24 Mar
2004
24 Mar
'04
4:14 p.m.
On Wed, 24 Mar 2004, Paul Millar wrote:
OK, I'll provide [file].cookie with [file]'s MD5Sum. But we will need to migrate to using the signatures: a simple md5sum doesn't pass muster.
They have different purposes. We use the md5sum just like you do, to determine if the client needs to download the new winetest.
If it helps, here's a quick-n-dirty sample of how to check a signature:
gpg -q --batch --verify winetest-20040323-2314.zip.sig >/tmp/gpg 2>&1 || (echo "Bad signature, gpg reported:"; awk '{print " ",$0}' /tmp/gpg)
The problem is that this needs to execute on the client box, so we need the gpg installed there. I don't know how this is going to work out. It's up to Chris, but we can skip this sig validation for now.
--
Dimi.