what would i have to do to check if there is no malicious manipulation on the usb?
Verify the download image. Then you know you're writing a good image to the usb.
]]>True, but dd would almost certainly fail to write it. The odds of there being a hardware error that allowed dd to "think" it wrote successfully that cmp would detect should be infintessimally small and I'm not sure it'd be much higher than a bad device "bit-rotting" in the time between running the cmp command and the boot attempt.
The question is what kind of "corruption" is one trying to prevent against and how likely are those possibilities. The most likely source of unintentional corruption of the data would be during the download. That potential is not trivial at all. And the checksum checks for this. As for deliberate manipulation, the checksum would also protect against MITM of the download and any nefarious hijacking of the mirror to put up a malicious iso ... so long as the valid checksum can is retrieved from a trusted source.
The question seems to be concerning the deliberate / malicious source of errors. A random error would not be of concern for whether the resulting installation created via that bootable iso would be safe. A random error might make the iso fail to boot, or for some utility to not function properly. But these would be obvious as the installation process would fail at some point (it may not be obvious what went wrong, but it'd be obvious that something had gone wrong). The installation process downloads all packages from the mirrors and does not use package data from the iso, so not random errors would be passed along.
If the concern is malicious manipulation of the iso, a cmp of the iso and the block device would not address this at all.
If the concern is "is my usb device malfunctioning" then the answer will come from attempted use. If the install completes, then the usb was good ... or at least good enough.
what would i have to do to check if there is no malicious manipulation on the usb?
]]>paccheck --list-broken
saved me hours to find the culprit, when some applications didn't work any more.
paccheck is part of pacutils.
Maybe this servers as an answer to the part "to verify ... when you're installing" of the initial post.
]]>The question is what kind of "corruption" is one trying to prevent against and how likely are those possibilities. The most likely source of unintentional corruption of the data would be during the download. That potential is not trivial at all. And the checksum checks for this. As for deliberate manipulation, the checksum would also protect against MITM of the download and any nefarious hijacking of the mirror to put up a malicious iso ... so long as the valid checksum can is retrieved from a trusted source.
The question seems to be concerning the deliberate / malicious source of errors. A random error would not be of concern for whether the resulting installation created via that bootable iso would be safe. A random error might make the iso fail to boot, or for some utility to not function properly. But these would be obvious as the installation process would fail at some point (it may not be obvious what went wrong, but it'd be obvious that something had gone wrong). The installation process downloads all packages from the mirrors and does not use package data from the iso, so not random errors would be passed along.
If the concern is malicious manipulation of the iso, a cmp of the iso and the block device would not address this at all.
If the concern is "is my usb device malfunctioning" then the answer will come from attempted use. If the install completes, then the usb was good ... or at least good enough.
]]># cmp archlinux-2022.11.01-x86_64.iso /dev/sdX
]]>