verify build files for LFS

Mike McCarty Mike.McCarty at sbcglobal.net
Wed Mar 18 12:24:55 PDT 2009


Mike McCarty wrote:
> support wrote:
>> I don't quite get what you are after, if you are downloading a file from
>> the authors site, and you also want an md5 from the same site to confirm
>> the download, its kind of pointless.  If the site has been hacked and
>> the original source replaced with something else, it stands to reason
>> that the md5 (on the same site) would be compromised also.  The download
>> will reach you in original condition thanks to the fact that tcp/ip does
>> error checking as it goes.  As for instructions on confirming the md5 on
> 
> Umm, TCP/IP does do error checking. That does not guarantee an error
> free download. The error checking used is rather weak. I forget the
> name of the checksum used, but essentially it's sum_of_wordss mod(65535)
> and sum_of_sums_of_words mod(65535). It's named for the guy who
> suggested it, and IIRC his name starts with an "F". Anyway, it's very

I recalled it! "Fletcher's Checksum" Sheesh! It's pretty much
universally hated by everyone who uses it.

I just did this:

$ sha1sum -c ../../../6.4/SHA1SUMS 2>&1 | grep -v OK
inetutils-1.5.tar.gz: FAILED
sha1sum: WARNING: 1 of 85 computed checksums did NOT match

Hmm. OTOH:

$ gunzip -tv inetutils-1.5.tar.gz
inetutils-1.5.tar.gz:    OK

So, which file is in error, the tar.gz or the SHA1SUMS file?

Gonna have to look into this.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!



More information about the lfs-support mailing list