Hi,
I was recently asked to help someone verify a Tails disk. I decided to
help make a list of hashes and to collect various files such as iso
files, signatures, signing keys and so on:
https://github.com/ioerror/tails-verifier
At the moment, the project is just a dataset and a small one. I'm
interested in creating a hash for every file ever released - is there
an archive of old signature files and .iso files somewhere?
How are IUK files verified? The JSON descriptors don't appear to
contain a signature, merely a hash:
https://tails.boum.org/upgrade/v1/Tails/1.2/i386/stable/upgrades.yml
Regarding the file system layout - at the moment - we have a vfat file
system starting at 17.4kB - what's in that 17.4kB of data?
I also wonder about isohybrid - has anyone looked into making it deterministic?
In the future, I'll write a program that uses the dataset in a useful
manner. In an ideal world, we'd have a way to use a Tails disk to
verify any other Tails disk.
All the best,
Jacob
