Our Authentication & Quality Assurance Procedure For Creating Trisquel Media

Our Authentication & Quality Assurance Procedure For Creating Trisquel Media

1. Open terminal

Menu > Administration > Terminal

2. Enter the commands below followed by tapping the enter key to change to the Downloads folder

cd Downloads

3. Next make a directory for Trisquel and change to the trisquel folder

mkdir trisquel
cd trisquel

4. Now download trisquel using the wget command

wget http://mirror.fsf.org/trisquel-images/trisquel_10.0.1_amd64.iso

Example output:

--2023-02-20 15:39:35-- http://mirror.fsf.org/trisquel-images/trisquel_10.0.1_amd64.iso
Resolving mirror.fsf.org (mirror.fsf.org)... 209.51.188.52, 2001:470:142:4::c
Connecting to mirror.fsf.org (mirror.fsf.org)|209.51.188.52|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2933145600 (2.7G) [application/x-iso9660-image]
Saving to: ‘trisquel_10.0.1_amd64.iso’

trisquel_10.0.1_amd64.iso 100%[==========================================================>] 2.73G 33.3MB/s in 2m 52s

2023-02-20 15:42:27 (16.3 MB/s) - ‘trisquel_10.0.1_amd64.iso’ saved [2933145600/2933145600]

5. Use the ls command to see what is in the folder

ls

Example output:

trisquel_10.0.1_amd64.iso

6. Download the SHA256 file, the signature, and the signing key from https://trisquel.info

Note: Click Download Trisquel and then Download ISO and then select "GPG key" to download the GPG key, the GPG aka the file link to the file that contains the iso.asc extension and the SHA256 file ending in .iso.sha256.

wget https://archive.trisquel.info/trisquel/trisquel-archive-signkey.gpg
wget https://cdimage.trisquel.info/trisquel-images/trisquel_10.0.1_amd64.iso.asc
wget https://cdimage.trisquel.info/trisquel-images/trisquel_10.0.1_amd64.iso....

7. Perform an integrity check on the downloaded image

sha256sum -b trisquel_10.0.1_amd64.iso

Example output:

c0f7b905cc545f6cb784bd111d217c05bb67737798d7afc575402f263dea7ffc *trisquel_10.0.1_amd64.iso

8. Check the above output matches the output of the below command:

cat trisquel_10.0.1_amd64.iso.sha256

Example output:

c0f7b905cc545f6cb784bd111d217c05bb67737798d7afc575402f263dea7ffc trisquel_10.0.1_amd64.iso

Note: If it does not match then the file is corrupted and needs to be downloaded again

9. Import the trisquel signing key

gpg --import < trisquel-archive-signkey.gpg

Example output:

gpg: key B4EFB9F38D8AEBF1: public key "Trisquel GNU/Linux (Trisquel GNU/Linux signing key)
" imported
gpg: key B138CA450C05112F: public key "Trisquel GNU/Linux
" imported
gpg: key F5DAAAF74AD4C938: public key "Trisquel GNU/Linux Archive Automatic Signing Key (11/aramo)
" imported
gpg: Total number processed: 3
gpg: imported: 3

10. Verify the authenticity of the Trisquel ISO

gpg --keyid-format long --verify trisquel_10.0.1_amd64.iso.asc trisquel_10.0.1_amd64.iso

Example output:

gpg: Signature made Thu 26 May 2022 08:14:24 AM EDT
gpg: using RSA key 60364C9869F92450421F0C22B138CA450C05112F
gpg: Good signature from "Trisquel GNU/Linux
" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6036 4C98 69F9 2450 421F 0C22 B138 CA45 0C05 112F

Note: You want to make sure the above output says Good signature from the Trisquel developers

Note: The fact the signature is not certified is normal, and nothing to be concerned about, it basically just means you haven't ever met the developer, and so can't be sure it is a trusted signature

11. Determine what you USB flash drive device location is and unmount any partitions

# Plug in a USB flash drive and unmount any auto-mounted partitions to ensure reliability of written image
# At a minimum make sure the size of the flash drive matches what you inserted to avoid accidentally
# overwriting important data

sudo fdisk -l

Example output:

Disk /dev/sda: 119.51 GiB, 128320801792 bytes, 250626566 sectors
Disk model: Flash Drive FIT
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 07896644-3E61-4841-B41A-CA3F44823CCE

Device Start End Sectors Size Type
/dev/sda1 64 5228883 5228820 2.5G Microsoft basic data
/dev/sda2 5228884 5237379 8496 4.1M EFI System
/dev/sda3 5238784 250626502 245387719 117G Linux filesystem

# We're going to unmount the partitions to ensure the drive is reliably written

sudo umount /dev/sda1
sudo umount /dev/sda2
sudo umount /dev/sda3

Example output:

If a partition is mounted, then nothing is output, but if a partition is already unmounted you will see the below output:

umount: /dev/sda2: not mounted.

12. Write the trisquel ISO image to disk

sudo dd if=trisquel_10.0.1_amd64.iso of=/dev/sda bs=16M oflag=direct status=progress

Example output:

2919235584 bytes (2.9 GB, 2.7 GiB) copied, 100 s, 29.1 MB/s
174+1 records in
174+1 records out
2933145600 bytes (2.9 GB, 2.7 GiB) copied, 100.905 s, 29.1 MB/s

Also it is a good idea to run the sync command and flush any unwritten data to the disk:

sync

13. We need to identify the size of the Trisquel image. Open a browser and go to https://trisquel.info > Download Trisquel and copy the link. Replace the link below with your copy.

curl -s -L -I http://mirror.fsf.org/trisquel-images/trisquel_10.0.1_amd64.iso | grep 'content-length\|Content-Length'

Example output:

Content-Length: 2933145600

14. We are going to verify the written data matches the signature from the Trisquel developers using the following command, but replacing the number 2933145600 with the output you got from step 13 and /dev/sda with your flash drive from step 11.

sudo head -c 2933145600 /dev/sda | TZ=UTC gpg --no-options --keyid-format long --verify trisquel_10.0.1_amd64.iso.asc -

Note: You will want to check that the output says Good signature from the Trisquel developers

Note: The WARNING: about the signature not being certified is normal and nothing to worry about, it just means you haven't met the Trisquel developers

Example output:

gpg: Signature made Thu 26 May 2022 12:14:24 PM UTC
gpg: using RSA key 60364C9869F92450421F0C22B138CA450C05112F
gpg: Good signature from "Trisquel GNU/Linux
" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6036 4C98 69F9 2450 421F 0C22 B138 CA45 0C05 112F