Incorrect file hash on application page
Velgus opened this issue · comments
The hash on the app page (https://zentimings.protonrom.com/) does not match the hash of the file.
On the site it list:
344ac1d0ba0099a18c93b1ef399a399c
It is actually:
4300A3914FD8B7E10A6953923623D14E
Thanks, will fix it. Github does not provide the hash of the uploaded files, so I have to either:
- hardcode it on the site, but make sure I update it every time the release is updated
- always dowload the file and calculate the checksum, which is not an option
MD5 is not really secure anyway, so I will switch to another algorithm next time.
Updated.
Not so much for security as file integrity, which MD5 is sufficient for. Just noticed it because I use Scoop, and maintain a bucket that includes a manifest to allow installing ZenTimings. The automatic version update was failing when trying to install, due to the de-synced file integrity check
I can just have the GitHub action for the automatic updates check it manually by downloading it, but it's generally faster/preferred to use a provided hash if available.
You could also use GitHub Actions to generate a hash file with each release automatically if you wanted, like this one.