Mailing List Archive: Apache: Dev

checksum madness - got it

Index | Next | Previous | View Threaded

fuankg at apache

Sep 25, 2009, 4:02 PM

Post #1 of 7 (724 views)
Permalink

checksum madness - got it

Hi,
Roy T. Fielding schrieb:
> If you don't like the file format, write a friggin perl script
> to read whatever is there and feed it to your *personal* tool
> of choice. Personally, I use 'cat'.
>
> ....Roy
yeaaahh, I got it now: nobody cares about different formats, and we dont
want to commonly agree for the most usable format, and things stay as
they are ....
Roy, your comment was the best because it brought me on the right
track: make your own thing and dont care!
So I took your advice and hacked a Perl script, and thats now for me
better than any other tool because it automatically detects all crazy
formats I currently know of :) - and hey! its even acceptable in speed!
Also it needs no external tools because Perl comes with wonderful
modules, so it should run on every platform which supports Perl.
Nevertheless the discussion was worth for me so far that I now know what
strange formats I might come over, and what tools are available on which
platform. Finally I've written together the results so that I can
later self read again when I've forgotten (you know Alsheimer). In case
someone is interested in that, or in the script (I post mainly for the
few users who might hang out here - I know devs prefer to hack their own
shell scripts, and dont call tools without at least one pipe :) :) ),
then go here:
http://www.gknw.net/phpbb/viewtopic.php?t=570
for further discussions about the script please register to my forum and
post there - I dont want to spam the list here.

have fun!

Gün.

minfrin at sharp

Sep 25, 2009, 5:45 PM

Post #2 of 7 (688 views)
Permalink

Re: checksum madness - got it [In reply to]

Guenter Knauf wrote:

> yeaaahh, I got it now: nobody cares about different formats, and we dont
> want to commonly agree for the most usable format, and things stay as
> they are ....

To put this into perspective, checking an md5 (or sha1) checksum is
simply a case of doing the following three steps:

- Run md5sum, or openssl, or perl, or whatever you want, and get the md5
hash string of the binary you downloaded printed out to your terminal.

- Using your OS' built in "cut and paste" functionality, cut the
generated md5 checksum.

- Load the reference hash file from www.apache.org in your browser, and
paste your generated md5 hash into your browser's "find" functionality.
Did the find succeed? If so, the binary matches, and you're done.

This procedure is really simple, and works almost anywhere.

If we really want to fix this problem for users of md5sum, we should
rather be teaching md5sum how to read all the various combinations of
inputs out there. I am sure the people who maintain md5sum would be
grateful for the contribution.

> In case
> someone is interested in that, or in the script (I post mainly for the
> few users who might hang out here - I know devs prefer to hack their own
> shell scripts, and dont call tools without at least one pipe :) :) ),
> then go here:
> http://www.gknw.net/phpbb/viewtopic.php?t=570

This is a very useful summary.

Regards,
Graham
--

Attachments:

smime.p7s (3.22 KB)

fuankg at apache

Sep 25, 2009, 6:00 PM

Post #3 of 7 (689 views)
Permalink

Re: checksum madness - got it [In reply to]

Hi Graham,
Graham Leggett schrieb:
> If we really want to fix this problem for users of md5sum, we should
> rather be teaching md5sum how to read all the various combinations of
> inputs out there. I am sure the people who maintain md5sum would be
> grateful for the contribution.
I started already with that:
http://www.mail-archive.com/bug-coreutils [at] gnu/msg17903.html

and, if Steve from OpenSSL reads the threads here I hope he can perhaps
also tell a bit about why the two blanks are missing with openssl's
checksum outputs ...

Gün.

wrowe at rowe-clan

Sep 28, 2009, 9:24 PM

Post #4 of 7 (664 views)
Permalink

Re: checksum madness - got it [In reply to]

Don't forget your BSD vs FSF nonsense...

FSF - http://httpd.apache.org/dev/dist/mod_fcgid/mod_fcgid-2.3.2.tar.gz.md5
BSD - http://httpd.apache.org/dev/dist/mod_fcgid/mod_fcgid-2.3.2-crlf.zip.md5

fuankg at apache

Sep 29, 2009, 3:41 AM

Post #5 of 7 (661 views)
Permalink

Re: checksum madness - got it [In reply to]

William A. Rowe, Jr. schrieb:
> Don't forget your BSD vs FSF nonsense...
>
> FSF - http://httpd.apache.org/dev/dist/mod_fcgid/mod_fcgid-2.3.2.tar.gz.md5
> BSD - http://httpd.apache.org/dev/dist/mod_fcgid/mod_fcgid-2.3.2-crlf.zip.md5
naa, already covered:
http://www.gknw.net/phpbb/viewtopic.php?t=570
check my Perl script chkdigest.pl which detects them both automatically ...

GÃ¼n.

fuankg at apache

Oct 16, 2009, 9:34 AM

Post #6 of 7 (622 views)
Permalink

Re: checksum madness - follow-up [In reply to]

Hi,
Graham Leggett schrieb:
> To put this into perspective, checking an md5 (or sha1) checksum is
> simply a case of doing the following three steps:
>
> - Run md5sum, or openssl, or perl, or whatever you want, and get the md5
> hash string of the binary you downloaded printed out to your terminal.
>
> - Using your OS' built in "cut and paste" functionality, cut the
> generated md5 checksum.
>
> - Load the reference hash file from www.apache.org in your browser, and
> paste your generated md5 hash into your browser's "find" functionality.
> Did the find succeed? If so, the binary matches, and you're done.
>
> This procedure is really simple, and works almost anywhere.
if the reference hash file from www.apache.org is build with gpg then
this method fails (and I consider gpg really unusable for this purpose);
here are some bad samples which show that gpg breaks lines if the
filename is longer:
http://www.apache.org/dist/httpd/binaries/win32/mod_fcgid-2.3.4-win32-x86.zip.sha1
http://www.apache.org/dist/httpd/binaries/win32/mod_ftp-0.9.6-beta-win32-x86.zip.md5
http://www.apache.org/dist/httpd/binaries/win32/mod_ftp-0.9.6-beta-win32-x86.zip.sha1
this looks really horrible to me (and I'm curious if some sed hackers
can come up with a hack which can deal with that too).

> If we really want to fix this problem for users of md5sum, we should
> rather be teaching md5sum how to read all the various combinations of
> inputs out there. I am sure the people who maintain md5sum would be
> grateful for the contribution.
done - my patch was accepted, and upcoming coreutils releases will be
able to accept the openssl format too (thanks Jim Meyering!); the output
of *BSD / MacOSX md5 / sha1 is already supported, and beside that the
*BSD / MacOSX tools also know of a -r switch which makes their output
compatible with coreutils 'standard format'. In addition my OpenSSL
patch was accepted too so that future OpenSSL releases will also support
a -r switch (thanks Steve!).

>> someone is interested in that, or in the script (I post mainly for the
>> few users who might hang out here - I know devs prefer to hack their own
>> shell scripts, and dont call tools without at least one pipe :) :) ),
>> then go here:
>> http://www.gknw.net/phpbb/viewtopic.php?t=570
this was also improved some more (f.e. added link to a really nice Java
GUI which should run on all Java-aware platforms).

Gün.

wrowe at rowe-clan

Oct 16, 2009, 9:54 AM

Post #7 of 7 (611 views)
Permalink

Re: checksum madness - follow-up [In reply to]

Guenter Knauf wrote:
> if the reference hash file from www.apache.org is build with gpg then
> this method fails (and I consider gpg really unusable for this purpose);
> here are some bad samples which show that gpg breaks lines if the
> this looks really horrible to me (and I'm curious if some sed hackers
> can come up with a hack which can deal with that too).

First, I always keep a copy of Dougherty & Robbins, "sed & awk" somewhere
near my desk - you should take a look (an O'Reilly title).

So something like
N
s/[\r\n]+//

might do it, you'll have to experiment.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads