@advocatux Thank you very much, that is what I looked for. I haven't found it by myself, thank you.
Best posts made by jobus
-
RE: Are there signatures or checksums for the installer programs available?
Latest posts made by jobus
-
RE: Are there signatures or checksums for the installer programs available?
@advocatux
I have one more question to the manual download procedure of an ubuntuphone image.The download script does already check the integrity of the downloaded files, that's fine.
But I would like to check the authenticity of the download and I fail at the end
with the last key id.For the most files signature files are provided. They were generated by the pgp key of
UBports System Image Image Signing key system-image@ubports.comThis first key (inside a keyring) comes with a signature generated by the pgp key of
1 Image Master key me@mariogrip.comThis second key (inside a keyring) is signed by the pgp key belonging
to the key id
1A30C7D6585E9E81I cannot find this key; I suppose it is published in a similar manner
like e.g. debian distro maintainers proceed.And finally, for http://cdimage.ubports.com/devices/recovery-vegetahd.img
i could not find any pgp signature file.Perhaps, you could give me a hint again?
-
RE: Are there signatures or checksums for the installer programs available?
@advocatux Thank you very much, that is what I looked for. I haven't found it by myself, thank you.
-
RE: Are there signatures or checksums for the installer programs available?
@advocatux Thank you for answer ! Yes, I asked for the installer software.
I followed your link and I have seen, there are a lot of different packages more. I guessed, the image would come with the installer, but now I think, the installer is a pure installer and collects the packages to install.
I don't anything about the installation procedure:
My first assumption: I have to check only the integrity/authenticity of the installer and the installer does guarantee the integrity/authenticity of the installed packages.
My second assumption: The installer does not guarantee the integrity/authenticity of the installed packages. So I would have to know which packages the installer installs and to do that job manually. -
Are there signatures or checksums for the installer programs available?
And if they are published, where can I find them ?
Probably a boring question, but I haven't found anything about that topic in the forum.
Thank you for teaching me.