openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kay Schenk <kay.sch...@gmail.com>
Subject Re: [PACKAGING 4.1.2-patch1 Binaries] (was RE: [TESTING] Applying openoffice-4.1.2-patch1 for Windows)
Date Sat, 13 Aug 2016 16:24:40 GMT


On 08/13/2016 07:00 AM, Marcus wrote:
> Here are my tests:
> 
> Linux 32-bit:
> 
> - ZIP file is OK and can be uncompressed
> - MD5, SHA1 are OK [1]
> - ZIP ASC is OK (signature from Kay Schenk)
> - Library ASC is OK (signature from Ariel Constenla-Haile)
> 
> Linux 64-bit:
> 
> - ZIP file is OK and can be uncompressed
> - MD5, SHA1 are OK [1]
> - ZIP ASC is OK (signature from Kay Schenk)
> - Library ASC is OK (signature from Ariel Constenla-Haile)
> 
> Mac OSX:
> 
> - ZIP file is OK and can be uncompressed
> - MD5, SHA1 are OK [1]
> - ZIP ASC is OK (signature from Kay Schenk)
> - Library ASC is OK (signature from Ariel Constenla-Haile)
> 
> However, after rewriting the files (of course without to modify the hash
> values itself) the comparsion was OK.
> 
> @Kay:
> I've uploaded the sha256 hash files as suggested.

YAY! Good job!

 Do you mind when I
> overwrite the other hash files with the ones I've created? Then all have
> the same format.

No, go right ahead. With the openssl with digest options, this is how
they got formatted.

> 
> Furthermore, I've read the Readme's for Linux [2] and Mac. As I didn't
> wanted to simply overwrite your work, I've attached the modified
> versions. So, you can review them first or I can overwrite them if you
> don't mind.

I assumed this part --

"Download the hotfix ZIP file to a location on your PC where it can be
used and its content extracted.

Example:
User Jane downloaded and extracted the hotfix ZIP file from her browser
window and saved it in a folder called "Downloads". The full path is:

/home/jane/Downloads"

would be on the hotfix page itself so not needed as part of the actual
instructions. The rest of the changes look fine.




> 
> [1] The files are not well formatted for the "md5sum" and "sha1sum"
> commands. They need the following format:
> 
> <hash value><space><space><file name>
> 
> [2] The Readmes for Linux 32-bit and 64-bit are the same. I've just
> attached the one for 32-bit.
> 
> Marcus
> 
> 
> 
> Am 08/12/2016 06:21 PM, schrieb Kay Schenk:
>> On Thu, Aug 11, 2016 at 3:27 PM, Marcus<marcus.mail@wtnet.de>  wrote:
>>
>>> Am 08/11/2016 09:50 PM, schrieb Kay Schenk@apache.org:
>>>
>>>>
>>>> On 08/09/2016 02:12 PM, Kay Schenk wrote:
>>>>
>>>>> [top posting]
>>>>> I'm in the process of trying to "sync" instructions for Linux32,
>>>>> Linux64, and MacOSX at the moment. As far as instructions on the
>>>>> actual
>>>>> HOTFIX page, we need to have just a "general" instruction for ALL zips
>>>>> that simply says -- "Unzip this package to some folder of your
>>>>> choosing
>>>>> and read the README that's included." Everything else should be in the
>>>>> various READMEs for each platform.
>>>>>
>>>>> I should be done with all edits by this evening for a final review
>>>>> before zipping and signing.
>>>>>
>>>>
>>>> Ok, I've now moved on to creating zip files, etc for Linux32, Linux64
>>>> and Mac.
>>>>
>>>> My openssl version on does NOT supply digest sha256. Is it OK to use
>>>> sha1? MD5 already computed for each of these.
>>>>
>>>
>>> I like to have it consistent for all platforms. Therefore I'll check the
>>> ZIPs and deliver the sha256 hash files.
>>>
>>> Marcus
>>
>>
>> ​Thanks a bunch Marcus!
>> ​
>>
>>
>>>
>>>
>>>
>>>
>>> On 08/05/2016 09:28 AM, Dennis E. Hamilton wrote:
>>>>>
>>>>>> Branching off the part that is not about the Windows 4.1.2-patch1
>>>>>> [TESTING].
>>>>>>
>>>>>> -----Original Message-----
>>>>>>> From: Marcus [mailto:marcus.mail@wtnet.de]
>>>>>>> Sent: Thursday, August 4, 2016 15:52
>>>>>>> To: dev@openoffice.apache.org
>>>>>>> Subject: Re: [TESTING] Applying openoffice-4.1.2-patch1 for Windows
>>>>>>>
>>>>>>> Am 08/05/2016 12:26 AM, schrieb Kay Schenk:
>>>>>>>
>>>>>> [ ... ]
>>>>>>
>>>>>>>
>>>>>>>> hmmm...well no zips for Mac, Linux32, or Linux 64 -- yet.
>>>>>>>>
>>>>>>>> Should we get started on these?
>>>>>>>>
>>>>>>>
>>>>>>> it depends what we want that they should contain. The ZIP file
for
>>>>>>> Windows contains a LICENSE and NOTICE file as well as an ASC
file
>>>>>>> for
>>>>>>> the DLL. As it is only a patch IMHO we don't need to provide
another
>>>>>>> LICENSE and NOTICE file which is already available in the OpenOffice
>>>>>>> installation. Also the ASC is not necessary as we provide it
already
>>>>>>> (together with MD5 and SHA256) for the whole ZIP file.
>>>>>>>
>>>>>> [orcmid]
>>>>>>
>>>>>> I think there is a misunderstanding.  Two matters:
>>>>>>
>>>>>>    1. The use of LICENSE is required by the ALv2 itself, and the
ASF
>>>>>> practice is to include NOTICE as well on binary distributions. 
>>>>>> The patch
>>>>>> qualifies, especially when it is moved to general distribution. 
>>>>>> It is also
>>>>>> easy and harmless to provide.
>>>>>>
>>>>>>    2. The reason for preserving the .asc on the shared-library
>>>>>> binary is
>>>>>> because it authenticates with respect to who produced it and
>>>>>> establishes
>>>>>> that it has not been modified as supplied in the package (or as
>>>>>> the result
>>>>>> of some glitch in creation of the Zip).  It provides a level of
>>>>>> accountability and, also, auditability.
>>>>>>
>>>>>> Even though few people will check all of these, they remain
>>>>>> possible to
>>>>>> be checked.  Since this is a matter of security vulnerabilities and
>>>>>> involves elevation of privilege to perform, I believe it is
>>>>>> important to
>>>>>> demonstrate diligence and care, so that users have confidence in
this
>>>>>> procedure to the extent they are comfortable.  Also, if it becomes
>>>>>> necessary to troubleshoot a problem with these patch applications,
>>>>>> we have
>>>>>> the means to authenticate what they are using to ensure there are
no
>>>>>> counterfeits being offered to users.
>>>>>>
>>>>>>>
>>>>>>> That means that only the README and library file remains.
>>>>>>>
>>>>>>> When the README for Windows keep its length then I don't want
to
>>>>>>> copy
>>>>>>> this on the dowload webpage. ;-)
>>>>>>>
>>>>>>> So, when we put the README for all platforms in their ZIP files
>>>>>>> then we
>>>>>>> can just put a pointer to it on the download webpage and thats
it.
>>>>>>>
>>>>>> [orcmid]
>>>>>>
>>>>>> Yes, that seems like a fine idea.  The README can be linked the same
>>>>>> way the .md5, .sha256, and .asc are linked.
>>>>>>
>>>>>> Also, the README may become simpler if we can link to some of the
>>>>>> information and not have so much detail in the README text
>>>>>> itself.  It
>>>>>> might even be useful to have an .html README for that matter.  But
>>>>>> that is
>>>>>> all extra.  Right now I think we want to get into the testing and
>>>>>> see how
>>>>>> to smooth what we have.
>>>>>>
>>>>>> PS: A friend of mine is looking into the MacOSX situation.  He points
>>>>>> out that one can use the Finder to do the job without users having
>>>>>> to use
>>>>>> Terminal sessions.  I don't have further information at this time.
>>>>>>
>>>>>> PPS: The inclusion of scripts that do the job is also worthy of
>>>>>> consideration, perhaps making it unnecessary to build
>>>>>> executables.  I will
>>>>>> be looking at finding a .bat file that works safely for the
>>>>>> Windows case.
>>>>>> That can make the instructions much shorter :).
>>>>>>
>>>>>>
>>>>>>> To cut a long story short:
>>>>>>> I would say yes for a ZIP file for every platform.
>>>>>>>
>>>>>> [ ... ]
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
> 

-- 
--------------------------------------------
MzK

"Time spent with cats is never wasted."
                   -- Sigmund Freud

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message