bug-datamash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checksum mismatch for 1.8 release

From: Erik Auerswald
Subject: Re: Checksum mismatch for 1.8 release
Date: Wed, 18 Jan 2023 08:41:28 +0100 
Hi all,

On Tue, Jan 17, 2023 at 09:03:46PM +0000, Tim Rice wrote:
> On Wed, Jan 04, 2023 at 08:56:08AM +0000, sean wrote:
>
> > I just tried to download datamash 1.8 and the
> > checksum that was reported in the release anouncement:
> > https://savannah.gnu.org/forum/forum.php?forum_id=10212
>
> > Doesn't seem correct anymore and the upload is from hours after that
> > announcement. Has the download been compromised?
> [...]
> 2. I was able to fix things manually, but then forgot the '-z` flag
>    to tar when preparing the release tarball. Therefore the announcement
>    which I sent out was for some .tar.gz files which actually were not
>    compressed.
> 
> 3. Shortly after the announcement, someone let me know they were having
>    an issue with the packaging because of the error in (2). (Thanks again
>    to that person, they caught it quickly, which is why you see a gap of
>    only a few hours before new files were sent up.)
> 
> 4. I repackaged the files with no change except to add compression in
>    the expected way.

The uncompressed tar file datamash-1.8.tar from the current download
has the checksums from the announcement:

    $ ls datamash-1.8.tar.gz
    ls: cannot access 'datamash-1.8.tar.gz': No such file or directory
    $ wget -nv https://ftpmirror.gnu.org/datamash/datamash-1.8.tar.gz
    2023-01-18 08:36:26 
URL:https://gnu.mirror.constant.com/datamash/datamash-1.8.tar.gz 
[2387673/2387673] -> "datamash-1.8.tar.gz" [1]
    $ gunzip datamash-1.8.tar.gz 
    $ sha1sum datamash-1.8.tar 
    e77e15ed2c6b17b4045251fd87f16430c3bf2166  datamash-1.8.tar
    $ sha256sum datamash-1.8.tar
    94a4e11819ad259aa3745b7eca392e385e3a676d276e8cbb616269dbbb17fe6d  
datamash-1.8.tar
    $ b2sum datamash-1.8.tar
    
dfe4060ea65ea46a1796e01463fd9b0e55c2d633d06da153f585a3a569acf3e9211a14cb3905daf8ecae347358daa04db940d557b909f0ce5ebbba2f57d3a410
    datamash-1.8.tar

So this looks good to me.  The GPG signature validates, too.

Best regards,
Erik
-- 
To a first approximation, we can say that accidents are almost always
the result of incorrect estimates of the likelihood of one or more things.
                        -- C. Michael Holloway, NASA
reply via email to
[Prev in Thread] Current Thread [Next in Thread]