Verify an image downloaded from https://raspi.debian.net/

Verify the download hash

The hash stored in the corresponding metadata file is not in the same format as the output from sha512sum and cannot be directly compared. The output can be converted to a comparable format (base64 digest) using the following command:

image_file_name=[compressed image file]
openssl dgst -sha512 -binary "$image_file_name"| base64 | tr -d '\n' | head -c -2; echo

The result of this command can then be compared to the hash (cloud.debian.org/digest) stored in the metadata.

(alternative) Verify the download hash

wget [link to image]
wget https://cloud.debian.org/images/cloud/[release name]/daily/latest/SHA512SUMS
sha512sum --check --ignore-missing ./SHA512SUMS

For example

wget https://cloud.debian.org/images/cloud/forky/daily/latest/debian-14-raspi-arm64-daily.tar.xz
wget https://cloud.debian.org/images/cloud/forky/daily/latest/SHA512SUMS
sha512sum --check --ignore-missing ./SHA512SUMS