View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0008022||Kali Linux||Feature Requests||public||2022-10-25 16:38||2022-10-31 08:25|
|Summary||0008022: Please consider signing checksum files for netboot install media|
I use Ansible to generate customized installation media for fully automated installations. As a first step my setup downloads the original installation media (i.e. the mini.iso or the netboot kernel+initrd) from
|Steps To Reproduce|
Compare the output of
The Debian Release files do contain checksums for files like
On Ubuntu this has been solved slightly different. Here the SHA256SUMS files are signed directly using the Ubuntu archive Keyring as can be seen here: http://archive.ubuntu.com/ubuntu/dists/focal/main/installer-amd64/current/legacy-images/.
Thanks for the detailed report! I can see us signing the files in the same way as Ubuntu does it. Let me check.
I notice that we DO have signed checksum files in the following directories:
And it covers the file "mini.iso" and "netboot.tar.gz". I don't know if it's enough for your use-case though.
In any case, I followed the Ubuntu way, and we now sign the top-level checksum files. Check http://http.kali.org/kali/dists/kali-rolling/main/installer-amd64/current/images/, the signatures should appear there in a few hours. Feel free to re-open the ticket if there are still issues. Cheers!
|2022-10-25 16:38||equinox||New Issue|
|2022-10-26 00:50||arnaudr||Note Added: 0016999|
|2022-10-27 04:43||arnaudr||Note Added: 0017009|
|2022-10-27 04:43||arnaudr||Note Edited: 0017009|
|2022-10-28 04:33||arnaudr||Note Added: 0017013|
|2022-10-28 04:34||arnaudr||Assigned To||=> arnaudr|
|2022-10-28 04:34||arnaudr||Status||new => assigned|
|2022-10-28 04:34||arnaudr||Status||assigned => resolved|
|2022-10-28 04:34||arnaudr||Resolution||open => fixed|