Marc, thanks, the issue is:
hagal:R-3.5.0$ openssl sha R-3.5.0-el-capitan-signed.pkg SHA(R-3.5.0-el-capitan-signed.pkg)= 9f5f3365afee54d3fe3148a60c1405955916f076 hagal:R-3.5.0$ openssl sha1 R-3.5.0-el-capitan-signed.pkg SHA1(R-3.5.0-el-capitan-signed.pkg)= 6e90d38892bb366630ae30c223a898e8af84dff7 so either we change the label to SHA (or SHA-0?) or change the checksum. In the root we actually provide both, even if that may or may not be relevant. For now I did the latter in the index.html. Cheers, Simon > On Apr 25, 2018, at 7:57 AM, Marc Schwartz <marc_schwa...@me.com> wrote: > > Hi All, > > Last month: > > https://stat.ethz.ch/pipermail/r-sig-mac/2018-March/012691.html > > there was a report that the SHA-1 hash of the R-3.4.4.pkg, as listed on CRAN, > was not correct, even though the MD5 hash and the digital signature appeared > to be correct. > > The same phenomenon is the case with R-3.5.0.pkg. > > The MD5 hash on CRAN is: > > MD5-hash: 414029c9c9f706d3d04baa887ccffbc4 > > and I get: > > md5 R-3.5.0.pkg > MD5 (R-3.5.0.pkg) = 414029c9c9f706d3d04baa887ccffbc4 > > from the CLI on my Mac. > > However, the SHA-1 hash on CRAN is: > > SHA-hash: 9f5f3365afee54d3fe3148a60c1405955916f076 > > and I get: > > shasum R-3.5.0.pkg > 6e90d38892bb366630ae30c223a898e8af84dff7 R-3.5.0.pkg > > from the CLI on my Mac. > > It would seem that there is a lingering issue with the generation of the > SHA-1 hash value on CRAN. > > Thanks, > > Marc Schwartz > > _______________________________________________ > R-SIG-Mac mailing list > R-SIG-Mac@r-project.org > https://stat.ethz.ch/mailman/listinfo/r-sig-mac _______________________________________________ R-SIG-Mac mailing list R-SIG-Mac@r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
