| 1 |
So, |
| 2 |
|
| 3 |
Since (forever) I have manually checked the .Digest and such using |
| 4 |
openssl or gpg, not unlike what is in the gentoo handbook. |
| 5 |
|
| 6 |
This is retarded, and I'm too old to do that now, so I went shopping |
| 7 |
for some script/tool/code to do it for me. I sure that a sinlple |
| 8 |
script with diff would be sufficient to compare the download hash |
| 9 |
against the one openssl generates... In fact, I do not know |
| 10 |
why the integrity check is not fully integrated into ftp. rsync. |
| 11 |
or whatever the download tool is? |
| 12 |
|
| 13 |
If futher suspicion warrants, I can always perform a manual spot check, |
| 14 |
but some integrated integrity should be part of the download process? |
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
But why not just use a simple script: |
| 19 |
|
| 20 |
<scriptname> package.just.downloaded package.just.downloaded.DIGESTS |
| 21 |
|
| 22 |
and have it return: |
| 23 |
|
| 24 |
<ok or match or corrupted> |
| 25 |
|
| 26 |
After all this is intuitively obviously, when I burn a cd/dvd |
| 27 |
and is an integrated option. |
| 28 |
|
| 29 |
??? |
| 30 |
|
| 31 |
So I found this python script "verify.py" |
| 32 |
|
| 33 |
https://bbs.archlinux.org/viewtopic.php?id=83839 |
| 34 |
|
| 35 |
|
| 36 |
Sure there is a slicker, newer, better scheme? |
| 37 |
Pardon my (lazy) ignorance here..... |
| 38 |
|
| 39 |
|
| 40 |
James |
Archives