From: drh Date: Wed, 15 May 2019 10:16:34 +0000 (+0000) Subject: Simplify the "Verifying Code Authenticity" section of the README.md file. X-Git-Tag: version-3.29.0~98 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=58eaf763551db55e78bce1c9f99ba291e29b92eb;p=thirdparty%2Fsqlite.git Simplify the "Verifying Code Authenticity" section of the README.md file. No code changes. FossilOrigin-Name: adebffc18e6165672947a6bda5ca23ea7723cca7ab8da4feb81fca8f83e4fcaf --- diff --git a/README.md b/README.md index 6f9510a59f..c12b77c1b9 100644 --- a/README.md +++ b/README.md @@ -306,30 +306,13 @@ describes its purpose and role within the larger system. ## Verifying Code Authenticity -If you obtained an SQLite source tree from a secondary source, such as a -GitHub mirror, and you want to verify that it has not been altered, there -are a couple of ways to do that. - -If you have a release version of SQLite, and you are using the -`sqlite3.c` amalgamation, then SHA3-256 hashes for the amalgamation are -available in the [change log](https://www.sqlite.org/changes.html) on -the official website. After building the `sqlite3.c` file, you can check -that it is authentic by comparing the hash. This does not ensure that the -test scripts are unaltered, but it does validate the deliverable part of -the code and the verification process only involves computing and -comparing a single hash. - -For versions other than an official release, or if you are building the -`sqlite3.c` amalgamation using non-standard build options, the verification -process is a little more involved. The `manifest` file at the root directory -of the source tree +The `manifest` file at the root directory of the source tree contains either a SHA3-256 hash (for newer files) or a SHA1 hash (for -older files) for every source file in the repository. You can write a script -to extracts hashes from `manifest` and verifies the hashes against the -corresponding files in the source tree. The SHA3-256 hash of the `manifest` +older files) for every source file in the repository. +The SHA3-256 hash of the `manifest` file itself is the official name of the version of the source tree that you -have. The `manifest.uuid` file should contain the SHA3-256 hash of the -`manifest` file. If all of the above hash comparisons are correct, then +have. The `manifest.uuid` file should contain the SHA3-256 hash of the +`manifest` file. If all of the above hash comparisons are correct, then you can be confident that your source tree is authentic and unadulterated. The format of the `manifest` file should be mostly self-explanatory, but diff --git a/manifest b/manifest index 5cd70b117f..bda11e9707 100644 --- a/manifest +++ b/manifest @@ -1,12 +1,12 @@ -C Fix\sa\sproblem\swith\sthe\sfix\sfor\s[9cf6c9bb51]\s(commit\s[658b84d7])\sthat\scould\scause\sa\scursor\sto\sbe\sleft\sin\san\sinvalid\sstate\sfollowing\sa\s(rowid\s<\stext-value)\ssearch. -D 2019-05-14T20:25:22.199 +C Simplify\sthe\s"Verifying\sCode\sAuthenticity"\ssection\sof\sthe\sREADME.md\sfile.\nNo\scode\schanges. +D 2019-05-15T10:16:34.190 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 F Makefile.in 4640daf826b80947a924ac44275c451ffc13007c7c866a5730c8ce5cf9e1dc74 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 26957950b2b4f3b26e311eeea70437f85a77765f71d3a06489466d66ee321100 -F README.md 74745e53db87fdc86f571dd7ec1bd18e154d0abd6d37d2292a1062e931318a29 +F README.md 1514a365ffca3c138e00c5cc839906108a01011a6b082bad19b09781e3aa498a F VERSION cc8cd90333c65cdf4cb346f356a2ce1eb0f5b7fa1d17a34d7350103e7320af1f F aclocal.m4 a5c22d164aff7ed549d53a90fa56d56955281f50 F art/sqlite370.eps aa97a671332b432a54e1d74ff5e8775be34200c2 @@ -1825,7 +1825,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 228e1087c0602470e450586499de5a3e87e266c688bc828f20e3bad2fdc65ff1 -R d132bb7525b36863c7f0dbefbbac4ccc -U dan -Z 61ab05a485e7c528107861afc63f60a9 +P bc7d2c1656396bb4f5f1f814e60dbf816cc91c5a521b54ad593cd3da0fe8dcb4 +R 0f2b565ac9807e36fc0a9e8a572b8c12 +U drh +Z 08150d30a9865a1ab89213245d21f470 diff --git a/manifest.uuid b/manifest.uuid index a58fb53a14..ff1239dc96 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -bc7d2c1656396bb4f5f1f814e60dbf816cc91c5a521b54ad593cd3da0fe8dcb4 \ No newline at end of file +adebffc18e6165672947a6bda5ca23ea7723cca7ab8da4feb81fca8f83e4fcaf \ No newline at end of file