How to verify the provided tools

After verifying the AnuBitux .iso file, it is also possible to check how it was built, reading the logs provided on the Download page or on the GitHub repository.

Lots of tools are obtained from the official Debian repositories.

Other tools are retrieved from official websites or from their official GitHub repositories.

When the tools are downloaded, the sha256 checksum is included in the logs, so that it can be easily compared with the values provided on the tools' official websites. To find the values in the logs (which are more than 50k lines long) it is possible to open the text file, press Ctrl+F and search for the sha256sum string.

When available, also the signatures have been checked. To verify it, it is possible to search the logs for the Good signature string.

Sparrow has a dedicated verifying procedure. To check the installation it is necessary to drag&drop the installation .deb file and the sparrow-1.9.1-manifest.txt file (which can be found in the /opt/debs folder with the signature of the manifest file and the .deb file used for the installation) in the Sparrow GUI.

For some reason, the Sparrow Team decided to allow the verification of their tool after its installation and execution.