-
-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
md5sum files in Regolith .ISO .ZIP does not contain hash for .ISO file in .ZIP #692
Comments
It looks like the md5sum is generated here https://github.com/regolith-linux/regolith-ubuntu-iso-builder/blob/main/scripts/build.sh#L252 and then copied into the build space here: https://github.com/regolith-linux/regolith-ubuntu-iso-builder/blob/main/.github/workflows/build-jammy.yml#L29 and then zipped up here https://github.com/regolith-linux/regolith-ubuntu-iso-builder/blob/main/.github/workflows/build-jammy.yml#L36 I am curious what the thinking is behind providing md5 hashes of the ISO root folder, e.g. EFI files, etc. vs providing a hash to verify the ISO itself. Perhaps an md5sum hash of the ISO could be generated here https://github.com/regolith-linux/regolith-ubuntu-iso-builder/blob/main/.github/workflows/build-jammy.yml#L34 and published as part of the GH release? |
There was no thinking...I didn't realize this wasn't the ISO md5sum. Will fix. |
Rolled 2.2.1 to resolve this issue. More info here: https://regolith-desktop.com/docs/reference/Releases/regolith-2.1-release-notes/#211 |
In the Regolith ISO files, compressed as .ZIP files, there is a *.md5sum file, but it does not contain the hash for the included .ISO, instead it appears to contain hashes for the files at the root level of the ISO itself.
I am not sure if this is intentional, but as a user I think I would expect the .md5sum file in the .ZIP to contain a hash of the contents of the .ZIP, namely the .ISO.
The text was updated successfully, but these errors were encountered: