Seeking a way to do a checksum for img and not for img.xz

Recommended Posts

I like armbian-debian but don't like that i can only do the checksum for the 'img.xz' and not the actual image. Once i extract the .img from the img.xz, i don't see how i can check the actual .img since there is no checksum for it; even though it is very difficult for malware to get on the .img, it is possible.  I realize that if the .img.xz's checksum is good, then the .img image is good. But once I expose the .img to my computer, if there is malware unknowingly present, then the .img could become infected and I have no way to check it. 


My orangepiplus2e is 32-bit. 



Edited by _r9
Link to post
Share on other sites
Armbian is a community driven open source project. Do you like to contribute your code?

  • _r9 changed the title to Seeking a way to do a checksum for img and not for img.xz

If you don't trust the machine you used for decompressing image, then use the newly installed machine to download and decompress another time after install and make a diff with the used image - unless you think the compress or diff binary may have been altered to fool you ...


You might also think that the checksum utility or the installer have been altered on the installation machine and on decompressed image ... Then, you should install an install machine from scratch (source compile) after visually checking each file and not connect it to any network ...


Security is important, but we all tend to alternate between lazy and crazy approach. When I installed X25 (wide area packet network) for the first time on a DEC machine more than 30 years ago, I realized that I offered access to 50 millions of french Minitel users to my systems thru phone network with the automatically configured PAD option (character mode access) and in reverse charge, with the well known privileged accounts used by maintenance (field/service, systest/uetp) which nobody ever changed or recommended to change !


Of course, it was a long time ago and nobody could ever imagine it could already exist **maintenance** access on the Internet box you use for DHCP or DNS on your LAN ... I use my box just as a modem behind a firewall and so I trust my installation machine.


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.