all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released)
       [not found] <mailman.9453.1206556695.18990.info-gnu-emacs@gnu.org>
@ 2008-03-31 15:09 ` Joe Wells
  2008-03-31 19:40   ` release checksum issue related to xdelta file, how to check .sig files Glenn Morris
  2008-03-31 20:12   ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Andreas Schwab
       [not found] ` <mailman.9734.1206991563.18990.bug-gnu-emacs@gnu.org>
  1 sibling, 2 replies; 4+ messages in thread
From: Joe Wells @ 2008-03-31 15:09 UTC (permalink / raw)
  To: bug-gnu-emacs, Chong Yidong

>>>>> "Chong" == Chong Yidong <cyd@stupidchicken.com> writes:

  Chong> GNU Emacs 22.2 has been released, and is now available at
  Chong> ftp.gnu.org/gnu/emacs/ and the GNU FTP mirrors (see
  Chong> http://www.gnu.org/order/ftp.html).

  Chong> The MD5 check-sum is the following:

  Chong>   d6ee586b8752351334ebf072904c4d51  emacs-22.2.tar.gz

When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz
from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file,
because it has been compressed differently.  (The contents are the same,
as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".)  This causes two
problems:

1. The above checksum can not be used to verify the generated file.  (This
   could be solved by also informing us of the MD5 checksum of the
   ungzipped file, but problem #2 below indicates this is probably not
   worth it.)

2. The emacs-22.2.tar.gz generated by xdelta will presumably not be usable
   as the basis for the next release.  There are two different
   emacs-22.2.tar.gz files, and the one generated by xdelta is different.
   Presumably, the next xdelta patch will be generated using the standard
   one, so one will not be able to use xdelta to upgrade two versions in a
   row.

I'm not sure what the solution to this is.  It is important that the
.tar.gz file generated by xdelta is the same as the .tar.gz file
distributed by FTP, or there will be problems.

-- 
Joe Wells




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: release checksum issue related to xdelta file, how to check .sig files
  2008-03-31 15:09 ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Joe Wells
@ 2008-03-31 19:40   ` Glenn Morris
  2008-03-31 20:12   ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Andreas Schwab
  1 sibling, 0 replies; 4+ messages in thread
From: Glenn Morris @ 2008-03-31 19:40 UTC (permalink / raw)
  To: Joe Wells; +Cc: bug-gnu-emacs, Chong Yidong

Joe Wells wrote:

> I'm not sure what the solution to this is.

Consign xdeltas to history, offer bzip2 (cue emails about lzma) and
gzip downloads, move on?

A random perusal of a few directories on ftp.gnu.org/gnu doesn't show
a single one offering xdeltas, except emacs.




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released)
       [not found] ` <mailman.9734.1206991563.18990.bug-gnu-emacs@gnu.org>
@ 2008-03-31 19:54   ` Joe Wells
  0 siblings, 0 replies; 4+ messages in thread
From: Joe Wells @ 2008-03-31 19:54 UTC (permalink / raw)
  To: gnu-emacs-bug

>>>>> "Joe" == Joe B Wells <jbw@macs.hw.ac.uk> writes:

  Joe> When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz
  Joe> from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file,
  Joe> because it has been compressed differently.  (The contents are the same,
  Joe> as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".)  This causes two
  Joe> problems:

  Joe> 1. The above checksum can not be used to verify the generated file.

I now realize this is the only real problem, and it is a small one.

  Joe>    (This
  Joe>    could be solved by also informing us of the MD5 checksum of the
  Joe>    ungzipped file, but problem #2 below indicates this is probably not
  Joe>    worth it.)

This would be an adequate solution.

  Joe> 2. The emacs-22.2.tar.gz generated by xdelta will presumably not be usable
  Joe>    as the basis for the next release.  There are two different
  Joe>    emacs-22.2.tar.gz files, and the one generated by xdelta is different.
  Joe>    Presumably, the next xdelta patch will be generated using the standard
  Joe>    one, so one will not be able to use xdelta to upgrade two versions in a
  Joe>    row.

Except that the xdelta patch stores the checksum of the ungzipped data, so
it will work fine.

  Joe> I'm not sure what the solution to this is.  It is important that the
  Joe> .tar.gz file generated by xdelta is the same as the .tar.gz file
  Joe> distributed by FTP, or there will be problems.

I now think this is not an issue, except that it will cause confusion
because the checksum of the .gz file will not match.

Sorry for raising a larger alarm than the problem deserves.

-- 
Joe




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released)
  2008-03-31 15:09 ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Joe Wells
  2008-03-31 19:40   ` release checksum issue related to xdelta file, how to check .sig files Glenn Morris
@ 2008-03-31 20:12   ` Andreas Schwab
  1 sibling, 0 replies; 4+ messages in thread
From: Andreas Schwab @ 2008-03-31 20:12 UTC (permalink / raw)
  To: Joe Wells; +Cc: bug-gnu-emacs, Chong Yidong

Joe Wells <jbw@cs.bu.edu> writes:

>>>>>> "Chong" == Chong Yidong <cyd@stupidchicken.com> writes:
>
>   Chong> GNU Emacs 22.2 has been released, and is now available at
>   Chong> ftp.gnu.org/gnu/emacs/ and the GNU FTP mirrors (see
>   Chong> http://www.gnu.org/order/ftp.html).
>
>   Chong> The MD5 check-sum is the following:
>
>   Chong>   d6ee586b8752351334ebf072904c4d51  emacs-22.2.tar.gz
>
> When using the emacs-22.1-22.2.xdelta patch to build emacs-22.2.tar.gz
> from emacs-22.1.tar.gz, I get a *different* emacs-22.2.tar.gz file,
> because it has been compressed differently.  (The contents are the same,
> as revealed by "gunzip -c emacs-22.2.tar.gz | md5sum".)  This causes two
> problems:
>
> 1. The above checksum can not be used to verify the generated file.

The xdelta contains the checksum of the unpressed contents, which is
used for verification.  You can verify the authenticity of the xdelta
with the provided signature.

> 2. The emacs-22.2.tar.gz generated by xdelta will presumably not be usable
>    as the basis for the next release.

The xdelta is based on the uncompressed contents.  The next xdelta will
also be based on the uncompressed contents which you have verified as
identical to the distributed file.

> I'm not sure what the solution to this is.  It is important that the
> .tar.gz file generated by xdelta is the same as the .tar.gz file
> distributed by FTP, or there will be problems.

I see no problem here.

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2008-03-31 20:12 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <mailman.9453.1206556695.18990.info-gnu-emacs@gnu.org>
2008-03-31 15:09 ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Joe Wells
2008-03-31 19:40   ` release checksum issue related to xdelta file, how to check .sig files Glenn Morris
2008-03-31 20:12   ` release checksum issue related to xdelta file, how to check .sig files (was: Emacs 22.2 released) Andreas Schwab
     [not found] ` <mailman.9734.1206991563.18990.bug-gnu-emacs@gnu.org>
2008-03-31 19:54   ` Joe Wells

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.