Post Installation Verification (debian)

Installing my host os Debian.

I download iso and check hashsums to make sure i have correct image from website. And i install.

But what after install ? can i somehow verify that all installed packages are legit ? I don’t trust pc that copies files to usb, i don’t trust usb. How can i be sure that i install exact iso i downloaded and iso are not tampered during “dd copy”, or during installation ?

I read that it is reproducible builds, but it’s complicated and not work fully now.
Can i run some script after install to check all files hashsums and verify them with official hashsums ?

Verify the iso with Whonix gpg key.

1 Like