Use a test system first
Prefer a fresh Debian desktop or non-critical machine for first public testing. Avoid running a conversion bundle blindly on a production workstation.
Safety guidance for testing the signed public AMBROSO conversion bundle on Debian systems.
Prefer a fresh Debian desktop or non-critical machine for first public testing. Avoid running a conversion bundle blindly on a production workstation.
Create a real external backup or snapshot before conversion. The included rollback script is useful, but it is not a full disk restore.
Confirm the GPG signature and SHA256 checksum before extracting or running anything from the bundle.
Read the installer, rollback script, manifest, public sanitization report and warnings file before granting root privileges.
Signature verification confirms the checksum file was signed by the SentinelOS release key. The checksum then confirms the ZIP bytes.
gpg --import sentinelos-release-key.asc
gpg --fingerprint D6666A5894F990A7A35C76A5FFD10F4CF2652C87
gpg --verify SentinelOS_Public_v1_AMBROSO_conversion_bundle.zip.sha256.asc SentinelOS_Public_v1_AMBROSO_conversion_bundle.zip.sha256
sha256sum -c SentinelOS_Public_v1_AMBROSO_conversion_bundle.zip.sha256Unpack into a working folder, then read the public documentation and installer entry points before running the installer.
unzip SentinelOS_Public_v1_AMBROSO_conversion_bundle.zip
cd SentinelOS_Public_v1_AMBROSO_conversion_bundle
less README_SentinelOS_Public_v1_AMBROSO.md
less PUBLIC_SANITIZATION_REPORT.md
cat PUBLIC_SANITIZATION_WARNINGS.txt
less install_SentinelOS_Public_v1_AMBROSO.sh
less rollback_SentinelOS_Public_v1_AMBROSO.shThe converter exposes preflight, sanitization and verify checks. Capture this output for troubleshooting and support.
sentinelos-public-converter --summary
sentinelos-public-converter --sanitize-check
sentinelos-public-converter --preflight
sentinelos-public-converter --verifyThe bundle includes `rollback_SentinelOS_Public_v1_AMBROSO.sh` for supported package-level reversal flows.
A rollback script is not a disk image, Timeshift snapshot, filesystem snapshot or external backup. Keep independent recovery media.
Theme, icon, login screen, hardening and status-tray components are expected to alter desktop presentation and local package state.