celix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: Formats of SHA/MD5 checksums
Date Tue, 20 Nov 2012 21:20:38 GMT
On Tue, Nov 20, 2012 at 12:22 PM, Roman Shaposhnik <rvs@apache.org> wrote:
> Hi!
> while reviewing Celix RC I came across a peculiar format
> for the SHA/MD5 checksums which I've never seen before:
>     https://dist.apache.org/repos/dist/dev/incubator/celix/celix-0.0.1-incubating/
> Turns out, this is the output of gpg and it seems that
> there's no way to ask gpg to verify it (unlike -c for md5sum lets
> say). Worse yet, because of the spaces it is not
> easy to reconcile the output with the more typical
> md5sum one.
> And yet we actually explicitly document gpg as one of the
> tools: http://www.apache.org/dev/release-signing#md5
> So here's the question: are we making it less likely
> for folks to actually verify MD5/SHA checksums if
> we don't have a consistent format for them?

FWIW, any platform with Perl on it can generate md5sum-compatible and
shasum-compatible checksums using incantations like these:

    perl -MDigest -e '$d = Digest->new("MD5"); \
    open $fh, "<apache-lucy-0.4.0.tar.gz" or die; \
    $d->addfile($fh); print $d->hexdigest; print \
    "  apache-lucy-0.4.0.tar.gz\n"' >  apache-lucy-0.4.0.tar.gz.md5

    perl -MDigest -e '$d = Digest->new("SHA-512"); \
    open $fh, "<apache-lucy-0.4.0.tar.gz" or die; \
    $d->addfile($fh); print $d->hexdigest; print \
    "  apache-lucy-0.4.0.tar.gz\n"' > apache-lucy-0.4.0.tar.gz.sha

(Perl is more widespread than md5sum.)

Marvin Humphrey

View raw message