[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: release checksum issue related to xdelta file, how to check .sig fil
Re: release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released)
Mon, 31 Mar 2008 22:12:44 +0200
Gnus/5.110006 (No Gnus v0.6) Emacs/22.1 (gnu/linux)
Joe Wells <address@hidden> writes:
>>>>>> "Chong" == Chong Yidong <address@hidden> writes:
> Chong> GNU Emacs 22.2 has been released, and is now available at
> Chong> ftp.gnu.org/gnu/emacs/ and the GNU FTP mirrors (see
> Chong> http://www.gnu.org/order/ftp.html).
> Chong> The MD5 check-sum is the following:
> Chong> d6ee586b8752351334ebf072904c4d51 emacs-22.2.tar.gz
> When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz
> from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file,
> because it has been compressed differently. (The contents are the same,
> as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".) This causes two
> 1. The above checksum can not be used to verify the generated file.
The xdelta contains the checksum of the unpressed contents, which is
used for verification. You can verify the authenticity of the xdelta
with the provided signature.
> 2. The emacs-22.2.tar.gz generated by xdelta will presumably not be usable
> as the basis for the next release.
The xdelta is based on the uncompressed contents. The next xdelta will
also be based on the uncompressed contents which you have verified as
identical to the distributed file.
> I'm not sure what the solution to this is. It is important that the
> .tar.gz file generated by xdelta is the same as the .tar.gz file
> distributed by FTP, or there will be problems.
I see no problem here.
Andreas Schwab, SuSE Labs, address@hidden
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."