LinuxFormat ipfire img file to usb drive yields boot sequence problem

Hello,
I have tried to reinstall the ipfire 1.4.1 image supplied alongside manjaro in a recent linuxformat magazine.
I have tried various options for ‘dd’ to load the usb but when it boots the first time it reorders the boot partitions and the usb is NOT in the boot order.
The box is an intel NUC with i5-8259u with a Wdc 500Gb drive.
The boot wait is about 6 seconds.
Thx for your help.
Jake

Hi,

I have tried to reinstall the ipfire 1.4.1 image supplied alongside manjaro in a recent linuxformat magazine.

please download the latest release - IPFire 2.25 - Core Update 147 - from our web site so we can sure there is no issue with your magazines’ DVD.

I have tried various options for ‘dd’ to load the usb but when it boots the first time it reorders the boot partitions and the usb is NOT in the boot order.

Please follow the instructions given in step 2 of IPFire’s installation manual for writing the image onto an USB device.

Thanks, and best regards,
Peter Müller

The point of buying of the magazine is that CANNOT trust any download.
Linuxformat has been very useful because i have had 3 pfsense boxes simply physically fail on me costing me more than a mortgage payment.

Hi,

The point of buying of the magazine is that CANNOT trust any download.

this does not make sense. Where does the magazine get its images from? I have never heard of any validating the contents of distributions’ ISOs - frankly, I would be surprised to hear that they are even verifying their checksums.

Even if they did: Why do you trust them or their supply chain not to have tampered with the images? Sooner of later, you will have to install IPFire updates, which are distributed by our mirror infrastructure. Consequently, you cannot thrust those, either. Are you going to run a firewall on outdated software then?!

Thanks, and best regards,
Peter Müller

1)You have to believe in something.
2)They have something to lose.
3)They have more resources

Hi,

1)You have to believe in something.

let’s be honest: This is just a thought-terminating cliché.

ipfire.org is DNSSEC-signed, so you can validate that you get the right answer from your DNS resolver for yourself. We even publish TLSA records for our web servers, so you can even ensure for yourself there is no Man in the Middle intercepting the TLS connection. Afterwards, you have the SHA-256 checksum of our current ISOs, so you can verify the integrity of its download for yourself.

You do not have to trust anyone that way.

But okay, sure, go ahead and trust your Linux magazine, their printing and CD pressing plant for having done all of this - you have to trust them, since you cannot validate they have done so.

2)They have something to lose.

Seriously? Do you think they are going out of business if they accidentally (or even intentionally) shipped a manipulated ISO? Good luck with the world then.

3)They have more resources

In terms of security, this does not guarantee that they

  • use these resources for your benefit (the magazine won’t get any money from doing so)
  • do not make mistakes
  • are not being compromised or forced to cooperate with 3rd parties.

A false sense of security is worse than having no security at all.

Anyway: If you decide to use the image provided by your magazine, and you encounter trouble with it, please go ask them for help. They will probably have more resources than we do here. Since they have something to lose, they will probably be looking after you as a customer in an extremely gracious manner, too.

Thanks, and best regards,
Peter Müller

3 Likes

I also have a subscription to Linux Format and with no disregard to the compilers of the DVD, I NEVER install any software from third-party sources. Peter is absolutely correct; it is always better to obtain software and updates from the original supplier.

That’s not to say there are no circumstances when a DVD is not useful. Severe network constaints or suspected man-in-middle interventions may be valid exceptions but I’d still try and find a way to access the original source.

And finally, if you’re doing a new install, always try and avoid installing an old version.

I finally realised that what i did earlier:
I went into ‘sfdisk’ and redid the partition order manually myself
and reordered the partitions so that the msdos/EFI sector alone
has the boot flag.
Jake