Closed udo1toni closed 1 year ago
What a coincidence: Yesterday I started an attempt to include openhabian in the Raspi-Imager and this only works with sha256 checksums, so I did that for the images. Just look at my previous issue and the linked file (rpi-imager-openhabian.yaml) The command is just sha256sum [filename]. To manually check this hashes could be saved on the server. The Raspi-Imager checks automatically.
:)
can you provide a PR against the GitHub action that builds the image ? See https://github.com/openhab/openhabian/blob/main/.github/workflows/build-action.yml
Not sure where the hashed output would need to be put. Where does Raspi imager expect it ?
Not sure where the hashed output would need to be put. Where does Raspi imager expect it ?
Raspi imager expects it in the json-file that has to be made available for download at a static folder. Doesn't the filename already contain a checksum (crc...)?
Fixed-By: #1708
See release 1.7.4b. Hash is in the .json file to work with raspi imager, is that enough or would you require some other format ?
@udo1toni ?
Hmm... Is there a way to print the sha256sum to the Release Message? Or at least an information, that one can get the checksum through the json file?
By the way, a checksum is already included in the file name of the image. It is the hex value that follows crc (currently: 075defd9). crc32 is not save regarding manipulations, but it is sufficient against incomplete downloads etc. If crc32 is not available, the package libarchive-zip-perl has to be installed.
I'd think now that we have both that's sufficient.
Thanks, that's very helpful.
As there are always situations, where one does not know if the downloaded file is corrupt or not, it is desirable to have a checksum like sha1 or md5.
Or is there any other way to ensure the file was not compromised?