From 6950921b56bc49f9fdeecf9ed80414fc44675e50 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 2 Feb 2024 16:50:16 +0100
Subject: [PATCH] install: fix image signature verification step

This changed for 24.1: the image signatures are for the uncompressed
images in order to verify the integrity before writing to a medium.

There have been cases of damaged uncompressed images so this way it
can be found and avoided.
---
 source/manual/install.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/source/manual/install.rst b/source/manual/install.rst
index 0eb3406a..e98e9293 100644
--- a/source/manual/install.rst
+++ b/source/manual/install.rst
@@ -173,8 +173,8 @@ from one of our `mirrors <https://opnsense.org/download>`__.
 OpenSSL is used for image file verification.  4 files are needed for verification process:
 
 * The SHA-256 checksum file (<filename>.sha256)
-* The bzip compressed Image file (<filename>.<image>.bz2)
-* The signature file (<filename>.<image>.bz2.sig)
+* The bzip compressed image file (<filename>.<image>.bz2)
+* The signature file for the uncompressed image file (<filename>.<image>.sig)
 * The openssl public key (<filename>.pub)
 
 Use one of the OPNsense mirrors to download these files:
@@ -216,8 +216,8 @@ If checksums match continue with the verification commands.
 
 ::
 
-   openssl base64 -d -in OPNsense-<filename>.sig -out /tmp/image.sig
-   openssl dgst -sha256 -verify OPNsense-<filename>.pub -signature /tmp/image.sig OPNsense-<filename>.bz2
+   openssl base64 -d -in OPNsense-<filename>.<image>.sig -out /tmp/image.sig
+   openssl dgst -sha256 -verify OPNsense-<filename>.pub -signature /tmp/image.sig OPNsense-<filename>.<image>
 
 
 If the output of the second command is “**Verified OK**”, your image file was verified