OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :

<< Re: Official OpenBSD 6.1 CD - There's only One! | Up: Re: Official OpenBSD 6.1 CD - There's only One! | Flattened | Expanded | Re: Official OpenBSD 6.1 CD - There's only One! >>

Threshold: Help

  Re: Official OpenBSD 6.1 CD - There's only One! (mod -1/7)
by Antonio Gandara ( on Wed May 17 14:51:30 2017 (GMT)
  > > > Congratz on security no one can afford. Not having a hard-copy means the data can be altered without any real verification. While it may seem like paranoia, it is actually about guarantees, and the future has very little for you.
> >
> > While I actually did enjoy the physical copies as it came with artwork and instructions which was cool up until OpenBSD 6.0. OpenBSD does provide hash keys to verify the integrity of the ISO files you download when you make your media for OpenBSD 6.1. That is what I did when I burned the OpenBSD 6.1 AMD64 iso to a DVD.
> >
> >
> Please describe how you know that these hash keys are the correct ones, and that the ISO files are the correct ones. It is possible to have a MITM with modified copies if someone cares enough to spend the money/effort to do that. While you may think such a thing could never happen, perhaps the future will determine otherwise.

Do you read the OpenBSD documentation? One thing I have learned from using BSD UNIX is that the projects always expect you to read the documentation before asking questions. The below text is straight out of the INSTALL.amd64 file which is provided with OpenBSD 6.1. Below it lists the SHA256 and SHA256.sig which contain the hash values to verify install61.iso I downloaded.

INSTALL.amd64 Installation notes; this file.

SHA256 Output of the cksum(1) program using the option
-a sha256, usable for verification of the
correctness of downloaded files.

SHA256.sig The above file, signed with the OpenBSD signing key
for the 6.1 release, usable for verification of the
integrity of the above file, and thus of the
downloaded files.

miniroot61.fs A miniroot filesystem image to be used if you
for some reason can't or don't want to use the
ramdisk installation method.
It can be copied to a small USB key to start the install.

floppy61.fs The standard amd64 boot and installation floppy;
see below.

pxeboot amd64-specific second-stage PXE bootstrap (for
network installs); see below.

*.tgz amd64 binary distribution sets; see below.

bsd A stock GENERIC amd64 kernel which will be
installed on your system during the install. A stock GENERIC.MP amd64 kernel, with support for
multiprocessor machines, which can be used instead
of the GENERIC kernel after the install.

bsd.rd A compressed RAMDISK kernel; the embedded
filesystem contains the installation tools.
Used for simple installation from a pre-existing

install61.iso The amd64 boot and installation CD-ROM image,
which contains the base and X sets, so that install
or upgrade can be done without network connectivity.

install61.fs A boot and installation image which contains
the base and X sets. An install or upgrade can be
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]