Hosting Provided By

Install process certification

From: Keyser Söze <keysersoze_sec(at)yahoo.fr>
Date: Fri Jan 04 2008 - 06:15:35 EST

Hi

I'd like to know whether it's possible to check the signature of a Debian (Etch) install CD, at the earliest stage of the install process.
Indeed, right after the base-installer unpacks the base system files, apt loads the contents of the CD and checks the Release.gpg signature against the Release file.
Two problems, however:
- apt will complain if the signature is wrong, but won't if the Release.gpg file is not even present on the CD;
- this procedure excludes the udebs loaded by debian-installer

So, is there a way to secure the whole install process (I mean, besides manual checking)? I noticed that gpgv is among the default udebs, what is it used for?

Thanks,

--
Keyser




      _____________________________________________________________________________ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
http://mail.yahoo.fr

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Fri Jan 4 06:23:04 2008

This message: [ Message body ]
Next message: Javier Fernandez-Sanguino: "Re: ping22: can not kill this process"
Previous message: Steve Kemp: "Re: ping22: can not kill this process"
Next in thread: paddy(at)panici.net: "Re: Install process certification"
Reply: paddy(at)panici.net: "Re: Install process certification"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:55 EDT