armvsdeb 0 Posted January 13 Share Posted January 13 (edited) I like armbian-debian but don't like that i can only do the checksum for the 'img.xz' and not the actual image. Once i extract the .img from the img.xz, i don't see how i can check the actual .img since there is no checksum for it; even though it is very difficult for malware to get on the .img, it is possible. I realize that if the .img.xz's checksum is good, then the .img image is good. But once I expose the .img to my computer, if there is malware unknowingly present, then the .img could become infected and I have no way to check it. My orangepiplus2e is 32-bit. Thanks Edited January 14 by _r9 32-bit 0 Quote Link to post Share on other sites
Werner 331 Posted January 13 Share Posted January 13 8 minutes ago, armvsdeb said: Once i extract Then simply don't? The recommended and supported tools for writing the image to a microSD card can be fed with the compressed image and write it directly. 0 Quote Link to post Share on other sites
Igor 2160 Posted January 13 Share Posted January 13 35 minutes ago, armvsdeb said: But once I expose the .img to my computer, if there is malware unknowingly present, then the .img could become infected and I have no way to check it. Since when its Armbian problem if your computer is infected by malware? 1 Quote Link to post Share on other sites
armvsdeb 0 Posted January 15 Author Share Posted January 15 Well, certainly true, but given that everyone's computer might have malware on it, unknowingly, having the checksum for the actual image allows you to check the checksum before and after converting the .img to an actual OS. Good point! 0 Quote Link to post Share on other sites
Heisath 62 Posted January 15 Share Posted January 15 Is it just me, or did we have the exact same question a few weeks/month ago already? EDIT: Found it! 1 Quote Link to post Share on other sites
arox 32 Posted January 15 Share Posted January 15 If you don't trust the machine you used for decompressing image, then use the newly installed machine to download and decompress another time after install and make a diff with the used image - unless you think the compress or diff binary may have been altered to fool you ... You might also think that the checksum utility or the installer have been altered on the installation machine and on decompressed image ... Then, you should install an install machine from scratch (source compile) after visually checking each file and not connect it to any network ... Security is important, but we all tend to alternate between lazy and crazy approach. When I installed X25 (wide area packet network) for the first time on a DEC machine more than 30 years ago, I realized that I offered access to 50 millions of french Minitel users to my systems thru phone network with the automatically configured PAD option (character mode access) and in reverse charge, with the well known privileged accounts used by maintenance (field/service, systest/uetp) which nobody ever changed or recommended to change ! Of course, it was a long time ago and nobody could ever imagine it could already exist **maintenance** access on the Internet box you use for DHCP or DNS on your LAN ... I use my box just as a modem behind a firewall and so I trust my installation machine. 0 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.