diff --git a/system_setup/install.sh b/system_setup/install.sh
index c81a501..cabb65a 100755
--- a/system_setup/install.sh
+++ b/system_setup/install.sh
@@ -14,7 +14,7 @@ SHRINK_MIB=4096
 OEMDRV_LABEL="OEMDRV"
 MOUNT_POINT="/opt/sys_config"
 MOUNT_OPTS="compress=zstd:6"
-REPO_URL="https://gitea.dtext.online/obel1x/fedora-OEMDRV.git"
+REPO_URL="${1:-https://gitea.dtext.online/obel1x/fedora-OEMDRV.git}"
 MIN_FREE_MIB=$(( SHRINK_MIB + 512 ))   # require 512 MiB headroom above the shrink size
 
 # ── Helpers ───────────────────────────────────────────────────────────────────
@@ -35,6 +35,28 @@ check_tools() {
     [[ ${#missing[@]} -eq 0 ]] || die "Missing required tools: ${missing[*]}"
 }
 
+# Returns 0 if the remote install.sh matches this script's checksum,
+# 1 if the URL is unreachable or the file cannot be downloaded,
+# 2 if the checksum does not match.
+check_repo_url() {
+    local tmpdir sum_remote sum_local
+
+    tmpdir=$(mktemp -d /tmp/oemdrv_repocheck.XXXXXX)
+
+    if ! curl -fsSL "${REPO_URL%.git}/raw/branch/main/system_setup/install.sh" \
+              -o "$tmpdir/install.sh" 2>/dev/null; then
+        rm -rf "$tmpdir"
+        return 1
+    fi
+
+    sum_remote=$(sha256sum "$tmpdir/install.sh" | awk '{print $1}')
+    sum_local=$(sha256sum "$0"                  | awk '{print $1}')
+    rm -rf "$tmpdir"
+
+    [[ "$sum_remote" == "$sum_local" ]] || return 2
+    return 0
+}
+
 # ── Free-space helpers ────────────────────────────────────────────────────────
 
 # Free MiB for a mounted device via df
@@ -241,6 +263,23 @@ new_part_device() {
 require_root
 check_tools
 
+info "Verifying repository URL..."
+check_repo_url
+case $? in
+    1) echo
+       echo "WARNING: '$REPO_URL' is not a reachable git repository."
+       read -r -p "  Continue anyway? [y/N]: " ans
+       [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; }
+       ;;
+    2) echo
+       echo "WARNING: The checksum of this script does not match 'system_setup/install.sh'"
+       echo "         at '$REPO_URL'."
+       echo "         You may be running an outdated or modified version of install.sh."
+       read -r -p "  Continue anyway? [y/N]: " ans
+       [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; }
+       ;;
+esac
+
 info "Scanning for shrinkable partitions and unpartitioned free space..."
 collect_partitions
 collect_free_space