Information About This Lsof Distribution
What You Have
If you got this far without being confused, then you are probably
familiar with the construction of the lsof distribution or you have
read RELEASE.SUMMARY_4.87. If either is the case, please skip to
the Inventory section. If you haven't read RELEASE.SUMMARY_4.87,
I suggest you do it now, because it explains how the lsof distribution
is constructed and other useful things about lsof, including a
summary of changes for the past few lsof revisions.
Even though you may have thought you were getting lsof.tar.bz2,
lsof.tar.gz or lsof.tar.Z with ftp, you really got lsof_4.87.tar.bz2,
lsof_4.87.tar.gz or lsof_4.87.tar.Z. That's because the triplet of
lsof.tar.* files are symbolic links to their longer-named counterparts.
The bzip2'd, gzip'd or compressed tar files with lsof_, followed by a
number, are wrapper archives, designed to package the lsof source
archive, this file, other documentation files, and a GPG authentication
The number, 4.87, is the lsof revision number. When you bunzip2'd,
gunzip'd or uncompressed lsof_4.87.tar.* and used tar to unpack
lsof_4.87.tar, you got: 00.README.FIRST_4.87, describing the contents
of lsof_4.87; README.lsof_4.87; lsof_4.87_src.tar; and
lsof_4.87_src.tar.sig. All are identified with the revision number.
You're reading README.lsof_4.87. lsof_4.87_src.tar.sig is a GPG
certificate that authenticates the lsof source archive,
After you read the Inventory and Security sections, and hopefully
after you check the GPG certificate, unpack the lsof_4.87_src.tar
source archive and you will get a sub-directory, named lsof_4.87_src,
that contains the lsof 4.87 source distribution.
Once you have unpacked lsof_4.87_src.tar.tar, you can check
lsof_4.87_src for completeness by changing to that sub-directory
and running the Inventory script. The lsof_4.87_src/Configure
script runs the Inventory script, too. The Configure script also
calls a customization script, called Customize. You can direct
Configure to avoid calling Inventory and Customize with the -n
See the Distribution Contents section of the 00DIST file and The
Inventory Script section of the 00README file for more information
on the contents of the lsof distribution, and the Configure,
Customize and Inventory scripts. The 00DIST and 00README files
will be found in the lsof_4.87_src sub-directory you just created.
The md5 checksum for lsof_4.87_src.tar is:
MD5 (lsof_4.87_src.tar) = d451291231fcfeec92b5a9a2b7fff4e5
A good source for an MD5 checksum computation tool is the OpenSSL
project whose work may be found at:
You can use the openssl "dgst" operator to compute an MD5 checksum --
$ openssl dgst -md5 lsof_4.87_src
The old-style sum(1) checksum for lsof_4.87_src.tar (Please read
the next paragraph if you don't get this value.) is:
45946 8490 lsof_4.87/lsof_4.87_src.tar
If your dialect's sum(1) program defaults to the new style algorithm
(e.g., Solaris), you may have to use its -r option (or use the
Solaris /usr/ucb/sum). If your Unix dialect doesn't have a sum(1)
program (e.g., FreeBSD, or NetBSD), use its cksum(1) program with
the -o1 option to get an old-style checksum. You may also need to
ignore the block count, depending on the block size used on your
your system (i.e., 512 or 1,024). The sum(1) that produced the
above checksum considers block size to be 512; in contrast the BSD
cksum(1) programs' -o1 option considers block size to be 1,024.
lsof_4.87_src.tar.sig is a GPG certificate file, using my public
key. My key may be available on some public key servers under the
Victor A. Abell <email@example.com>
Victor A. Abell <firstname.lastname@example.org>
You will also find it at:
Get my key and install it in your public key ring.
Once my key is installed, use this command to check the certificate
gpg --verify lsof_4.87_src.tar.sig lsof_4.87_src.tar
If the certificate check isn't good, lsof_4.87_src.tar is suspect.
Report the problem to me via e-mail at <email@example.com>.
If you don't have GPG, you can compare the md5 checksum of
lsof_4.87_src.tar to the value listed in this file. However, that
is a less reliable authentication method, since it can't detect
changes to both lsof_4.87_src.tar and the md5 checksum value listed
in this tile.
Signature information for the distribution file that contains
this file may be found in the CHECKSUMS file that is located
where the distribution file was found.
Victor A. Abell <firstname.lastname@example.org>
Wed Jan 2 12:52:06 EST 2013