summaryrefslogtreecommitdiff
path: root/README.lsof_4.87
blob: fe906c4642c2a980dab771076aa33966c0e09807 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

                Information About This Lsof Distribution


What You Have
=============

If you got this far without being confused, then you are probably
familiar with the construction of the lsof distribution or you have
read RELEASE.SUMMARY_4.87.  If either is the case, please skip to
the Inventory section.  If you haven't read RELEASE.SUMMARY_4.87,
I suggest you do it now, because it explains how the lsof distribution
is constructed and other useful things about lsof, including a
summary of changes for the past few lsof revisions.

Even though you may have thought you were getting lsof.tar.bz2,
lsof.tar.gz or lsof.tar.Z with ftp, you really got lsof_4.87.tar.bz2,
lsof_4.87.tar.gz or lsof_4.87.tar.Z.  That's because the triplet of
lsof.tar.* files are symbolic links to their longer-named counterparts.

The bzip2'd, gzip'd or compressed tar files with lsof_, followed by a
number, are wrapper archives, designed to package the lsof source
archive, this file, other documentation files, and a GPG authentication
certificate together.

The number, 4.87, is the lsof revision number.  When you bunzip2'd,
gunzip'd or uncompressed lsof_4.87.tar.* and used tar to unpack
lsof_4.87.tar, you got: 00.README.FIRST_4.87, describing the contents
of lsof_4.87; README.lsof_4.87; lsof_4.87_src.tar; and
lsof_4.87_src.tar.sig.  All are identified with the revision number.
You're reading README.lsof_4.87.  lsof_4.87_src.tar.sig is a GPG
certificate that authenticates the lsof source archive,
lsof_4.87_src.tar.

After you read the Inventory and Security sections, and hopefully
after you check the GPG certificate, unpack the lsof_4.87_src.tar
source archive and you will get a sub-directory, named lsof_4.87_src,
that contains the lsof 4.87 source distribution.


Inventory
=========

Once you have unpacked lsof_4.87_src.tar.tar, you can check
lsof_4.87_src for completeness by changing to that sub-directory
and running the Inventory script.  The lsof_4.87_src/Configure
script runs the Inventory script, too.  The Configure script also
calls a customization script, called Customize.  You can direct
Configure to avoid calling Inventory and Customize with the -n
option.

See the Distribution Contents section of the 00DIST file and The
Inventory Script section of the 00README file for more information
on the contents of the lsof distribution, and the Configure,
Customize and Inventory scripts.  The 00DIST and 00README files
will be found in the lsof_4.87_src sub-directory you just created.


Security
========

The md5 checksum for lsof_4.87_src.tar is:

  MD5 (lsof_4.87_src.tar) = d451291231fcfeec92b5a9a2b7fff4e5

A good source for an MD5 checksum computation tool is the OpenSSL
project whose work may be found at:

  www.openssl.org

You can use the openssl "dgst" operator to compute an MD5 checksum --
e.g.,

  $ openssl dgst -md5 lsof_4.87_src

The old-style sum(1) checksum for lsof_4.87_src.tar (Please read
the next paragraph if you don't get this value.) is:

  45946   8490 lsof_4.87/lsof_4.87_src.tar

If your dialect's sum(1) program defaults to the new style algorithm
(e.g., Solaris), you may have to use its -r option (or use the
Solaris /usr/ucb/sum).  If your Unix dialect doesn't have a sum(1)
program (e.g., FreeBSD, or NetBSD), use its cksum(1) program with
the -o1 option to get an old-style checksum.  You may also need to
ignore the block count, depending on the block size used on your
your system (i.e., 512 or 1,024).  The sum(1) that produced the
above checksum considers block size to be 512; in contrast the BSD
cksum(1) programs' -o1 option considers block size to be 1,024.

lsof_4.87_src.tar.sig is a GPG certificate file, using my public
key.  My key may be available on some public key servers under the
names:

    Victor A. Abell <abe@cc.purdue.edu>
 or
    Victor A. Abell <abe@purdue.edu>

You will also find it at:

  ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/Victor_A_Abell.gpg

Get my key and install it in your public key ring.

Once my key is installed, use this command to check the certificate
of lsof_4.87_src.tar:

    gpg --verify lsof_4.87_src.tar.sig lsof_4.87_src.tar

If the certificate check isn't good, lsof_4.87_src.tar is suspect.
Report the problem to me via e-mail at <abe@purdue.edu>.

If you don't have GPG, you can compare the md5 checksum of
lsof_4.87_src.tar to the value listed in this file.  However, that
is a less reliable authentication method, since it can't detect
changes to both lsof_4.87_src.tar and the md5 checksum value listed
in this tile.

Other Security
==============

Signature information for the distribution file that contains
this file may be found in the CHECKSUMS file that is located
where the distribution file was found.


Victor A. Abell <abe@purdue.edu>
Wed Jan  2 12:52:06 EST 2013