httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: [vote] release httpd-2.2.14?
Date Thu, 24 Sep 2009 13:45:33 GMT
On 24.09.2009 14:38, Graham Leggett wrote:
> Guenter Knauf wrote:
> 
>> the checksums are in wrong format. We need to commonly agree how to
>> generate checksum files. The documented format what the user expects is:
>>
>> # cat httpd-2.2.14.tar.bz2.md5
>> a5226203aaf97e5b941c41a71c112704 *httpd-2.2.14.tar.bz2
>> # cat httpd-2.2.14.tar.bz2.sha1
>> eacd04c87b489231ae708c84a77dc8e9ee176fd2 *httpd-2.2.14.tar.bz2
> 
> Can you point out where this is documented?

Not sure what G√ľnter meant by "documented", but at least it is a format
that can be automatically checked with an existing tool. The formats
produced by gpg or openssl can't be automatically checked. Neither gpg
nor openssl seem to have such an option. Of course users could script
something.

See e.g.

http://www.mail-archive.com/dev@httpd.apache.org/msg45075.html

and the followup mail by Bill.

> Having dug into this further, there seems to be no standard format for
> these files.
> 
> In the roll.sh script, an attempt is made to use md5sum if it exists,
> falling back on openssl's md5 if md5sum doesn't exist on that platform
> (md5sum doesn't exist on MacOSX).

There could by an "md5" with an option "-r" which is supposed to provide
md5sum format.

>> I create these on Linux and Win32 with a shell / batch script:
>> #!/bin/sh
>> test -z "$1" && echo "Usage: ${0##*/} <file>" && exit
>> md5sum -b ${1} > ${1}.md5
>> sha1sum -b ${1} > ${1}.sha1
>>
>> @echo off
>> if (%1)==() goto END
>> md5sum -b %1 > %1.md5
>> sha1sum -b %1 > %1.sha1
>> :END
>>
>> The huge benefit of this format is that the binaries can then be checked
>> with same tools (option -c).
> 
> With the downside that what you propose only works on Linux.

md5sum does seem to exist for Windows to. The above script was meant to
be an example for what is already contained in the release script, which
is not supposed to work on Windows.

The problem here is making it easy for users to check the md5. And the
claim is that when using the md5sum format a lot of users can check
easily, when using gpg or openssl formats it's not easy.

Regards,

Rainer

Mime
View raw message