Hello,
I'm searching for a way to verify the integrity of downloads from openldap.org. Many open source projects use to provide foo-$version.tar.gz.[asc|sha256sum] next to foo-$version.tar.gz
Is something similar available for openldap?
Andreas
On 12/10/20 10:35 PM, A. Schulze wrote:
I'm searching for a way to verify the integrity of downloads from openldap.org. Many open source projects use to provide foo-$version.tar.gz.[asc|sha256sum] next to foo-$version.tar.gz
The announcement e-mails contain hashes but no machine-readable files and only MD5 and SHA-1. :-/
Ciao, Michael.
--On Thursday, December 10, 2020 10:35 PM +0100 "A. Schulze" sca@andreasschulze.de wrote:
Hello,
I'm searching for a way to verify the integrity of downloads from openldap.org. Many open source projects use to provide foo-$version.tar.gz.[asc|sha256sum] next to foo-$version.tar.gz
Is something similar available for openldap?
Hi Andreas,
Each release announcement posted to the annuncement list contains the MD5 and SHA1 sums of the source tarball:
These files are additionally available from the download server:
https://www.openldap.org/software/download/OpenLDAP/openldap-release/
With 2.5, we'll be adding SHA3-512 hashes as well.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On 12/10/20 10:41 PM, Quanah Gibson-Mount wrote:
https://www.openldap.org/software/download/OpenLDAP/openldap-release/
With 2.5, we'll be adding SHA3-512 hashes as well.
Why not sign with a PGP key?
In openSUSE build system I can add a keyring for a package. And OBS will check the signature. I'd happily add a keyring there for the openldap2 package.
Ciao, Michael.
--On Thursday, December 10, 2020 10:46 PM +0100 Michael Ströder michael@stroeder.com wrote:
On 12/10/20 10:41 PM, Quanah Gibson-Mount wrote:
https://www.openldap.org/software/download/OpenLDAP/openldap-release/
With 2.5, we'll be adding SHA3-512 hashes as well.
Why not sign with a PGP key?
Done. https://www.openldap.org/software/download/
The pubkey is also uploaded to both the MIT PGP keyserver and the Ubuntu PGP keyserver.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org