[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Checksum mismatch for 1.8 release
From: |
Erik Auerswald |
Subject: |
Re: Checksum mismatch for 1.8 release |
Date: |
Wed, 18 Jan 2023 08:41:28 +0100 |
Hi all,
On Tue, Jan 17, 2023 at 09:03:46PM +0000, Tim Rice wrote:
> On Wed, Jan 04, 2023 at 08:56:08AM +0000, sean wrote:
> >
> > I just tried to download datamash 1.8 and the
> > checksum that was reported in the release anouncement:
> > https://savannah.gnu.org/forum/forum.php?forum_id=10212
> >
> > Doesn't seem correct anymore and the upload is from hours after that
> > announcement. Has the download been compromised?
> [...]
> 2. I was able to fix things manually, but then forgot the '-z` flag
> to tar when preparing the release tarball. Therefore the announcement
> which I sent out was for some .tar.gz files which actually were not
> compressed.
>
> 3. Shortly after the announcement, someone let me know they were having
> an issue with the packaging because of the error in (2). (Thanks again
> to that person, they caught it quickly, which is why you see a gap of
> only a few hours before new files were sent up.)
>
> 4. I repackaged the files with no change except to add compression in
> the expected way.
The uncompressed tar file datamash-1.8.tar from the current download
has the checksums from the announcement:
$ ls datamash-1.8.tar.gz
ls: cannot access 'datamash-1.8.tar.gz': No such file or directory
$ wget -nv https://ftpmirror.gnu.org/datamash/datamash-1.8.tar.gz
2023-01-18 08:36:26
URL:https://gnu.mirror.constant.com/datamash/datamash-1.8.tar.gz
[2387673/2387673] -> "datamash-1.8.tar.gz" [1]
$ gunzip datamash-1.8.tar.gz
$ sha1sum datamash-1.8.tar
e77e15ed2c6b17b4045251fd87f16430c3bf2166 datamash-1.8.tar
$ sha256sum datamash-1.8.tar
94a4e11819ad259aa3745b7eca392e385e3a676d276e8cbb616269dbbb17fe6d
datamash-1.8.tar
$ b2sum datamash-1.8.tar
dfe4060ea65ea46a1796e01463fd9b0e55c2d633d06da153f585a3a569acf3e9211a14cb3905daf8ecae347358daa04db940d557b909f0ce5ebbba2f57d3a410
datamash-1.8.tar
So this looks good to me. The GPG signature validates, too.
Best regards,
Erik
--
To a first approximation, we can say that accidents are almost always
the result of incorrect estimates of the likelihood of one or more things.
-- C. Michael Holloway, NASA