note: the above url is actually a symlink to

http://packages.devuan.org/merged/dists/<release-name>/main/installer-<arch>/<date>/images/netboot/mini.iso

the checksums SHA256SUMS and MD5SUMS are located in:

http://packages.devuan.org/devuan/dists/jessie/main/installer-amd64/current/images/

Is that sufficient for your purposed Jaromil? If needed I can add sha1sum generation to d-i as well

@nextime is it possible to have the repo-jobs sign those checksum files?

@CenturionDan repos-jobs is executed only on trusted build hosts ( actually only ci.devuan.org ) where we have the repository private keys to sign things, so, yes, it's feasible to sign it easily

SHA256SUMS are fine and yes signing is a good idea, please do it, I'll add a signature check to my scripts.

BTW do you have an ETA for when these builds will be automatised? right now only amd64 is available.

Actually since I use the netboot installer to produce VMs there is no need to make such builds every day (fresh packages are pulled directly from repo on install).

Ideally builds should be triggered by commits here and on udebs, but for the immediate future would be enough to have them triggered by hand for all platforms where they work. As soon as there are ARM builds then I can start testing scripts for those (and proceed developing an image toaster for RPi)

the d-i build of alpha 2 is currently running and so far has succesfully built i386, armhf and armel, amd64 will be fine too and arm64 will most likely fail this run. FWIW, only arm64 of the arm builds appears to use xorriso, and we have a plan for fixing that one way or another. So another couple of hours and those builds should hit the repo and then we'll look at making arm64 build.

I see! hoorray! http://packages.devuan.org/devuan/dists/jessie/main/installer-armhf/current/images/netboot/ yet there is no mini.iso for armhf for instance, is that normal? are the SD_card images to be used then? Anyway, I'll find some time to play around with this next weekend.

Ideally the checksums in the installer- should be included in the Release/InRelease as well.

This is really a job for amprolla...

assigned to @nextime

@nextime just a reminder about this while you are working on amprolla2 ;-)

@CenturionDan i will look at it on amprolla2, but at the moment feel free to insert a cronjob on the repo machine using crontab -e to re-generate those checksum files, maybe you can just check if the signature file is absent or older than the file to be hashed and then generate it from crontab?