[tor-commits] [webwml/staging] Bug 20954: Checking OS X bundles with sha256sum does not work

hiro at torproject.org hiro at torproject.org
Wed Jan 11 15:01:07 UTC 2017


commit 67fd39679adbb1db5fc1af49e40332037e769508
Author: Georg Koppen <gk at torproject.org>
Date:   Mon Dec 12 18:58:41 2016 +0000

    Bug 20954: Checking OS X bundles with sha256sum does not work
    
    Due to Apple's codesigning requirement one can't simply compare hash
    values to check whether a self-compiled bundle is matching the one we
    ship. Yet our documentation seems to imply that. We should point this
    problem out for now until we come up with a better solution.
---
 docs/en/verifying-signatures.wml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/en/verifying-signatures.wml b/docs/en/verifying-signatures.wml
index 12678b0..95cdb01 100644
--- a/docs/en/verifying-signatures.wml
+++ b/docs/en/verifying-signatures.wml
@@ -230,7 +230,10 @@
       Windows you can use the <a href="http://md5deep.sourceforge.net/">
       hashdeep utility</a> and run
       <pre>C:\location\where\you\saved\hashdeep -c sha256sum <TOR BROWSER FILE NAME>.exe</pre>
-      On Mac or Linux you can run <pre>shasum -a 256 <TOR BROWSER FILE NAME>.dmg</pre> or <pre>sha256sum <TOR BROWSER FILE NAME>.tar.gz</pre> without having to download a utility.</li>
+      <p>On Linux you can run</p>
+      <pre>sha256sum <TOR BROWSER FILE NAME>.tar.gz</pre>
+      without having to download a utility. Note: this does not work for OS X
+      yet due to Apple's codesigning requirement.</li>
       <li>You will see a string of letters and numbers.</li>
       <li>Open <tt>sha256sums-unsigned-build.txt</tt> in a text editor.</li>
       <li>Locate the name of the Tor Browser file you downloaded.</li>





More information about the tor-commits mailing list