* release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) [not found] <mailman.9453.1206556695.18990.info-gnu-emacs@gnu.org> @ 2008-03-31 15:09 ` Joe Wells 2008-03-31 19:40 ` release checksum issue related to xdelta file, how to check .sig files Glenn Morris 2008-03-31 20:12 ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Andreas Schwab [not found] ` <mailman.9734.1206991563.18990.bug-gnu-emacs@gnu.org> 1 sibling, 2 replies; 4+ messages in thread From: Joe Wells @ 2008-03-31 15:09 UTC (permalink / raw) To: bug-gnu-emacs, Chong Yidong >>>>> "Chong" == Chong Yidong <cyd@stupidchicken.com> writes: Chong> GNU Emacs 22.2 has been released, and is now available at Chong> ftp.gnu.org/gnu/emacs/ and the GNU FTP mirrors (see Chong> http://www.gnu.org/order/ftp.html). Chong> The MD5 check-sum is the following: Chong> d6ee586b8752351334ebf072904c4d51 emacs-22.2.tar.gz When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file, because it has been compressed differently. (The contents are the same, as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".) This causes two problems: 1. The above checksum can not be used to verify the generated file. (This could be solved by also informing us of the MD5 checksum of the ungzipped file, but problem #2 below indicates this is probably not worth it.) 2. The emacs-22.2.tar.gz generated by xdelta will presumably not be usable as the basis for the next release. There are two different emacs-22.2.tar.gz files, and the one generated by xdelta is different. Presumably, the next xdelta patch will be generated using the standard one, so one will not be able to use xdelta to upgrade two versions in a row. I'm not sure what the solution to this is. It is important that the .tar.gz file generated by xdelta is the same as the .tar.gz file distributed by FTP, or there will be problems. -- Joe Wells ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: release checksum issue related to xdelta file, how to check .sig files 2008-03-31 15:09 ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Joe Wells @ 2008-03-31 19:40 ` Glenn Morris 2008-03-31 20:12 ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Andreas Schwab 1 sibling, 0 replies; 4+ messages in thread From: Glenn Morris @ 2008-03-31 19:40 UTC (permalink / raw) To: Joe Wells; +Cc: bug-gnu-emacs, Chong Yidong Joe Wells wrote: > I'm not sure what the solution to this is. Consign xdeltas to history, offer bzip2 (cue emails about lzma) and gzip downloads, move on? A random perusal of a few directories on ftp.gnu.org/gnu doesn't show a single one offering xdeltas, except emacs. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) 2008-03-31 15:09 ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Joe Wells 2008-03-31 19:40 ` release checksum issue related to xdelta file, how to check .sig files Glenn Morris @ 2008-03-31 20:12 ` Andreas Schwab 1 sibling, 0 replies; 4+ messages in thread From: Andreas Schwab @ 2008-03-31 20:12 UTC (permalink / raw) To: Joe Wells; +Cc: bug-gnu-emacs, Chong Yidong Joe Wells <jbw@cs.bu.edu> writes: >>>>>> "Chong" == Chong Yidong <cyd@stupidchicken.com> writes: > > Chong> GNU Emacs 22.2 has been released, and is now available at > Chong> ftp.gnu.org/gnu/emacs/ and the GNU FTP mirrors (see > Chong> http://www.gnu.org/order/ftp.html). > > Chong> The MD5 check-sum is the following: > > Chong> d6ee586b8752351334ebf072904c4d51 emacs-22.2.tar.gz > > When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz > from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file, > because it has been compressed differently. (The contents are the same, > as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".) This causes two > problems: > > 1. The above checksum can not be used to verify the generated file. The xdelta contains the checksum of the unpressed contents, which is used for verification. You can verify the authenticity of the xdelta with the provided signature. > 2. The emacs-22.2.tar.gz generated by xdelta will presumably not be usable > as the basis for the next release. The xdelta is based on the uncompressed contents. The next xdelta will also be based on the uncompressed contents which you have verified as identical to the distributed file. > I'm not sure what the solution to this is. It is important that the > .tar.gz file generated by xdelta is the same as the .tar.gz file > distributed by FTP, or there will be problems. I see no problem here. Andreas. -- Andreas Schwab, SuSE Labs, schwab@suse.de SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <mailman.9734.1206991563.18990.bug-gnu-emacs@gnu.org>]
* Re: release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) [not found] ` <mailman.9734.1206991563.18990.bug-gnu-emacs@gnu.org> @ 2008-03-31 19:54 ` Joe Wells 0 siblings, 0 replies; 4+ messages in thread From: Joe Wells @ 2008-03-31 19:54 UTC (permalink / raw) To: gnu-emacs-bug >>>>> "Joe" == Joe B Wells <jbw@macs.hw.ac.uk> writes: Joe> When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz Joe> from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file, Joe> because it has been compressed differently. (The contents are the same, Joe> as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".) This causes two Joe> problems: Joe> 1. The above checksum can not be used to verify the generated file. I now realize this is the only real problem, and it is a small one. Joe> (This Joe> could be solved by also informing us of the MD5 checksum of the Joe> ungzipped file, but problem #2 below indicates this is probably not Joe> worth it.) This would be an adequate solution. Joe> 2. The emacs-22.2.tar.gz generated by xdelta will presumably not be usable Joe> as the basis for the next release. There are two different Joe> emacs-22.2.tar.gz files, and the one generated by xdelta is different. Joe> Presumably, the next xdelta patch will be generated using the standard Joe> one, so one will not be able to use xdelta to upgrade two versions in a Joe> row. Except that the xdelta patch stores the checksum of the ungzipped data, so it will work fine. Joe> I'm not sure what the solution to this is. It is important that the Joe> .tar.gz file generated by xdelta is the same as the .tar.gz file Joe> distributed by FTP, or there will be problems. I now think this is not an issue, except that it will cause confusion because the checksum of the .gz file will not match. Sorry for raising a larger alarm than the problem deserves. -- Joe ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-03-31 20:12 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <mailman.9453.1206556695.18990.info-gnu-emacs@gnu.org> 2008-03-31 15:09 ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Joe Wells 2008-03-31 19:40 ` release checksum issue related to xdelta file, how to check .sig files Glenn Morris 2008-03-31 20:12 ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Andreas Schwab [not found] ` <mailman.9734.1206991563.18990.bug-gnu-emacs@gnu.org> 2008-03-31 19:54 ` Joe Wells
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).