SHASUM mismatch for node-v4.6.0.pkg #956
Comments
|
@Quelltexter it would appear that you are checking the SHA1 not the SHA256 $ shasum node-v4.6.0.pkg
c4a21a5c01b8146dd87fa988f259e8736010ac18 node-v4.6.0.pkg
$ shasum -a 256 node-v4.6.0.pkg
0359c50c5d7e887c7f17d7ea4f42b1776ac8df263c6471bf8054b5c9f3d42a67 node-v4.6.0.pkgYou can find instructions for verifying the binary in our readme For OSX $ grep node-v4.6.0.tar.gz SHASUMS256.txt | shasum -c -I'm going to close this, but feel free to ask any questions |
|
Oh, I see, but why starts the list with this:
|
|
/cc @rvagg |
|
Yeah, that's confusing sorry about that, that 'Hash: SHA1' is output from gpg and only relates to the signing of the file, not the shasums of the individual files! We might be able to change the digest algorithm when signing though. This isn't the first time it's caused confusion! |
|
improvement @ nodejs/node#9071 to make it say |
|
Thank you for clarification. I had the impression, both hash algorithm had been used the other way around (without careful inspection of hash length). So, in the end it is the way gpg works, that brings up some kind of confusion. Maybe a switch to a public shasum git repository is an alternative way to protect the shasum list. Anyway thanks to both of you for the quick support in this case. |
shasum Downloads/node-v4.6.0.pkg
... is not equal to listed shasum at https://nodejs.org/dist/v4.6.0/SHASUMS256.txt.asc
The text was updated successfully, but these errors were encountered: