For a possible iodéOS installation from a Linux machine I downloaded the corresponding and newest zip file at installer · master · ota / ota · GitLab, but I cannot find any information there about the sha256/sha512 sum of this zip file and no digital signature referring to that file.
How can I prevent the possibility of installing a malicious and/or manipulated iodéOS on my smartphone?
On the manual install page: ota / ota · GitLab
you can get to any of the device builds, where you have the downloads, plus the sha256sum for each file needed for manually building
for example, the moto g32 is here:
devon · master · ota / release · GitLab
and you can see the sha256sum for fastboot, ota and zip files.
Thanks. I already had a look at the files for manual installations of iodéOS on my smartphone, and yes, there are at least the correspoding SHA sum files.
But I noticed the following already before posting my questition in this forum post above:
Whenever I download the zip files for manual installations of iodéOS for two certain smartphones models (one of them belongs to me) via the link you provided here in this forum thread, then these zip files appear to be only 34 KB big having downloaded them, and when trying to unzip them, the following is returned on the command line:
Archive: iode-6.0- . . . . -ota.zip
End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive.
unzip: cannot find zipfile directory in one of iode-6.0- . . . . -ota.zip or
iode-6.0- . . . . -ota.zip.zip, and cannot find iode-6.0- . . . . -ota.zip.ZIP, period.
This is another reason why I asked for the SHA sum and signature file referring to the file which is directly linked for downloading on the main page of the iodéOS web site, i. e. the file mentioned in the header of this forum thread.