12
ISO verification (lemmy.world)
submitted 6 months ago by bitahcold@lemmy.world to c/archlinux@lemmy.ml

Hello guys, I'm using Arch as a newbie. Learning about it. But worried about a thing. When I was creating the bootable media for install it, I downloaded the .iso and .iso.sig from any mirror that is near. I followed the things about verification of .iso but I got some errors and gave up. Just used the iso I didn't verificated. I am using the OS that iso installed. There is nothing wrong with usage. I can access all the things about Arch, not had any problems and any performance issues. No special internet usage, no broken things etc. but I'm a bit worried about is there any malicious software such as keyloggers, mining softwares... Can I verify my Arch after the installation? Can I see if there is any software malicious via htop-bpytop? Should I create the bootable media again with verification and reinstall my Arch?

you are viewing a single comment's thread
view the rest of the comments
[-] BaalInvoker@lemmy.eco.br 5 points 6 months ago

Just verify the iso you downloaded. If the signature is correct, the iso is safe.

You can simply $ sha256sum the iso file and verify.

But honestly, you're probably safe. I wouldn't be worried in your place.

[-] bitahcold@lemmy.world 1 points 6 months ago

I did download and set the bootable at my previous OS, Fedora. Now the iso is not reachable and I forgot the mirror that I downloaded from. I still have the usb card I used for installation. Can I do any verification over it? Thanks for reply and relaxing info.

[-] CameronDev@programming.dev 1 points 5 months ago

The sha256 only validates file integrity, it doesnt ensure legitimacy. A malicious actor would replace both the iso and the checksum at the same time.

Only the signature ensures legitimacy, but properly setting up the chain of trust is near impossible anyway without meeting face-to-face with the iso signer.

this post was submitted on 21 May 2024
12 points (92.9% liked)

Arch Linux

7761 readers
13 users here now

The beloved lightweight distro

founded 4 years ago
MODERATORS