httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guenter Knauf <>
Subject Re: checksum madness - follow-up
Date Fri, 16 Oct 2009 16:34:42 GMT
Graham Leggett schrieb:
> To put this into perspective, checking an md5 (or sha1) checksum is
> simply a case of doing the following three steps:
> - Run md5sum, or openssl, or perl, or whatever you want, and get the md5
> hash string of the binary you downloaded printed out to your terminal.
> - Using your OS' built in "cut and paste" functionality, cut the
> generated md5 checksum.
> - Load the reference hash file from in your browser, and
> paste your generated md5 hash into your browser's "find" functionality.
> Did the find succeed? If so, the binary matches, and you're done.
> This procedure is really simple, and works almost anywhere.
if the reference hash file from is build with gpg then
this method fails (and I consider gpg really unusable for this purpose);
here are some bad samples which show that gpg breaks lines if the
filename is longer:
this looks really horrible to me (and I'm curious if some sed hackers
can come up with a hack which can deal with that too).

> If we really want to fix this problem for users of md5sum, we should
> rather be teaching md5sum how to read all the various combinations of
> inputs out there. I am sure the people who maintain md5sum would be
> grateful for the contribution.
done - my patch was accepted, and upcoming coreutils releases will be
able to accept the openssl format too (thanks Jim Meyering!); the output
of *BSD / MacOSX md5 / sha1 is already supported, and beside that the
*BSD / MacOSX tools also know of a -r switch which makes their output
compatible with coreutils 'standard format'. In addition my OpenSSL
patch was accepted too so that future OpenSSL releases will also support
a -r switch (thanks Steve!).

>> someone is interested in that, or in the script (I post mainly for the
>> few users who might hang out here - I know devs prefer to hack their own
>> shell scripts, and dont call tools without at least one pipe :) :) ),
>> then go here:
this was also improved some more (f.e. added link to a really nice Java
GUI which should run on all Java-aware platforms).


View raw message