hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre Kelpe <ake...@concurrentinc.com>
Subject verifying tarball downloads
Date Sun, 01 Sep 2013 11:57:03 GMT

I am looking for the most obvious way to verify the downloads of
hadoop tarballs. I saw that you provide a .mds file containing MD5,
SHA1 and other check sums, which is produced by gpg --print-mds. I
fail finding the right way to verify those in a reliable way. I came
up with this:

 md5sum --check  <(grep "MD5 = " hadoop-1.2.1.tar.gz.mds | sed -e
"s/MD5 = //g;s/ //g" | awk -F: '{print tolower($2), "", $1}')

and that works, but that cannot be the right way of doing it. Please
point me to the part of the docs, that I fail finding.


- André

P.S.: Since you are using gpg already, why are you not signing the
releases, like other projects do?

André Kelpe

View raw message