[tor-bugs] #19494 [Community]: Invalid SHA256 on version 6.0.1 et 6.0.2
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 23 20:41:13 UTC 2016
#19494: Invalid SHA256 on version 6.0.1 et 6.0.2
-------------------------+---------------------------
Reporter: cypherpunks | Owner:
Type: project | Status: closed
Priority: Low | Milestone:
Component: Community | Version:
Severity: Normal | Resolution: not a bug
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+---------------------------
Changes (by boklm):
* status: new => closed
* resolution: => not a bug
Comment:
The `sha256sums-unsigned-build.txt` file contains the hashes of the
bundles before they are signed.
For the Windows bundles, you can use `osslsigncode` to remove the
signature. It is available in this git repository:
http://git.code.sf.net/p/osslsigncode/osslsigncode/
Then you can do:
{{{
$ sha256sum torbrowser-install-6.0.2_en-US.exe
3a2e05304345936fd713b638612088fa0914102389c15c7bf7aa1d74803e5db8
torbrowser-install-6.0.2_en-US.exe
$ ./osslsigncode remove-signature torbrowser-install-6.0.2_en-US.exe
torbrowser-install-6.0.2_en-US.exe-unsigned
Succeeded
$ sha256sum torbrowser-install-6.0.2_en-US.exe-unsigned
697a1d592c46138f894f9c03db54393bf61dd53df1b1043844f59f7e85439d1b
torbrowser-install-6.0.2_en-US.exe-unsigned
}}}
We are still working on the instructions to remove the code signing on the
.dmg files. This is ticket #18925.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19494#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list