[tor-dev] SHA-256 checksum mismatch

Georg Koppen gk at torproject.org
Thu Jun 2 08:32:12 UTC 2016

> The SHA-256 checksum of the downloaded file
> https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dmg
> is on my computer
> 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c
> But according to the text file
> https://dist.torproject.org/torbrowser/6.0/sha256sums-unsigned-build.txt
> the SHA-256 checksum of the file
> TorBrowser-6.0-osx64_en-US.dmg
> should be
> d68d01889ba38764ebf2057b3cd3263f638a74205031a6d1df11ab8ca13a3618
> Why the mismatch?

This is due to OS X code-signing that arrived with Tor Browser 6.0. See:
https://blog.torproject.org/blog/tor-browser-60-released third section.

We are working on providing instructions on how to remove the
code-signature in order to get the same SHA256 sum as the pre-signed
bundle. See: https://bugs.torproject.org/18925 for these efforts.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160602/3c7dc330/attachment.sig>

More information about the tor-dev mailing list