How do I verify integrity of downloaded software?
 
Notifications
Clear all

How do I verify integrity of downloaded software?  

  RSS
alex
 alex
(@alex-16)
New Member
How do I verify integrity of downloaded software?

Can anyone point me to checksums or signatures for official releases of firmware, drivers, and slicer? Is there any other way to verify that the software was not tempered with?

Don't get me wrong. I trust Josef Prusa to produce virus free builds. However, when I download the software from the official website, the files come from a CDN (not Prusa), at least for me in Canada, and I don't trust CDNs. Most downloadable software these days come with  a way to verify its integrity. 

Posted : 04/10/2021 1:08 am
bobstro
(@bobstro)
Illustrious Member
I haven't seen checksums offered

I'm not aware of any checksums being provided by Prusa. It's a good idea. You might make a suggestion over on the Prusa github page.

My notes and disclaimers on 3D printing and miscellaneous other tech projects
He is intelligent, but not experienced. His pattern indicates two dimensional thinking. -- Spock in Star Trek: The Wrath of Khan...
Posted : 04/10/2021 3:04 am
towlerg
(@towlerg)
Noble Member

"However, when I download the software from the official website, the files come from a CDN (not Prusa), at least for me in Canada, and I don't trust CDNs."

I don't claim to be a web wizard, but that really doesn't sound right. I'd certainly do a malware scan IIWY. Failing that try making CDN untrusted.

Posted : 04/10/2021 12:54 pm
alex
 alex
(@alex-16)
New Member
Topic starter answered:
@towlerg

Malware scan only scans for malware known to the scanner at the time of scanning. There is malware out there that the scanner has not yet learnt about, and when it does, it will be too late. Thus, I don't want to rely on malware scanners.

Not sure how to make CDN untrusted, and what it would accomplish. Could you please elaborate on this point?

Posted : 04/10/2021 8:22 pm
alex
 alex
(@alex-16)
New Member
Topic starter answered:
Found one way to verify integrity of downloaded Prusa software.

Prusa uploads its builds to GitHub. I downloaded a build from GitHub and compared it to the build from cdn.prusa3d.com. They were packaged somewhat different but the core files were the same.

For the record, I'm talking about Linux builds here. The Windows builds must have an embedded signature, or windows will show a nasty message when you try to install it. Never had a Mac, so I don't know how it works there.

Posted : 05/10/2021 8:52 pm
Share: