Simon Josefsson wrote: > +XMv72pyPrDiGrukOrQ9UwgLh+bbekQhQWuyaEmEf3Co= gnulib-20250303.bundle > +c3X/89WHMIRVqGpOHHQPZfw2bcxnZEIkgOam7WwRUyw= gnulib-20250729.bundle > +6kYv60oHv7kXpkJM2vUlADWNmh62nus1xA80bJJiJEs= gnulib-20260109.bundle > @end example
Like in build-aux/announce-gen, we should explain how to verify these checksums. Note that the --check option works only with coreutils 9.9 or newer, with this input syntax: $ echo '6kYv60oHv7kXpkJM2vUlADWNmh62nus1xA80bJJiJEs= gnulib-20260109.bundle' \ | /9.8/bin/cksum -a sha3 --check cksum: 'standard input': no properly formatted checksum lines found $ echo '6kYv60oHv7kXpkJM2vUlADWNmh62nus1xA80bJJiJEs= gnulib-20260109.bundle' \ | /9.9/bin/cksum -a sha3 --check gnulib-20260109.bundle: OK 2026-01-09 Bruno Haible <[email protected]> doc: Improvements for gnulib git bundle. * doc/gnulib-git-bundle.texi: Explain how to verify the checksums. diff --git a/doc/gnulib-git-bundle.texi b/doc/gnulib-git-bundle.texi index 171f5cfe90..60890088f0 100644 --- a/doc/gnulib-git-bundle.texi +++ b/doc/gnulib-git-bundle.texi @@ -35,6 +35,13 @@ 6kYv60oHv7kXpkJM2vUlADWNmh62nus1xA80bJJiJEs= gnulib-20260109.bundle @end example +Verify the SHA256 checksum +with either @code{sha256sum}, @code{sha256}, or @code{shasum -a 256}. + +Verify the base64 SHA3-256 checksum +with @code{cksum -a sha3 -l 256 --base64} from coreutils 9.8 or newer, +or with @code{cksum -a sha3 --check} from coreutils 9.9 or newer. + Next to the Git Bundle is a GnuPG signature on the file, named @code{gnulib-YYYYMMDD.bundle.sig}, which can be verified using GnuPG as usual:
