verify build files for LFS

Mike McCarty Mike.McCarty at
Wed Mar 18 12:24:55 PDT 2009

Mike McCarty wrote:
> support wrote:
>> I don't quite get what you are after, if you are downloading a file from
>> the authors site, and you also want an md5 from the same site to confirm
>> the download, its kind of pointless.  If the site has been hacked and
>> the original source replaced with something else, it stands to reason
>> that the md5 (on the same site) would be compromised also.  The download
>> will reach you in original condition thanks to the fact that tcp/ip does
>> error checking as it goes.  As for instructions on confirming the md5 on
> Umm, TCP/IP does do error checking. That does not guarantee an error
> free download. The error checking used is rather weak. I forget the
> name of the checksum used, but essentially it's sum_of_wordss mod(65535)
> and sum_of_sums_of_words mod(65535). It's named for the guy who
> suggested it, and IIRC his name starts with an "F". Anyway, it's very

I recalled it! "Fletcher's Checksum" Sheesh! It's pretty much
universally hated by everyone who uses it.

I just did this:

$ sha1sum -c ../../../6.4/SHA1SUMS 2>&1 | grep -v OK
inetutils-1.5.tar.gz: FAILED
sha1sum: WARNING: 1 of 85 computed checksums did NOT match

Hmm. OTOH:

$ gunzip -tv inetutils-1.5.tar.gz
inetutils-1.5.tar.gz:    OK

So, which file is in error, the tar.gz or the SHA1SUMS file?

Gonna have to look into this.

Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!

More information about the lfs-support mailing list