subject:"Re\: \[tor\-dev\] SHA\-256 checksum mismatch"

Re: [tor-dev] SHA-256 checksum mismatch

2016-06-02 Thread Yawning Angel

On Thu, 02 Jun 2016 03:59:04 -0400
Tuuranton  wrote:
> The SHA-256 checksum of the downloaded file
> https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dmg
> is on my computer
> 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c
> 
> the SHA-256 checksum of the file
> TorBrowser-6.0-osx64_en-US.dmg
> should be
> d68d01889ba38764ebf2057b3cd3263f638a74205031a6d1df11ab8ca13a3618
> 
> 
> Why the mismatch?

"sha256sums-UNSIGNED-build.txt"

Guess the actual release blog post didn't carry over the blurb
covering this (though 6.0a5 did):

> We plan to post instructions for removing the code signing parts on
> our website soon. This should make it easier to compare the bundles
> we build with the actual bundles we ship.

The instructions don't exist yet, see #18925.

Regards,

-- 
Yawning Angel


pgpzl3AUBi06f.pgp
Description: OpenPGP digital signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] SHA-256 checksum mismatch

2016-06-02 Thread Georg Koppen

Tuuranton:
> The SHA-256 checksum of the downloaded file
> https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dmg
> is on my computer
> 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c
> 
> But according to the text file
> https://dist.torproject.org/torbrowser/6.0/sha256sums-unsigned-build.txt
> the SHA-256 checksum of the file
> TorBrowser-6.0-osx64_en-US.dmg
> should be
> d68d01889ba38764ebf2057b3cd3263f638a74205031a6d1df11ab8ca13a3618
> 
> 
> Why the mismatch?

This is due to OS X code-signing that arrived with Tor Browser 6.0. See:
https://blog.torproject.org/blog/tor-browser-60-released third section.

We are working on providing instructions on how to remove the
code-signature in order to get the same SHA256 sum as the pre-signed
bundle. See: https://bugs.torproject.org/18925 for these efforts.

Georg




signature.asc
Description: OpenPGP digital signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] SHA-256 checksum mismatch

Re: [tor-dev] SHA-256 checksum mismatch

2 matches

Site Navigation

Mail list logo

Footer information