New OpenBSD 5.6 has been released. It is time to give it a try.
In the installation maunal, There is a section “Verifying the OpenBSD Installation Media”. signify command is used for verification.
signify -C -p /etc/signify/openbsd-56-base.pub -x SHA256.sig cd56.iso
The SHA256.sig and cd56.iso can be obtained from the mirror. However, openbsd-56-base.pub file is not available. In addition, there is no signify in default OS X installation.
To use signify to verify the install media, we can do the following:
- Install
signifyfrom eitherportorhomebrew.
brew install signify-osx
- Copy the public key from http://www.openbsd.org/56.html and create a file to store the key. It is required that the file must start with “untrusted comment: “.
untrusted comment: signify public key for OpenBSD 5.6
RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV
- Verify. In my case, I verify the
install56.fswhich is for creating bootable USB. In my case, every file is in the same directory.
signify -C -p 56.pub -x SHA256.sig install56.fs
The final result should look like this.
Signature Verified
install56.fs: OK