Check sum of OS images

Where can I find Sailfish OS hash sums?

How should I verify correctness of downloaded images?

I decided to post hashes here. Please let us know in this thread if your hash is different. c42b4f3b6459688f8f0b5c62b1da0f3381f1f751085ef5221d361e8b3d5b721d ddfa8aa73a6c72eb20218f0555b1842d32ba265ee6427591ccb004bdd5acb706

There is an md5.lst contained within the zip which can be used for verification of the archive contents.

1 Like

Thanks for pointing out @emva but that is incorrect from security perspective.

As checksum should be provided by server that is different from the one providing image. In order to prevent hacking of single server and modifying the image.

Also checksum should be public to prevent “organization” from providing modified image to specific users.

So md5 inside zip file is useless.


Although I agree that the checksums should be available from the server providing the images, there is nothing keeping a server admin from dynamically generating new packages and checksums for specific requests. An audit ‘might’ find it, but if users aren’t VERY vigilant (for instance check the same sources from multiple IP addresses), it’s possible to slip users a mickey.