Bug 532143

+++ This bug was initially created as a clone of Bug #527060 +++

Description of problem:

I am trying to bootstrap a Fedora installation from Windows.  I would like to offer the following feedback based on my experience.

1.  It would be much more convenient if there were a Windows utility for computing checksums available from the Fedora website.  Yes, there are links to other websites that offer such tools, but this significantly reduces the amount of trust one can place in the tools, especially since they are not typically mainstream, high profile sites.  The page (http://docs.fedoraproject.org/readme-burning-isos/en_US/sn-validating-files.html) even has a prominent warning: "CAVEAT EMPTOR The Fedora Project and Red Hat Inc.. have no control over external sites such as the ones listed above, or the programs they provide" in reference to links to Windows checksum tools.

2. From the home page I first clicked on "Get Fedora" in the sidebar.  After downloading the disc image, I clicked on "Verify your download" which led me to (http://fedoraproject.org/en/verify).  At the top of this page was a link for Windows users with the text "Windows user? Follow these instructions instead." that led to (http://docs.fedoraproject.org/readme-burning-isos/en_US/sn-validating-files.html).  But this page for Windows users was not self contained as the word "instead" implied, since it did not have links to the checksum files.  It would clarify navigation to have all the information needed to verify the download on a single page, first presenting the checksum files, and then offering a choice between Linux or Windows for instructions on how to compute the checksum.


Version-Release number of selected component (if applicable):

The fedoraproject.org site as of the submission of this bug, and Fedora 11.

--- Additional comment from eric on 2009-10-30 13:28:00 EDT ---

I'm going to take this for action and see if we can come up with a best fix.  I don't know that we'll be able to provide Windows software for validating the checksum, however.

--- Additional comment from tmz on 2009-10-30 14:04:23 EDT ---

Thanks for looking at this Eric.  It still gets brought up to webmaster regularly.

Is building and hosting a Windows executable for sha*sum too difficult or is it forbidden by policy/legal?  Just curious, as I don't have any Windows boxes to care about :).

--- Additional comment from stickster on 2009-10-30 14:06:54 EDT ---

MinGW may make it possible to create such a thing, and there should be no policy or legal bar to hosting a Windows executable for purposes of verifying a download of Fedora media.  CC'ing rjones, an oracle of MinGW knowledge, for a more learned answer.

--- Additional comment from rjones on 2009-10-30 14:17:36 EDT ---

Don't know about the legal issues, but technically it's
trivial to create a Windows sha*sum binary from a Fedora
build system -- that's the whole point of the Fedora MinGW
project!

Probably it's as easy as:

  i686-pc-mingw32-gcc sha256sum.c -o sha256sum.exe

but maybe the source will need a few small changes.

CCing epienbro.

--- Additional comment from rjones on 2009-10-30 14:44:13 EDT ---

I talked to Jim Meyering about this and confirmed with
my own tests that coreutils is quite easy to cross-compile,
particularly if you just want the simple programs like
sha*sum.

I got it working by doing:

$ mingw32-configure
$ make -C lib
$ make -C src sha256sum.exe

(taking an axe to a few bits that didn't compile), and
after about 10 minutes I ended up with:

coreutils-7.2$ ll src/sha256sum.exe 
-rwxrwxr-x 1 rjones rjones 224656 2009-10-30 18:35 src/sha256sum.exe
coreutils-7.2$ file src/sha256sum.exe 
src/sha256sum.exe: PE32 executable for MS Windows (console) Intel 80386 32-bit

Copying that file over to another machine that has Wine
installed on it gives me:

$ wine ./sha256sum.exe /etc/motd 
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 */etc/motd

--- Additional comment from rjones on 2009-10-30 14:45:00 EDT ---

I should probably add that the SHA256 sum does agree
with the one from the equivalent Linux native utility :-)

--- Additional comment from eric on 2009-10-30 15:02:37 EDT ---

@Richard
Can you provide the .exe binary for the 256 version and attach it to this ticket?  I want to play with mingw some but I want to make sure we have something that works for the webpage.  Thanks!

--- Additional comment from tmz on 2009-10-30 15:03:50 EDT ---

Awesome work Rich!  I suspected this would be possible with MinGW, but I didn't think you'd make it look so trivial to achieve. ;)

--- Additional comment from rjones on 2009-10-30 15:48:35 EDT ---

Created an attachment (id=366853)
sha256sum.exe (Windows binary)

Here's the binary that I built in the earlier comment.

Although really we shouldn't be pushing unknown binaries
around the place, but should make this a regular part of the
build process for the live CD or whatever.

--- Additional comment from rjones on 2009-10-30 15:55:29 EDT ---

Created an attachment (id=366854)
coreutils 7.2 patch

Just for completeness, here is the patch to coreutils 7.2
to get it to cross compile.  (Recall the command you would
use is: mingw32-configure && make)

It's a complete "hatchet job" on the source, not suitable
for upstreaming.  And the reason it's against the old
coreutils 7.2 was just because that's what I happened to
have on my local machine.

To do this properly will require a few fairly small fixes
to the configure.ac to get it to work properly in the cross-
compile mode, or else you can "seed" correct choices for
autotools by setting ac_* environment variables appropriately.

--- Additional comment from rlandman on 2009-10-30 16:52:45 EDT ---

Just noting that the F12 version of the doc has a link to a cross-compiled version and a GUI tool for validating on Windows:

http://docs.fedoraproject.org/readme-burning-isos/en-US-draft.html#sect-Burning_ISO_images_to_disc-Validating_the_Files

But it would no doubt be nice to host a tool ourselves that we could really vouch for :)

--- Additional comment from eric on 2009-10-30 17:00:33 EDT ---

(In reply to comment #11)
> Just noting that the F12 version of the doc has a link to a cross-compiled
> version and a GUI tool for validating on Windows:
> 
> http://docs.fedoraproject.org/readme-burning-isos/en-US-draft.html#sect-Burning_ISO_images_to_disc-Validating_the_Files
> 
> But it would no doubt be nice to host a tool ourselves that we could really
> vouch for :)  

Yeah, I think that is the request.  I'll update the readme-burning-isos guide as soon as we get all that straightened out.