEST
gpg:                using RSA key DF00FAF1C577104B50BF1D0093D6889F9F0E78D5
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Good signature from "Igor Pecovnik <igor@armbian.com>" [ultimate]
gpg:                 aka "Igor Pecovnik (Ljubljana, Slovenia) <igor.pecovnik@gmail.com>" [ultimate]


 

Link to comment
Share on other sites

Is this the correct output? (you posted this)

 

gpg: keybox '/root/.gnupg/pubring.kbx' created gpg: key 93D6889F9F0E78D5: 2 signatures not checked due to missing keys gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 93D6889F9F0E78D5: public key "Igor Pecovnik <igor@armbian.com>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines