You are not logged in.
- Topics: Active | Unanswered
#1 2010-08-28 04:05:42
- jalu
- Member
- Registered: 2009-04-05
- Posts: 140
How do I know that my md5sum is correct?
This is a non-critical issue, but one I'm interested in.
The PKGBUILD manpage and Wiki entry explain that makepkg -g can be used to easily generate md5sums of source files. I was wondering -- what if a source file is corrupted while I am downloading it? How useful would the md5sum be in that situation?
Maybe I am just misunderstanding the purpose of the md5sums. Any insight would be greatly appreciated. Thanks!
Offline
#2 2010-08-28 04:19:02
- Inxsible
- Forum Fellow
- From: Chicago
- Registered: 2008-06-09
- Posts: 9,183
Re: How do I know that my md5sum is correct?
md5sums are usually provided along with all files to verify the correct download. You can download the file, and then generate the md5sum which you can check against what the original uploader had. Usually, you will see links to md5s right next to the file that you are downloading (provided, of course, that the original uploader has created it in the first place)
There's no such thing as a stupid question, but there sure are a lot of inquisitive idiots !
Offline
#4 2010-08-28 13:31:22
- jalu
- Member
- Registered: 2009-04-05
- Posts: 140
Re: How do I know that my md5sum is correct?
Thank you both for the information.
I am familiar with md5sums, but what I was wondering was this -- how useful can an md5sum be if I need to generate it myself, rather than getting the md5sum from the author of the file?
The author of the source file I am using does not provide an md5sum. I needed to generate and md5sum myself when writing the package, but doesn't that defeat the purpose? If the source file was corrupted while I was downloading it (for some strange reason) my md5sum would be a fingerprint of a corrupt file. Anyone using my PKGBUILD would be able to install my package only if their source file becomes corrupt like mine did.
Basically, I was wondering how an md5sum can have much value unless it is provided by the author of the file.
Thanks again.
Offline
#5 2010-08-28 16:01:41
- Stefan Husmann
- Member
- From: Germany
- Registered: 2007-08-07
- Posts: 1,391
Re: How do I know that my md5sum is correct?
If you can build your package afterwards this is a good indicator that the md5sums must be correct.
Offline
#6 2010-08-29 00:20:51
- lswest
- Member
- From: Munich, Germany
- Registered: 2008-06-14
- Posts: 456
- Website
Re: How do I know that my md5sum is correct?
Also, if you have a package in the AUR that users use, you'll soon enough know if your md5sum doesn't work based on the response from users. My basic system is this: download the package once, md5sum, and repeat (if I get a different md5sum, repeat again), create the PKGBUILD, and see if anyone else gets a different md5sum.
It's not ideal, but it gives you a good enough indicator - which is really all one can hope for in that kind of situation.
Lswest <- the first letter of my username is a lowercase "L".
"...the Linux philosophy is "laugh in the face of danger". Oops. Wrong one. "Do it yourself". That's it." - Linus Torvalds
Offline
#7 2010-08-29 15:46:03
- jalu
- Member
- Registered: 2009-04-05
- Posts: 140
Re: How do I know that my md5sum is correct?
This is all very interesting.
What you're saying, Iswest, definitely makes sense. I have come across packages with incorrect md5sums in the past, but the community has always pointed out the error. I'll keep that in mind.
Thanks for the information, everyone.
Last edited by jalu (2010-08-29 15:48:22)
Offline