Howto speed up the Devuan download with jigdo ============================================= by Frits Daalmans, 2016-04-29 If you've downloaded a Debian Jessie installation CD or DVD in the past, you can use it to greatly speed up your download of the Devuan Jessie beta: There's a program "jigdo" by Richard Atterer which takes a data DVD and turns it into a jigsaw puzzle of one big but 99.9% empty "edge" and the thousands of "pieces" that are the files that are on the DVD. Now the idea to speed up the Devuan download is: most of the Devuan packages are the same as the Debian packages, that you already have. So you only need to download the missing pieces and reconstruct the whole puzzle. First, install jigdo: apt-get install jigdo-file Next, find your Debian Jessie DVD from 2015 and mount it, e.g. on /mnt/cdrom0 (loop mounts of DVD image files are left as an exercise to the reader) Make a temporary working directory somewhere with a lot of disk space. mkdir tmp.scratch.jigdo cd tmp.scratch.jigdo Let's take devuan_jessie_1.0.0-beta_amd64_CD.iso as an example. Instead of downloading the 644 MB ISO image file, download the following two files from the Devuan repository: devuan_jessie_1.0.0-beta_amd64_CD.jigdo (this is a description of the puzzle pieces) and devuan_jessie_1.0.0-beta_amd64_CD.template (this is the "edge" of the puzzle) Next start up the jigdo-lite program in your work directory, with as command line argument the .jigdo file you just downloaded N.B.: the package is called jigdo-file but the executable program you as downloader need is jigdo-lite, not jigdo-file! jigdo-lite devuan_jessie_1.0.0-beta_amd64_CD.jigdo at the prompt "Files to scan:" enter /mnt/cdrom0 or wherever you mounted the Debian DVD or Devuan Alpha DVD that you already had. It doesn't work with ISO images, it expects a directory filled with .deb files. Most likely, the program will *NOT* complete, because there are files missing. These are either from Devuan or upgraded in the meantime. In my case the program responded: Found 1092 of the 1392 files required by the template Copied input files to temporary file `devuan_jessie_1.0.0-beta_amd64_CD.iso.tmp' - repeat command and supply more files to continue ----------------------------------------------------------------- If you already have a previous version of the CD you are downloading, jigdo can re-use files on the old CD that are also present in the new image, and you do not need to download them again. Mount the old CD ROM and enter the path it is mounted under (e.g. `/mnt/cdrom'). Alternatively, just press enter if you want to start downloading the remaining files. Files to scan: The jigdo file has been configured to attempt to download these files from the following server: http://packages.devuan.org/merged/ but you can change the desired mirror if you like, by editing the .jigdo file and changing the line after [Servers] where it currently says [Servers] Devuan=http://packages.devuan.org/merged when you press the enter key at the Files to scan: prompt, the program will attempt to download the missing files from the HTTP server(s) configured in the .jigdo file. If you wonder why it downloads some from httpredir.debian.org instead of packages.devuan.org, that's intentional. See: amprolla. After the jigsaw download ========================= After jigdo has finished, you should have a brand new devuan_jessie_1.0.0-beta_amd64_CD.iso file on your computer, that you didn't even have to completely download! Make the SHA256 checksum: sha256sum devuan_jessie_1.0.0-beta_amd64_CD.iso > what_i_downloaded.sum Verify the SHA256 checksum with the SHA256SUMS file you download from https://files.devuan.org/devuan_jessie_beta/ They should be identical. The version I donwloaded on 2016-04-29 had: 2fa1bf7d9b9ca3a948f9a658fe64d56f1679f4aa0bcd85c8a09ce4a3cbf4bc38 devuan_jessie_1.0.0-beta_amd64_CD.iso Now you know that the site from which you downloaded the SHA256SUMS file is probably the same site from which you downloaded the .jigdo and .template file. But that's not secure, is it :-) If you have already installed the devuan-keyring then it contains Jaromil's private key. It's a bit of a chicken-and-egg problem to trust it from the installation CD, isn't it? If you don't have Jaromil's public key you can get it at TODO keyserver It's an RSA key, ID 4ACB7D10, from jaromil@dyne.org download SHA256SUMS.asc from the same download site as SHA256SUMS, and do a gpg --verify SHA256SUMS.asc In my case, with a Devuan keyring from may 2015, I got: gpg: assuming signed data in `SHA256SUMS' gpg: Signature made Fri Apr 29 09:10:22 2016 UTC using RSA key ID 4ACB7D10 gpg: Good signature from "Denis Roio (Jaromil) " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6113 D89C A825 C5CE DD02 C872 73B3 5DA5 4ACB 7D10 but it's important that you verify this for yourself!