Installation media signatures?
Evilham
contact at evilham.com
Sat Aug 22 10:11:43 UTC 2020
On dv., ag. 21 2020, 6E7368 via freebsd-questions wrote:
> I was about to flash the rpi3 12.1-RELEASE img to an SD card,
> but I couldn't find any signatures to verify it against. Am I
> missing something, or are users supposed to install unverified
> images? Checksums without a signature are not an assurance
> against tampering.
>
> I didn't find what I was looking for in the handbook or with
> Google, and I thought I'd ask here instead of bugging the
> security mailing list.
Hey, the web announcement has a URL to its signed counterpart:
https://www.freebsd.org/releases/12.1R/announce.html
https://www.freebsd.org/releases/12.1R/announce.asc
Since the announcement has all the checksums, you'd have to verify
the announcement's signature, then the file's checksum against it.
The Handbook has more info about the project's PGP keys:
https://www.freebsd.org/doc/handbook/pgpkeys.html
Cheers,
--
Evilham
More information about the freebsd-questions
mailing list