Verifying the donwload

Started by foxint, October 10, 2022, 10:30:10 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
October 10, 2022, 10:30:10 AM
Hi guys - I am pbvious stupid, but I cannot understand any of the instructions as to verify the download.

I am on PC, I want to use a USB and but OPNSense on another PC. I have downloaded:
OPNsense-22.7-OpenSSL-vga-amd64.img.bz2 SHA256

But I cannot understand how to verify. Everyone tends to gloss over this part or is using a VM or Mac or something that just confuses me.

Sorry for the stupid question.
October 10, 2022, 11:09:21 AM #1
https://docs.opnsense.org/manual/install.html
Hi. It's not obvious to unix or linux users, even mac ones. As the manual states, the openssl tool (command line) is used. Openssl is installed on most *nixes by default, so the verification step is easy. If you're using windows, there might be a way to do it. Dunno.
October 10, 2022, 10:05:06 PM #2
Hi Cookie monster.

Thank you. I also read again the link.

But I did not understand it.

Is there a step-by-step (with pictures) walk through for dummies???

I find many of the videos and instructions leave out the obvious and I do not know what I do not know. Like to remove gear box, taken engine out.... well how?

Anyone???
October 10, 2022, 10:40:57 PM #3
Just download the files and follow the instruction on that page. Example with my last downloads I had for 21.7 (since then they've been in-place upgrades):
penguin@pluto:~/Downloads$ ls -alh {*.sig,*.img.bz2}
-rw-rw-r-- 1 penguin penguin 424M Aug  3  2021 OPNsense-21.7-OpenSSL-serial-amd64.img.bz2
-rw-rw-r-- 1 penguin penguin  695 Aug  3  2021 OPNsense-21.7-OpenSSL-serial-amd64.img.bz2.sig
-rw-rw-r-- 1 penguin penguin  695 Aug  3  2021 OPNsense-21.7.pub.sig

penguin@pluto:~/Downloads$ openssl base64 -d -in OPNsense-21.7-OpenSSL-serial-amd64.img.bz2.sig -out /tmp/image.sig

penguin@pluto:~/Downloads$ openssl dgst -sha256 -verify OPNsense-21.7.pub -signature /tmp/image.sig OPNsense-21.7-OpenSSL-serial-amd64.img.bz2
Verified OK

This is on my laptop I'm typing this from, where I made the downloads and after this verification, used the image to create a bootable usb stick.
October 10, 2022, 10:57:40 PM #4
Thank you.

https://opnsense.org/download/     I can only find one (1) file - OPNsense-22.7-OpenSSL-vga-amd64.img.bz2

Where do I get the other files and how many do I get?

Sorry....but all the instructions seem to miss this step. I watched more videos and I am still not getting it.
October 10, 2022, 11:19:12 PM #5
In the announcements page of this forum. Remember only main releases have them. That means look for the announcement for version 22.7 and not 22.7.1 as an example.
https://forum.opnsense.org/index.php?topic=29507.0
There will be on the page a few links to mirrors close to your location.
The manual page lists the four files needed and the steps.
October 10, 2022, 11:48:43 PM #6
Hi ....

There are 12 files. When I click on the first one I get 4 lines. What do I do? How do I save the files and which ones do I save.

This is very complex. All the videos just say do this, do this BAM and it works. But it does not work for me.
???
October 11, 2022, 12:12:55 AM #7
Hi

I went to https://mirror.wdc1.us.leaseweb.net/opnsense/releases/22.7/ and I double clicked on all 12 files and they have downloaded.

What is next?
October 11, 2022, 12:17:07 AM #8 Last Edit: October 11, 2022, 12:19:54 AM by pmhausen
You need to use the command line. And you need to have the OpenSSL command line tools available. How to do that on Windows I don't know. They are by default available on every Unix/Linux system including the Mac.

Possibly there's a different way on Windows. The 4 line text files contain cryptographic checksums of the various images that are available for download. What you need is a too, to compute that checksum for the image you donwloaded and then compare that result to what is in the text file. Maybe there is a Ui tool for Windows to do that.

Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 11, 2022, 12:27:12 AM #9
Thank you for the information. I have no idea what you are asking/saying.

I am on Windows 10. I have watched a lot of videos and they all lack something. I thought I would start at the very beginning, with verifying the file.... but I am totally lost.

As most of the world is on windows, why is it so hard to use the programme on windows. I even searched for the very specific topic Verifying the OPNSense files. But nothing.

I have all 12 files downloaded. Does anyone with Windows knows what to do. There was a video about Windows Powershell, but the command lines did not work for me.

I know this is free...but surely there are windows people out there???
October 11, 2022, 07:13:53 AM #10
Of you downloaded e.g. the file
Code Select
OPNsense-22.7-OpenSSL-vga-amd64.img.bz2
then in powershell change to the directory containing the file and enter this command
Code Select
Get-Filehash OPNsense-22.7-OpenSSL-vga-amd64.img.bz2 -Algorithm SHA256

Then compare the result with the checksum published here:
https://forum.opnsense.org/index.php?topic=29507.0

which should be
Code Select
2537f37247d98e27634c34cdf23f30f95d0ed00ac0af01c2d9675580a790f8fb

If both checksums match, you are good.

HTH,
Patrick

P.S. I just entered "windows 10 compute sha256 checksum" into google to find that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 11, 2022, 07:35:27 AM #11 Last Edit: October 11, 2022, 07:42:30 AM by foxint
hi Patrick

Thank you.

I got it to work.

It is similar - but mine has lower-case letters:

2537F37247D98E27634C34CDF23F30F95D0ED00AC0AF01C2D9675580A790F8FB
2537f37247d98e27634c34cdf23f30f95d0ed00ac0af01c2d9675580a790f8fb

Were did you get the thing to compare it??
October 11, 2022, 07:49:00 AM #12
Upper/lower case are meaningless. It's a hexadecimal number.
So the two numbers are identical. Your download is good.

What do you mean by "thing to compare it"? I use my eyes ;)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 11, 2022, 08:09:54 AM #13
hi Patrick

Thank you. Always a steep learning curve.

I downloaded 12 files and note sure if any were:

2537f37247d98e27634c34cdf23f30f95d0ed00ac0af01c2d9675580a790f8fb

So I was wondering were you got all these numbers/letters.

October 11, 2022, 08:59:32 AM #14 Last Edit: October 11, 2022, 09:08:02 AM by pmhausen
You need exactly one file. The image you want to install. The checksums for all different images (DVD, VGA, serial, ...) are all listed on the release notes page that I already linked:
https://forum.opnsense.org/index.php?topic=29507.0

Bottom of the initial post:
Code Select
SHA256 (OPNsense-22.7-OpenSSL-dvd-amd64.iso.bz2) = 9345057e993cd55dfa5280beefd33f1dc2243681defff3c5f11b84fa2c7910f8
SHA256 (OPNsense-22.7-OpenSSL-nano-amd64.img.bz2) = 061ea4ca261bcd8397ae1a4acf2fb32f0fbbb6ac00d617e1f4151318f66cc77d
SHA256 (OPNsense-22.7-OpenSSL-serial-amd64.img.bz2) = cf1603e20d4268d917b40344ddadd2f147c3e167dbe1f6cd254a2afcb586fb4d
SHA256 (OPNsense-22.7-OpenSSL-vga-amd64.img.bz2) = 2537f37247d98e27634c34cdf23f30f95d0ed00ac0af01c2d9675580a790f8fb

Four different image file names, four different checksums. Pick the one for your image.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1 2
User actions