| |
| Information About This Lsof Distribution |
| |
| |
| What You Have |
| ============= |
| |
| If you got this far without being confused, then you are probably |
| familiar with the construction of the lsof distribution or you have |
| read RELEASE.SUMMARY_4.85. If either is the case, please skip to |
| the Inventory section. If you haven't read RELEASE.SUMMARY_4.85, |
| I suggest you do it now, because it explains how the lsof distribution |
| is constructed and other useful things about lsof, including a |
| summary of changes for the past few lsof revisions. |
| |
| Even though you may have thought you were getting lsof.tar.bz2, |
| lsof.tar.gz or lsof.tar.Z with ftp, you really got lsof_4.85.tar.bz2, |
| lsof_4.85.tar.gz or lsof_4.85.tar.Z. That's because the triplet of |
| lsof.tar.* files are symbolic links to their longer-named counterparts. |
| |
| The bzip2'd, gzip'd or compressed tar files with lsof_, followed by a |
| number, are wrapper archives, designed to package the lsof source |
| archive, this file, other documentation files, and a GPG authentication |
| certificate together. |
| |
| The number, 4.85, is the lsof revision number. When you bunzip2'd, |
| gunzip'd or uncompressed lsof_4.85.tar.* and used tar to unpack |
| lsof_4.85.tar, you got: 00.README.FIRST_4.85, describing the contents |
| of lsof_4.85; README.lsof_4.85; lsof_4.85_src.tar; and |
| lsof_4.85_src.tar.sig. All are identified with the revision number. |
| You're reading README.lsof_4.85. lsof_4.85_src.tar.sig is a GPG |
| certificate that authenticates the lsof source archive, |
| lsof_4.85_src.tar. |
| |
| After you read the Inventory and Security sections, and hopefully |
| after you check the GPG certificate, unpack the lsof_4.85_src.tar |
| source archive and you will get a sub-directory, named lsof_4.85_src, |
| that contains the lsof 4.85 source distribution. |
| |
| |
| Inventory |
| ========= |
| |
| Once you have unpacked lsof_4.85_src.tar.tar, you can check |
| lsof_4.85_src for completeness by changing to that sub-directory |
| and running the Inventory script. The lsof_4.85_src/Configure |
| script runs the Inventory script, too. The Configure script also |
| calls a customization script, called Customize. You can direct |
| Configure to avoid calling Inventory and Customize with the -n |
| option. |
| |
| See the Distribution Contents section of the 00DIST file and The |
| Inventory Script section of the 00README file for more information |
| on the contents of the lsof distribution, and the Configure, |
| Customize and Inventory scripts. The 00DIST and 00README files |
| will be found in the lsof_4.85_src sub-directory you just created. |
| |
| |
| Security |
| ======== |
| |
| The md5 checksum for lsof_4.85_src.tar is: |
| |
| MD5 (lsof_4.85_src.tar) = 93d972459bbae304951b438d63e03e64 |
| |
| A good source for an MD5 checksum computation tool is the OpenSSL |
| project whose work may be found at: |
| |
| www.openssl.org |
| |
| You can use the openssl "dgst" operator to compute an MD5 checksum -- |
| e.g., |
| |
| $ openssl dgst -md5 lsof_4.85_src |
| |
| The old-style sum(1) checksum for lsof_4.85_src.tar (Please read |
| the next paragraph if you don't get this value.) is: |
| |
| 62553 8391 lsof_4.85/lsof_4.85_src.tar |
| |
| If your dialect's sum(1) program defaults to the new style algorithm |
| (e.g., Solaris), you may have to use its -r option (or use the |
| Solaris /usr/ucb/sum). If your Unix dialect doesn't have a sum(1) |
| program (e.g., FreeBSD, or NetBSD), use its cksum(1) program with |
| the -o1 option to get an old-style checksum. You may also need to |
| ignore the block count, depending on the block size used on your |
| your system (i.e., 512 or 1,024). The sum(1) that produced the |
| above checksum considers block size to be 512; in contrast the BSD |
| cksum(1) programs' -o1 option considers block size to be 1,024. |
| |
| lsof_4.85_src.tar.sig is a GPG certificate file, using my public |
| key. My key may be available on some public key servers under the |
| names: |
| |
| Victor A. Abell <abe@cc.purdue.edu> |
| or |
| Victor A. Abell <abe@purdue.edu> |
| |
| You will also find it at: |
| |
| ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/Victor_A_Abell.gpg |
| |
| Get my key and install it in your public key ring. |
| |
| Once my key is installed, use this command to check the certificate |
| of lsof_4.85_src.tar: |
| |
| gpg --verify lsof_4.85_src.tar.sig lsof_4.85_src.tar |
| |
| If the certificate check isn't good, lsof_4.85_src.tar is suspect. |
| Report the problem to me via e-mail at <abe@purdue.edu>. |
| |
| If you don't have GPG, you can compare the md5 checksum of |
| lsof_4.85_src.tar to the value listed in this file. However, that |
| is a less reliable authentication method, since it can't detect |
| changes to both lsof_4.85_src.tar and the md5 checksum value listed |
| in this tile. |
| |
| Other Security |
| ============== |
| |
| Signature information for the distribution file that contains |
| this file may be found in the CHECKSUMS file that is located |
| where the distribution file was found. |
| |
| |
| Victor A. Abell <abe@purdue.edu> |
| Tue Sep 27 14:06:26 EDT 2011 |