[
https://issues.apache.org/jira/browse/CONNECTORS-926?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13972077#comment-13972077
]
Ahmet Arslan commented on CONNECTORS-926:
-----------------------------------------
bq. But if you look at the instructions on the closer page, it does not appear
to be consistent (to me) to using the gpg verification for md5 and sha
signatures.
closer page doesn't give any example nor describe "how to" for "verification
for md5 and sha signatures" So, to me, using 'the gpg verification for md5 and
sha signatures' or any other method like( running {{md5}} and comparing results
by eye) does not create inconsistency.
bq. It does NOT send you to the cloudstack page, so that is immaterial for
ManifoldCF
I pasted cloudstack page for not to repeat my previous comment.
* gpg --print-md MD5 apache-manifoldcf-1.6-bin.zip | diff -
apache-manifoldcf-1.6-bin.zip.md5
* gpg --print-md SHA512 apache-manifoldcf-1.6-bin.zip | diff -
apache-manifoldcf-1.6-bin.zip.sha
Above shows how gpg can be used for verification of md5 and sha signatures. May
be {{pgp}} could be used in a similar fashion too?
My main motivation is :
bq. Note that GnuPG can handle MD5 and SHA checksums as well as PGP signatures.
It is your one-stop shop, cross-platform tool for release signing and
verification.
And I still wonder how (with what command) people verify/check .md5 and .sha
files.
> Release signatures generated on linux machines are of the incorrect format
> --------------------------------------------------------------------------
>
> Key: CONNECTORS-926
> URL: https://issues.apache.org/jira/browse/CONNECTORS-926
> Project: ManifoldCF
> Issue Type: Bug
> Components: Build
> Affects Versions: ManifoldCF 1.6
> Reporter: Karl Wright
> Assignee: Ahmet Arslan
> Fix For: ManifoldCF 1.6
>
>
> Hi Ahmet,
> Looked at the release signatures for MCF 1.6 RC1, and found some differences
> over what the "correct" format is supposed to be.
> Correct form MD5 example:
> A14D8A01BAE4730A9557C35957EBB688 *apache-manifoldcf-1.4.1-bin.tar.gz
> Incorrect form:
> apache-manifoldcf-1.6-lib.zip: 2B 93 33 55 C1 68 09 0E 41 D4 49 55 90 D6 07
> A4
> Correct form SHA example:
> 07E4051DD8D3FAF4005AFEC99D9E79864F591ABB *apache-manifoldcf-1.5.1-src.zip
> Incorrect form:
> apache-manifoldcf-1.6-src.tar.gz: 0B55AB19 04E14F4D 8BF05B13 E98A60DD CED81706
> A09A0C6E 4AAFF17D 521B581C 48F6C35C F5FC6175
> 36D0E4C9 BA8344D9 77E8053B 0E821114 B74B637E
> 53D07838
> Please also note that the download page has an incorrect URL for the SHA
> signature; it should point to .sha1, not .sha, which is why it gets a "not
> found" error. I will fix that shortly.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
