[R-SIG-Mac] SHA-1 Hash for R-3.5.0.pkg Incorrect

Simon Urbanek simon.urbanek at R-project.org
Wed Apr 25 20:54:02 CEST 2018


Marc,

thanks, the issue is:

hagal:R-3.5.0$ openssl sha R-3.5.0-el-capitan-signed.pkg
SHA(R-3.5.0-el-capitan-signed.pkg)= 9f5f3365afee54d3fe3148a60c1405955916f076

hagal:R-3.5.0$ openssl sha1 R-3.5.0-el-capitan-signed.pkg
SHA1(R-3.5.0-el-capitan-signed.pkg)= 6e90d38892bb366630ae30c223a898e8af84dff7

so either we change the label to SHA (or SHA-0?) or change the checksum. In the root we actually provide both, even if that may or may not be relevant. For now I did the latter in the index.html.

Cheers,
Simon





> On Apr 25, 2018, at 7:57 AM, Marc Schwartz <marc_schwartz at me.com> wrote:
> 
> Hi All,
> 
> Last month:
> 
>  https://stat.ethz.ch/pipermail/r-sig-mac/2018-March/012691.html
> 
> there was a report that the SHA-1 hash of the R-3.4.4.pkg, as listed on CRAN, was not correct, even though the MD5 hash and the digital signature appeared to be correct.
> 
> The same phenomenon is the case with R-3.5.0.pkg.
> 
> The MD5 hash on CRAN is:
> 
> MD5-hash: 414029c9c9f706d3d04baa887ccffbc4 
> 
> and I get:
> 
> md5 R-3.5.0.pkg
> MD5 (R-3.5.0.pkg) = 414029c9c9f706d3d04baa887ccffbc4
> 
> from the CLI on my Mac.
> 
> However, the SHA-1 hash on CRAN is:
> 
> SHA-hash: 9f5f3365afee54d3fe3148a60c1405955916f076 
> 
> and I get:
> 
> shasum R-3.5.0.pkg
> 6e90d38892bb366630ae30c223a898e8af84dff7  R-3.5.0.pkg
> 
> from the CLI on my Mac.
> 
> It would seem that there is a lingering issue with the generation of the SHA-1 hash value on CRAN.
> 
> Thanks,
> 
> Marc Schwartz
> 
> _______________________________________________
> R-SIG-Mac mailing list
> R-SIG-Mac at r-project.org
> https://stat.ethz.ch/mailman/listinfo/r-sig-mac



More information about the R-SIG-Mac mailing list