-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SUGGESTION] Please provide checksums for at least the firmware files offered on website. #176
Comments
+1 for checksums -- but FWIW, the issue with that some-builds tarball isn't that it's corrupt as much as that it's empty. All I get is ~200MB of null bytes! |
You're right, there appears to be no actual data in them, just null bytes. There's quite a number of files that are like that;
EDIT:
|
We lost a raid disk and had a bad time trying to recover some time back, so some files were lost. The 'all builds' things I can just delete and re-create as needed. Others are more difficult to repair, though evidently most of the firmware images should be somewhere on owrt cache servers. If someone wants to find those that matter and send them to me, I'll repopulate my web server. |
Sorry to hear that. I have went ahead and grabbed the firmware files from openwrt downloads, in a bid to try and help with the process. Turns out, the downloads that I got from mirroring the releases, following a very specific Long story short, I have decided to share my findings (temporarily) on my own repo, due to the unlikeliness of these findings would be what is missing. In my repo, For those interested in re-creating what/how I went about on this, the instructions are loosely as follows:
Not entirely sure where else I could go possibly look. |
[SUGGESTION] Please provide checksums for at least the firmware files offered on website.
First and foremost, I would like to thank the project owner for providing public access to their project. In addition, continually hosting a history of commits for virtually each and every changes to the firmware files.
The files hosted on Candelatech website lacks checksums despite having timestamps of when they were last modified. This last modification date is not particularly useful to know whether or not if a user downloads the file, its integrity could be ensured, and may help explain other inconsistencies. Firmware files, in particular can be very susceptible to corruption when the mechanism for transparency is lacking due to NDA agreement, which is understandable but of a different matter.
As an example, when downloading a specific compressed tarball from the website, in this case it is some_builds-9984-Q.tar.gz. The contents cannot be read:
When invoking
file
on the exact same file, it returns that it is not a validgzip
file:However, this is not the case with other compressed tarballs. Take for example the all_builds-9984-H-dec-7-2020.tar.gz in which the contents could be read, and thus extracted.
The example is reproducible in 10 out of 10 times when trying to enumerate the contents of
some_builds-9984-Q.tar.gz
compressed tarball after repeatedly downloading it from the website. This data corruption could have a potential cascading effect on firmware files that are stored as-is on the website.An example of where checksums are provided on the website can be found on a similar project, but an old website hosting (Intersil/Conexant) Prism54 firmware, alternative/archived link in case the website is down or unreachable.
The text was updated successfully, but these errors were encountered: