Bug 20954: Checking OS X bundles with sha256sum does not work
Georg Koppen commited on 2016-12-13 12:47:28
Zeige 1 geänderte Dateien mit 4 Einfügungen und 1 Löschungen.
Due to Apple's codesigning requirement one can't simply compare hash values to check whether a self-compiled bundle is matching the one we ship. Yet our documentation seems to imply that. We should point this problem out for now until we come up with a better solution.
- docs/en/verifying-signatures.wml 12678b074..95cdb01fc
| ... | ... |
@@ -230,7 +230,10 @@ |
| 230 | 230 |
Windows you can use the <a href="http://md5deep.sourceforge.net/"> |
| 231 | 231 |
hashdeep utility</a> and run |
| 232 | 232 |
<pre>C:\location\where\you\saved\hashdeep -c sha256sum <TOR BROWSER FILE NAME>.exe</pre> |
| 233 |
- On Mac or Linux you can run <pre>shasum -a 256 <TOR BROWSER FILE NAME>.dmg</pre> or <pre>sha256sum <TOR BROWSER FILE NAME>.tar.gz</pre> without having to download a utility.</li> |
|
| 233 |
+ <p>On Linux you can run</p> |
|
| 234 |
+ <pre>sha256sum <TOR BROWSER FILE NAME>.tar.gz</pre> |
|
| 235 |
+ without having to download a utility. Note: this does not work for OS X |
|
| 236 |
+ yet due to Apple's codesigning requirement.</li> |
|
| 234 | 237 |
<li>You will see a string of letters and numbers.</li> |
| 235 | 238 |
<li>Open <tt>sha256sums-unsigned-build.txt</tt> in a text editor.</li> |
| 236 | 239 |
<li>Locate the name of the Tor Browser file you downloaded.</li> |
| 237 | 240 |