Unable to verify rclone binaries

WaiCeeh · May 28, 2017, 2:44pm

I always verify the integrity of software I manually download and install by checking the checksums against a PGP-signed checksum file, but in the case of rclone I unable to find such file. Is it correct that neither signed or non-signed checksums are available for rclone?

If so, can anyone confirm these SHA-256 checksums:

aa34d338e9144df8a34bb60a9bc3a38d32b357dbce73a2c03523e4d070e8d935  rclone-v1.36-linux-amd64.zip
10abb1d25f0e3eb6e98f8894c6e5ecd20d22aeee7bbade84e9e4e816491a3330  rclone-v1.36-windows-amd64.zip

calisro · May 28, 2017, 3:09pm

There is an issue to generate them… For now compile your own. It’s pretty easy with go.

ncw · May 28, 2017, 5:13pm

I couldn’t find an issue for this?

calisro · May 28, 2017, 6:29pm

I can’t find it either now. I was sure I saw something about this but maybe it was just a forum post!

ncw · May 28, 2017, 9:50pm

@WaiCeeh do you want to make an issue about this since we don’t seem to be able to find one?

WaiCeeh · May 29, 2017, 12:29am

@ncw I have now created an issue: https://github.com/ncw/rclone/issues/1449

Filippo Valsorda has made a blog post about reproducing Go binaries and luckily he used rclone version 1.3 as an example, so I was able to get the correct checksum for the Linux version, which I needed the most.