Opened 7 years ago

Last modified 8 months ago

#3980 needs_review enhancement

gettor should have a way to mail you sha1sums of our packages

Reported by: arma Owned by: kaner
Priority: Medium Milestone:
Component: Applications/GetTor Version:
Severity: Normal Keywords:
Cc:…, poly@…, ilv@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Some people can't fetch the full packages over gmail, because they're too big, because their gmail interactions are throttled, or because their Internet connection sucks too much to fetch 30MB.

We should have a way for them to ask gettor for sha1sums, and it will also include instructions for how to compare. Then they can get their Tor from wherever, and verify it.

Child Tickets

Change History (9)

comment:1 Changed 7 years ago by arma

Priority: normalmajor

comment:2 Changed 6 years ago by kaner

Owner: set to kaner
Status: newassigned

How about letting the user send an email with the trigger word "checksums" in the body of their email to GetTor?

The answer would include all currently known checksums.

GetTor could keep a checksums.txt file around that gets updated with every GetTor -p run (-p is how GetTor builds the packages to send out from the packages under /dist/.

comment:3 Changed 5 years ago by sukhbir

Cc:… added

comment:4 Changed 4 years ago by poly

Status: assignedneeds_review

I have implemented this feature and wanted to ask for feedback before submitting. I have modified "" and "" to support an additional type of request - "checksum". If the word checksum (case insensitive) matches anywhere in the email body, a list of all stored checksums in the email's locale is sent.

Here is sample output:
Find the actual implementation here:


comment:5 Changed 4 years ago by poly

Cc: poly@… added

comment:6 Changed 4 years ago by ilv

Cc: ilv@… added
Priority: majornormal

comment:7 Changed 4 years ago by ilv

The code looks good, but I'm not sure if this is the way we want to do it? I mean, to look for the checksums you open the links file and do some regexp, but this depends on the format of the message, which may change in the future. What if we add this feature in the scripts that upload the bundles to cloud services? We could generate a sha_checksums.txt file after the files have been uploaded, and all we have to do to send the checksums would be to send the contents of that file.

comment:8 Changed 3 years ago by ilv

After we automate the process of deliver the latest Tor Browser we could use this file:{{latest_version}}/sha256sums.txt (e.g.

comment:9 Changed 8 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.