md5 checksum in update manager

heiowge
  9 years ago
  2
  Discussion

I just updated my kernal to the latest one using the automatic updates.

Rebooting gave me a kernal panic. I had to reload an earlier kernal and reinstall. After that it worked.

That got me thinking. I had no way of knowing that my updates came through fine. It was only when something broke that I spotted a bad update.

So... my idea...

Would it be possible to md5 checksum each file updated? Simply include the md5 in the data listed that the update manager could check against? I don't mean include extra data in each download. I mean simply have a list of codes for each file that the manager could ask for and use with an update.

I want to say this clearly because the last few ideas I've posted that people didn't like I had people moaning about the problems it would cause them...

I would like this to be OPTIONAL and SWITCHED OFF BY DEFAULT. There. I hope that was clear enough to stop people voting it down for that reason.

Thanks.
Latest comments
OperantIssue 9 years ago

Kernel updates are supplied as Debian packages, which are by default GPG signed. This makes them cryptographically verified by upstream, as well as detects package corruption in transit.

If a package can't be verified, then you are already notified by the update manager.


PiGeek 9 years ago

I am not sure, but with my spotty internet I have gotten several checksum mismatch errors over the months.

So in conclusion I think they already happen behind the scenes in the update manager.


dagon 9 years ago

I'm pretty sure that kernel updates are shipped with checksums already.
Checksums are recommended in the debian policy.
http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Checksums

I don't think your issue with the update was because the data was borked on the way.