Verifying a USB flash drive contains an authentic copy of Trisquel

Verifying a USB flash drive contains an authentic copy of Trisquel

We have a set of procedures to ensure that every flash drive we ship contains a legitimate and verified copy of Trisquel. You can find our full procedures for making a flash drive online. However we want to take this a step further and enable our customers to quickly and somewhat easily verify that a USB flash drive received also contains an authentic copy of Trisquel. Thus, here are the directions to authenticate the contents of a flash drive already containing a copy of Trisquel.

1. Open terminal

Menu > Administration > Terminal

2. Enter the commands below followed by tapping the enter key to change to the Downloads folder

cd Downloads

3. Next make a directory for Trisquel and change to the Trisquel folder

mkdir Trisquel
cd Trisquel

4. Download the signature, and the signing key from https://trisquel.info

Note: Click Download Trisquel and then Download ISO and then select "GPG key" to download the GPG key, the GPG aka the file link to the file that contains the iso.asc extension.

wget https://archive.trisquel.info/trisquel/trisquel-archive-signkey.gpg
wget https://cdimage.trisquel.info/trisquel-images/trisquel_10.0.1_amd64.iso.asc

5. Import the trisquel signing key

gpg --import < trisquel-archive-signkey.gpg

Example output:

gpg: key B4EFB9F38D8AEBF1: public key "Trisquel GNU/Linux (Trisquel GNU/Linux signing key) " imported
gpg: key B138CA450C05112F: public key "Trisquel GNU/Linux " imported
gpg: key F5DAAAF74AD4C938: public key "Trisquel GNU/Linux Archive Automatic Signing Key (11/aramo) " imported
gpg: Total number processed: 3
gpg: imported: 3

6. Determine what you USB flash drive device location is, the size of the disk is usually a good method for determining your flash drive assuming no other similar sized devics.

sudo fdisk -l

Example output:

Disk /dev/sda: 119.51 GiB, 128320801792 bytes, 250626566 sectors
Disk model: Flash Drive FIT
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 07896644-3E61-4841-B41A-CA3F44823CCE

Device Start End Sectors Size Type
/dev/sda1 64 5228883 5228820 2.5G Microsoft basic data
/dev/sda2 5228884 5237379 8496 4.1M EFI System
/dev/sda3 5238784 250626502 245387719 117G Linux filesystem

So in our example /dev/sda is our 128GB flash drive.

7. We need to identify the size of the Trisquel image. Open a browser and go to https://trisquel.info > Download Trisquel and copy the link. Replace the link below with your copy.

curl -s -L -I http://mirror.fsf.org/trisquel-images/trisquel_10.0.1_amd64.iso | grep 'content-length\|Content-Length'

Example output:

Content-Length: 2933145600

8. We are going to verify the written data matches the signature from the Trisquel developers using the following command, but replacing the number 2933145600 with the output you got from step 7 and /dev/sda with your flash drive from step 6.

sudo head -c 2933145600 /dev/sda | TZ=UTC gpg --no-options --keyid-format long --verify trisquel_10.0.1_amd64.iso.asc -

Note: You will want to check that the output says Good signature from the Trisquel developers

Note: The WARNING: about the signature not being certified is normal and nothing to worry about, it just means you haven't met the Trisquel developers

Example output:

gpg: Signature made Thu 26 May 2022 12:14:24 PM UTC
gpg: using RSA key 60364C9869F92450421F0C22B138CA450C05112F
gpg: Good signature from "Trisquel GNU/Linux " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6036 4C98 69F9 2450 421F 0C22 B138 CA45 0C05 112F