Closed akwala closed 2 years ago
That's what I get, too. Let me re-run these.
I am thinking that's because it is before the digital signature. I sign the file after the build.
I am thinking that's because it is before the digital signature. I sign the file after the build.
Maybe provide the checksum generated after the *.deb is ready for downloading/installing?
Hi,
Do you mean something other than is already there? The .changes file has the sums prior to signature, while this list has sums for after the signature.
Or maybe it's that I don't link to the Gitlab wiki from the Github download page? (edit: Just in case, I do now)
Hi,
Do you mean something other than is already there? The .changes file has the sums prior to signature, while this list has sums for after the signature.
Or maybe it's that I don't link to the Gitlab wiki from the Github download page? (edit: Just in case, I do now)
Ah, I see.
Checksums provided with releases are usually those that can be checked against the respective downloaded files – i.e., the ones on your GitLab wiki page which, BTW, is very helpful. Verifying the *.changes file requires some knowledge of related details of DEB files – this led me to look this up so I'm not complaining. I'd include a file with the post-signature checksums on the release page.
From
clamtk_6.14-1_amd64.changes
at https://github.com/dave-theunsub/clamtk/releases/tag/v6.14:What I get (downloaded twice with same result):