Dan Peretz <[email protected]> wrote: > Hello, the FAQ states this: > "The installXX.iso and installXX.fs images do not contain an > SHA256.sig file, so the installer will complain that it can't check > the signature of the included sets [...] This is because it would make > no sense for the installer to verify them. If someone were to make a > rogue installation image, they could certainly change the installer to > say the files were legitimate."
the FAQ is wrong. Those images don't contain signatures because my build & sign procedure does not have a way to sign something, then continue building, then sign the result. > Although that's true for intentional modifications, it would still be > useful to have the installation medium perform a self integrity check > against accidental or natural data corruption. For example, Ubuntu > recently enabled a by-default integrity check, starting with release > 20.04: > "Ubuntu now defaults to checking the integrity of the medium in use > when booting into live sessions. This can be skipped by hitting > Ctrl-C. We’ve enabled this because failed installs due to corrupt > downloads of installation media is one of the most common error > conditions that users encounter." (Source: > <https://ubuntu.com/blog/whats-new-in-ubuntu-desktop-20-04-lts>) > I would like to have OpenBSD include at least an unsigned SHA256 file > in the discs. If you looked, you would see there is an unsigned SHA256 file. > The installer would then detect that the checksums are > unsigned and warn about the security implications, but it would let > the user run the check. It already uses the SHA256 file to determine which files to install, this is done, but a hash is not a cryptographic signature, so the warning issued is accurate. > I think it would be wise to make it check the > bsd.rd image that's actually booted when booting from the disc, and > not just the bsd.rd file set. (I get that the OpenBSD installer is > just a multipurpose "bsd.rd" RAM disk that can be found not just in > the installation discs, right?) Huh. What you are asking for cannot be done. And obviously a bogus image would declare that it isn't bogus.
