SHA-256 checksum mismatch

List overview All Threads
Download

newer

older

[GSoC] CONIKS for Tor Messenger -...

Tor Messenger Sources

Tuuranton

2 Jun 2016 2 Jun '16

7:59 a.m.

The SHA-256 checksum of the downloaded file https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dm... is on my computer 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c

But according to the text file https://dist.torproject.org/torbrowser/6.0/sha256sums-unsigned-build.txt the SHA-256 checksum of the file TorBrowser-6.0-osx64_en-US.dmg should be d68d01889ba38764ebf2057b3cd3263f638a74205031a6d1df11ab8ca13a3618

Why the mismatch?

Attachments:

attachment.html (text/html — 936 bytes)

Show replies by date

Yawning Angel

2 Jun 2 Jun

8:31 a.m.

On Thu, 02 Jun 2016 03:59:04 -0400 Tuuranton tuuranton@protonmail.ch wrote:

...

The SHA-256 checksum of the downloaded file https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dm... is on my computer 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c

the SHA-256 checksum of the file TorBrowser-6.0-osx64_en-US.dmg should be d68d01889ba38764ebf2057b3cd3263f638a74205031a6d1df11ab8ca13a3618

Why the mismatch?

"sha256sums-UNSIGNED-build.txt"

Guess the actual release blog post didn't carry over the blurb covering this (though 6.0a5 did):

...

We plan to post instructions for removing the code signing parts on our website soon. This should make it easier to compare the bundles we build with the actual bundles we ship.

The instructions don't exist yet, see #18925.

Regards,

-- Yawning Angel

Georg Koppen

8:32 a.m.

Tuuranton:

...

The SHA-256 checksum of the downloaded file https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dm... is on my computer 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c

But according to the text file https://dist.torproject.org/torbrowser/6.0/sha256sums-unsigned-build.txt the SHA-256 checksum of the file TorBrowser-6.0-osx64_en-US.dmg should be d68d01889ba38764ebf2057b3cd3263f638a74205031a6d1df11ab8ca13a3618

Why the mismatch?

This is due to OS X code-signing that arrived with Tor Browser 6.0. See: https://blog.torproject.org/blog/tor-browser-60-released third section.

We are working on providing instructions on how to remove the code-signature in order to get the same SHA256 sum as the pre-signed bundle. See: https://bugs.torproject.org/18925 for these efforts.

Georg

3080

Age (days ago)

3080

Last active (days ago)

tor-dev@lists.torproject.org

2 comments

3 participants

tags (0)

participants (3)

Georg Koppen
Tuuranton
Yawning Angel