verify build files for LFS

Mike McCarty Mike.McCarty at sbcglobal.net
Wed Mar 18 10:14:29 PDT 2009


support wrote:
> 
> I don't quite get what you are after, if you are downloading a file from
> the authors site, and you also want an md5 from the same site to confirm
> the download, its kind of pointless.  If the site has been hacked and
> the original source replaced with something else, it stands to reason
> that the md5 (on the same site) would be compromised also.  The download
> will reach you in original condition thanks to the fact that tcp/ip does
> error checking as it goes.  As for instructions on confirming the md5 on

Umm, TCP/IP does do error checking. That does not guarantee an error
free download. The error checking used is rather weak. I forget the
name of the checksum used, but essentially it's sum_of_wordss mod(65535)
and sum_of_sums_of_words mod(65535). It's named for the guy who
suggested it, and IIRC his name starts with an "F". Anyway, it's very
weak, and was intended to be "easy" to implement. Today, that header is
considered by all to be a mess, and very difficult on modern machines
(i.e. with word sizes > 8 bits) to implement efficiently due to odd byte
addressing required, resulting in often needing to copy the entire
message in order to prepend some stuff.

I've experienced corrupted files downloaded a few times.

> each page, ideally you should do it before you begin at all, its
> pointless getting halfway through the project just to find you have a
> bad copy of something.

It would be nice to have a single file which listed all the md5
(prefereably sha1) sums for all the files which could be used as
input for automated test.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!



More information about the lfs-support mailing list