[tor-commits] [webwml/staging] Bug 20954: Checking OS X bundles with sha256sum does not work
hiro at torproject.org
hiro at torproject.org
Wed Jan 11 15:01:07 UTC 2017
commit 67fd39679adbb1db5fc1af49e40332037e769508
Author: Georg Koppen <gk at torproject.org>
Date: Mon Dec 12 18:58:41 2016 +0000
Bug 20954: Checking OS X bundles with sha256sum does not work
Due to Apple's codesigning requirement one can't simply compare hash
values to check whether a self-compiled bundle is matching the one we
ship. Yet our documentation seems to imply that. We should point this
problem out for now until we come up with a better solution.
---
docs/en/verifying-signatures.wml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/docs/en/verifying-signatures.wml b/docs/en/verifying-signatures.wml
index 12678b0..95cdb01 100644
--- a/docs/en/verifying-signatures.wml
+++ b/docs/en/verifying-signatures.wml
@@ -230,7 +230,10 @@
Windows you can use the <a href="http://md5deep.sourceforge.net/">
hashdeep utility</a> and run
<pre>C:\location\where\you\saved\hashdeep -c sha256sum <TOR BROWSER FILE NAME>.exe</pre>
- On Mac or Linux you can run <pre>shasum -a 256 <TOR BROWSER FILE NAME>.dmg</pre> or <pre>sha256sum <TOR BROWSER FILE NAME>.tar.gz</pre> without having to download a utility.</li>
+ <p>On Linux you can run</p>
+ <pre>sha256sum <TOR BROWSER FILE NAME>.tar.gz</pre>
+ without having to download a utility. Note: this does not work for OS X
+ yet due to Apple's codesigning requirement.</li>
<li>You will see a string of letters and numbers.</li>
<li>Open <tt>sha256sums-unsigned-build.txt</tt> in a text editor.</li>
<li>Locate the name of the Tor Browser file you downloaded.</li>
More information about the tor-commits
mailing list