[tor-dev] SHA-256 checksum mismatch
The SHA-256 checksum of the downloaded file https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dmg is on my computer 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c But according to the text file https://dist.torproject.org/torbrowser/6.0/sha256sums-unsigned-build.txt the SHA-256 checksum of the file TorBrowser-6.0-osx64_en-US.dmg should be d68d01889ba38764ebf2057b3cd3263f638a74205031a6d1df11ab8ca13a3618 Why the mismatch?___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] SHA-256 checksum mismatch
Tuuranton: > The SHA-256 checksum of the downloaded file > https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dmg > is on my computer > 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c > > But according to the text file > https://dist.torproject.org/torbrowser/6.0/sha256sums-unsigned-build.txt > the SHA-256 checksum of the file > TorBrowser-6.0-osx64_en-US.dmg > should be > d68d01889ba38764ebf2057b3cd3263f638a74205031a6d1df11ab8ca13a3618 > > > Why the mismatch? This is due to OS X code-signing that arrived with Tor Browser 6.0. See: https://blog.torproject.org/blog/tor-browser-60-released third section. We are working on providing instructions on how to remove the code-signature in order to get the same SHA256 sum as the pre-signed bundle. See: https://bugs.torproject.org/18925 for these efforts. Georg signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] SHA-256 checksum mismatch
On Thu, 02 Jun 2016 03:59:04 -0400 Tuuranton wrote: > The SHA-256 checksum of the downloaded file > https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dmg > is on my computer > 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c > > the SHA-256 checksum of the file > TorBrowser-6.0-osx64_en-US.dmg > should be > d68d01889ba38764ebf2057b3cd3263f638a74205031a6d1df11ab8ca13a3618 > > > Why the mismatch? "sha256sums-UNSIGNED-build.txt" Guess the actual release blog post didn't carry over the blurb covering this (though 6.0a5 did): > We plan to post instructions for removing the code signing parts on > our website soon. This should make it easier to compare the bundles > we build with the actual bundles we ship. The instructions don't exist yet, see #18925. Regards, -- Yawning Angel pgpzl3AUBi06f.pgp Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] DescripTor 1.2.0 is released
Hi Karsten, congrats on the release! I gotta admit, first thing I
wondered when I saw this was 'what is DescripTor and why does it have
a name that will be so easily confused with the documents it
fetches?'.
Quick peek at the readme seems to indicate this is the DirPort
fetching capabilities of metrics-lib? Is this an effort to slit
metrics-lib up into smaller libraries?
Cheers! -Damian
On Tue, May 31, 2016 at 12:17 PM, Karsten Loesing
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello devs,
>
> I just released DescripTor 1.2.0:
>
> https://dist.torproject.org/descriptor/1.2.0/
>
> - From the change log:
>
> # Changes in version 1.2.0 - 2016-05-31
>
> * Medium changes
>- Include the hostname in directory source entries of consensuses
> and votes.
>- Also accept \r\n as newline in Torperf results files.
>- Make unrecognized keys of Torperf results available together with
> the corresponding values, rather than just the whole line.
>- In Torperf results, recognize all percentiles of expected bytes
> read for 0 <= x <= 100 rather than just x = { 10, 20, ..., 90 }.
>- Rename properties for overriding default descriptor source
> implementation classes.
>- Actually return the signing key digest in network status votes.
>- Parse crypto parts in network status votes.
>- Document all public parts in org.torproject.descriptor and add
> an Ant target to generate Javadocs.
>
> * Minor changes
>- Include a Torperf results line with more than one unrecognized
> key only once in the unrecognized lines.
>- Make "consensus-methods" line optional in network statuses votes,
> which would mean that only method 1 is supported.
>- Stop reporting "-END .*-" lines in directory key
> certificates as unrecognized.
>- Add code used for benchmarking.
>
> In particular the full rewrite of Javadocs was painful but hopefully
> useful to people here, not necessarily just DescripTor users but
> anyone working with Tor network data. Here's the compiled web version
> until DescripTor has its own website:
>
> https://people.torproject.org/~karsten/volatile/descriptor-docs-2016-05-31/
>
> Many thanks to iwakeh for helping with most of these changes!
>
> All the best,
> Karsten
>
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
>
> iQEcBAEBAgAGBQJXTeNUAAoJEC3ESO/4X7XB208IAKwyJF2jgjvuREfYKkI9UFva
> ZoMbXgITXfTNJ4hXSc5x30jMw56xVummaWMMgBKwscPyhJAdngUjxQt//8ZOwFx/
> hezHbRGxxRZquiROvIMW1mLIfnvSnkZAVL6tPuQmiKfqcR2ExMs3KCZsdCcfI/KR
> ZB9tHnGsSqhME+XPxQNAhT/OgBNnaq4Y7WFMhLuOHDm4/sCIjeoeix8aF1ve27ue
> FdOvaxjY1iBipxNdKkup5SXmL1tBmQ7bwTV59EduLatq+30tMnE7Xyat9MeQMyGI
> Bs9/5h+f29zREzyPp6kPd/m0eN1udvXF8nqa34QqAk0YHECE1BoIRDRo7qkixx4=
> =xs8m
> -END PGP SIGNATURE-
> ___
> tor-dev mailing list
> tor-dev@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] DescripTor 1.2.0 is released
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Damian,
On 02/06/16 17:58, Damian Johnson wrote:
> Hi Karsten, congrats on the release! I gotta admit, first thing I
> wondered when I saw this was 'what is DescripTor and why does it
> have a name that will be so easily confused with the documents it
> fetches?'.
Oh, it always had two names, metrics-lib and DescripTor. We have been
referring to it as DescripTor lately, that's why I used that name in
the announcement. But it's the same thing.
> Quick peek at the readme seems to indicate this is the DirPort
> fetching capabilities of metrics-lib? Is this an effort to slit
> metrics-lib up into smaller libraries?
No, same thing. The DirPort fetching in DescripTor/metrics-lib is
actually something that doesn't work so well, which is why CollecTor
uses its own code for that. There are no plans to split up
metrics-lib at this point.
All the best,
Karsten
> Cheers! -Damian
>
>
> On Tue, May 31, 2016 at 12:17 PM, Karsten Loesing
> wrote: Hello devs,
>
> I just released DescripTor 1.2.0:
>
> https://dist.torproject.org/descriptor/1.2.0/
>
> From the change log:
>
> # Changes in version 1.2.0 - 2016-05-31
>
> * Medium changes - Include the hostname in directory source entries
> of consensuses and votes. - Also accept \r\n as newline in Torperf
> results files. - Make unrecognized keys of Torperf results
> available together with the corresponding values, rather than just
> the whole line. - In Torperf results, recognize all percentiles of
> expected bytes read for 0 <= x <= 100 rather than just x = { 10,
> 20, ..., 90 }. - Rename properties for overriding default
> descriptor source implementation classes. - Actually return the
> signing key digest in network status votes. - Parse crypto parts in
> network status votes. - Document all public parts in
> org.torproject.descriptor and add an Ant target to generate
> Javadocs.
>
> * Minor changes - Include a Torperf results line with more than one
> unrecognized key only once in the unrecognized lines. - Make
> "consensus-methods" line optional in network statuses votes, which
> would mean that only method 1 is supported. - Stop reporting
> "-END .*-" lines in directory key certificates as
> unrecognized. - Add code used for benchmarking.
>
> In particular the full rewrite of Javadocs was painful but
> hopefully useful to people here, not necessarily just DescripTor
> users but anyone working with Tor network data. Here's the
> compiled web version until DescripTor has its own website:
>
> https://people.torproject.org/~karsten/volatile/descriptor-docs-2016-05-31/
>
> Many thanks to iwakeh for helping with most of these changes!
>
> All the best, Karsten
>
>> ___ tor-dev mailing
>> list tor-dev@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> ___ tor-dev mailing
> list tor-dev@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJXUFtpAAoJEC3ESO/4X7XBQgsH/A/5T4QnBylP7pxe4xN0Q7GD
ZKcwvnNlhLagPaYOHDhGcgFPrYKn1KfGCb1RTF/VDzU7CweXFxwddCd/4suwG840
OclFW2bLTJ1iajOyQSO+zANN5QaQXShdE69aZh8XrA+WV5RrKhJrht1LJN+f7e1F
bZw2uwXE6QGWvPC5fR1ISucOeTJZGRTXauSXkHWabeyEIoH+ju99qs4mPWbjgRp2
EhxFbWL/Qqc96M8UkrU64a7rpuk4DU31+YNCytPkIEsWof6mCCaSMhkAu+ZKSoeT
caXnu/ztkFx8+nX5p9tzCs0DUKpdlh16MWbazWW8BzaeWJf9KUccpGqZnKW+Yec=
=ebdI
-END PGP SIGNATURE-
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] DescripTor 1.2.0 is released
> Oh, it always had two names, metrics-lib and DescripTor. We have been > referring to it as DescripTor lately, that's why I used that name in > the announcement. But it's the same thing. A! Gotcha. For what it's worth metrics-lib strikes me as a much better name... * That's what most things I'm aware of refer to. Its git repo, our descriptor parser comparison table, etc. An alternate name is kinda confusing. * Names are often written in lowercase (import statements, etc) so DescripTor becomes descriptor, the thing it's fetching. That's kinda confusing. Anyway, just food for thought. Besides the tarball name I'm not spotting much use of the DescripTor name so it could be pretty easy to standardize on metrics-lib if you wanted. Cheers! -Damian ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] [GSoC] CONIKS for Tor Messenger - 1st status report
Hi everyone, This is the first status report on the CONIKS for Tor Messenger project. This is what I have done so far: * Discussing with Arlo and Marcela about the account verification module. The proposal is described below. * Implementing the Merkle prefix tree module. The source code is under review and is available on github repo [1] * Submitting 2 patches for ctype-otr addon (pull #74 and #75 [2]) For now, I'm working on implementing the STR module as a part of Merkle tree module. This module would be moved into its own repo as a library, separated from the key server module, after others commented on the code. Next I plan to continue implementing the key server module (including the registration and key change operation). It also requires a prototype implementation of the account verification module. Besides, we also established the collaboration with engineers and PhD students from EPFL on developing the CONIKS server module. The source code of the CONIKS server module would be committed to its own repo [3], while other Tor Messenger specific modules would be committed to the repo of the project [4]. --- The account verification protocol is proposed as follows (credit to Arlo) - the user connects to an account - the client sends the registration request to a registration bot on the server - the client also signs the registered public key and sends it to the registration bot - the bot verifies the signature and registers the sending account with the public key The client sends the signed public key to the registration bot by using one of following methods: - send a direct message to the Twitter account of the bot (in case the account is a Twitter account) - send a private chat to the Jabber account of the bot (in case the account is a Jabber account) Best, Huy [1] https://github.com/coniks-sys/libconiks-server-go/pull/1 [2] https://github.com/arlolra/ctypes-otr/pulls [3] https://github.com/coniks-sys/libconiks-server-go/ [4] https://github.com/c633/tor-messenger-coniks ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
