In this guideline an automated, bash script method is explained to downloading and the burning onto a DVD, since it is the only safe way to carry software, assured that for physical reasons nothing could have been possibly written onto a DVD once burned.
Blank DVDs are cheap. You can buy a package of 100 high 16X quality ones for less than $20 at ebay or amazon
An “iso-hybrid” image you can use to burn onto a blank DVD, or install into a USB pen or micro-drive or your computer resident hard drive. You need to download from the debian repository the approx. 2 GB iso image you need to burn containing the fully functioning Operating System. You can choose 5 different “look and feel” Debian live options as desktop environment for the X Window System: cinnamon, gnome, kde, lxde, mate or xfce:
https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/
and use the burning software of your choice to burn the image, such as:
// __ Jamie Wagner (9:45): How To Burn a Bootable ISO Image File To CD/DVD-ROM
~
// __ Information Technology (8:20): 2 Creating and burning CD DVD
using K3b English
~
A step-by-step method to do the whole process using a script
Most software repositories maintain data in a certain structure and format because they use scripting to streamline their versioning cycles and/or to facilitate scripting by users.
Most probably, the only variable you will need to set is: _DL_ISO the name of the ISO image you have chosen to download. A log file will be created with which onto which the whole process will be log
_DL_ISO="debian-live-9.4.0-amd64-kde.iso"
### (do not touch)
_DB_ST="https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid"
_DL_AR=(
"${_DL_ISO}"
MD5SUMS
MD5SUMS.sign
SHA1SUMS
SHA1SUMS.sign
SHA256SUMS
SHA256SUMS.sign
SHA512SUMS
SHA512SUMS.sign
)
### (do not touch)
_DL_AR_L=${#_DL_AR[@]}
echo "// __ \$_DL_AR_L: |${_DL_AR_L}|"
_ODIR=$(pwd)
_PART=$(df -P "${_ODIR}" | tail -1 | cut -d' ' -f 1)
echo "// __ \$_PART: |${_PART}|"
_DT="$(date +%Y%m%d%H%M%S)"
_LOG_FL="${_DL_ISO%.*}_${_DT}.log"
echo "// __ \$_LOG_FL: |$_LOG_FL|"
for iX in ${!_DL_AR[@]}; do
echo " [$iX/$_DL_AR_L): |${_DL_AR[$iX]}|"
_DB_FL="${_DB_ST}/${_DL_AR[$iX]}"
echo "// __ \$_DB_FL: |${_DB_FL}|"
echo " [$iX/$_DL_AR_L): |${_DL_AR[$iX]}|" >> "${_LOG_FL}"
time (wget --no-remove-listing --server-response --no-verbose --no-check-certificate --wait=2 --random-wait "${_DB_FL}") >> "${_LOG_FL}" 2>&1
done
Then you need to totally disconnect your computer from the
Internet (in order to make sure the tests are faithful) and run the md5, sha[1,256,512] sums of the data and verify the signatures to check the integrity of the iso image:
date; time md5sum --check MD5SUMS 2>&1 | grep OK
date; time sha1sum --check SHA1SUMS 2>&1 | grep OK
date; time sha256sum --check SHA256SUMS 2>&1 | grep OK
date; time sha512sum --check SHA512SUMS 2>&1 | grep OK
# update your key ring
date; time sudo apt-key update
# use gpg to verify the downloaded signatures are fine, for which you first need the key’s ID which you get by initially running
gpg --verify SHA512SUMS.sign
...
gpg: Signature made Sat 10 Mar 2018 07:41:26 PM EST using RSA key ID 6294BE9B
gpg: Can't check signature: public key not found
# download the public key
$ gpg --keyserver keyring.debian.org --recv 6294BE9B
# now you can verify all signatures
date; time gpg --verbose --verify MD5SUMS.sign MD5SUMS
date; time gpg --verbose --verify SHA1SUMS.sign SHA1SUMS
date; time gpg --verbose --verify SHA256SUMS.sign SHA256SUMS
date; time gpg --verbose --verify SHA512SUMS.sign SHA512SUMS
You test which one your burning device is
eject /dev/sr0
_PATH2ISO=". . ./. . ./debian-live-9.4.0. . .iso"
ls -l "${_PATH2ISO}"
_LBL="debian-live-9.4.0. . .iso"
_BDEV="/dev/sr1"
_LOG_FL="${_LBL}_$(date +%Y%m%d%H%M%S)_growisofs.log"
echo "\$_LOG_FL: |$_LOG_FL|"
date; time(growisofs -dvd-compat -Z "${_BDEV}"="${_PATH2ISO}") >> "${_LOG_FL}" 2>&1
where:
PATH_2_ISO_IMAGE: is the path to your iso image
_BDEV: say “/dev/sr1
Once the first DVD is burned, you would test it by:
- booting it up in a different computer
- probably using the extended internal integrity checks those live system can run (in knoppix you use as boot up option: “knoppix testcd” as a boot up option without the quotes, what is it in Debian?)
"cogitamus ergo sumus" 