Integrity check always fails for nitropad-t430-v1.4.npf #12
Comments
|
Same here. It seems create-npf.sh script includes cc @daringer |
|
Thank you for checking that! @daringer It should suffice then to rebuild/repack the npf archive with the proper hash file naming |
It may work if you include full path (including BTW, it might be a good idea to include |
|
I would like to hijack this issue for a second for important considerations. Heads is not reproducible for a while now, and I would love to see more collaboration into fixing them (fixing the cause) instead of distributing signed binaries from forks of the main project. Ideally, the ROMs produced by CIs should produce the exact same ROM as a local build for the same commit. Those ROMs, being produced from multiple untrusted sources, should produce the same ROMs for the same upstream commits and same hashes. If we (Insurgo, Nitrokey, Purism) would collaborate into fixing reproducibility issues, then the ROMs should be the same, produced upstream then from other CI and the hashes should be the same everywhere where produced. And ROm produced locally by users not matching the ones found online should raise valid concerns. Otherwise, nobody can produce the same ROM. And this is really problematic. The non-reproducible modules are listed here as of yesterday verification: linuxboot/heads-wiki#70 Once that is resolved, the next step would be to create tags and releases, on which final hashes should be provided for specific commits. Of course, signing those is a plus to attest to end user that we recognise and reviewed the changes that were applied upstream and in our branches up to that point and validate their integrity prior of flashing as well. Authenticity and integrity validation. But signing non reproducible builds not only diverge from Heads original mission, divide efforts of maintainership that should be happening upstream, but also bring users to our own produced documentation and guides instead of bonifying upstream one that benefit everyone. |
|
@daringer Can you let us know, if the binary is updated? |
|
updated create-npf.sh, replaced the files ( |
|
The checksum for the file sha256 is still wrong and fails the sha256 verification with: |
I believe this is still the case. |
|
okok, this calls for a new release ... or not... this would force ppl to use .rom until flash-gui.sh is updated, so maybe I'll modify the |
|
updated the release, should work now(tm) ... sorry for the inconvenience, just updated the npf build process, no actual changes inside the firmware, thus no new release, confirmed and tested here, can someone else retest? |
|
AFAIK this was tested at Nitrokey. Closing as fixed. |
When trying to flash nitropad-t430-v1.4.npf the integrity check always fails. I have manually checked the SHA256 sums of the said
.npffile itself and its internal.romfile. Both verify correctly. So I have had tounzipthe.npffile and use.romfile for flashing. That worked.First I tried to flash
.npffile with rom version 1.3.1. Later I had rom version 1.4 and tried the flashing again: the automatic file integrity check always fails.The text was updated successfully, but these errors were encountered: