SUMMARY Currently, IIW only has conditions that cover small number of distros to verify images. However, some means of verification exist basically for every ISO you download. Usually, ISO comes with either %image name%.sha256 or (less frequently) %image name%.md5 file OR they post SHA256 somewhere on web page of download. From what I see, IIW already has a flow to request SHA256 sum for image so that can be extended to all images. But instead of creating separate dialog, there could be optional field which might be used for that purpose if not empty. Or some sort of signature file detection based on image name could also be used to search files that come with ISO. SOFTWARE/OS VERSIONS ISO Image Writer: 1.0.0
Alas every distro does it differently, I couldn't find any consistent pattern. One could try to make an attempt at all verification methods for a given ISO but I'm not sure how useful that would be
Hard coding for limited set of images is a terrible solution. It's not sustainable simply because maintainers can switch to other verification methods at any time. Also has zero scalability because each and every change requires to rebuild an app. I am suggesting opposite of trying to find any kind of pattern across distro images simply because verification process has nothing to do with ISO and doesn't care about content of the file. And FILE verification (as opposed to ISO verification) more often than not follows quite strict rule since utils that produce hashes have pretty standard output format (sha256sum, md5sum, etc). So, there's no need to guess and if file with given pattern exist then use it. If it doesn't then allow user to provide some sort of signature.