On 23/11/2025 13:05, Pádraig Brady wrote:
SHA256 (coreutils-9.9.35-cf973.tar.gz) =
tWYsM2przwPj1p9c1T0noDxRKTFixSWmZX5tzPZ6cW8=
SHA3-256 (coreutils-9.9.35-cf973.tar.gz) =
FgV2UuDSv+U3Ud9fdSA5mWRGQYZ9CAKx3wYCHiTm3Ls=
SHA256 (coreutils-9.9.35-cf973.tar.xz) =
BkhqCaxeKIT51WtP73fuja5ekZYb4DDhPzh88ux2glo=
SHA3-256 (coreutils-9.9.35-cf973.tar.xz) =
bD/kFhX/O1uQ9ciHUQygPa8YyotTBrmsV5Do+49yAV8=
I should also point out that with multiple files like above,
users would probably want the --ignore-missing cksum option.
It's also worth noting that cksum supports verifying gpg clearsigned files.
I.e., you can have a _single_ downloadable file (or pasteable from an email if
wanted)
that supports both gpg and cksum verification.
To generate that file, put the above checksums in say file.cksum, then:
gpg --clearsign file.cksum
Then make file.cksum.asc available which users can both:
cksum --check --ignore-missing file.cksum.asc
gpg --verify file.cksum.asc
cheers,
Padraig
