Information About This Lsof Distribution What You Have ============= If you got this far without being confused, then you are probably familiar with the construction of the lsof distribution or you have read RELEASE.SUMMARY_4.87. If either is the case, please skip to the Inventory section. If you haven't read RELEASE.SUMMARY_4.87, I suggest you do it now, because it explains how the lsof distribution is constructed and other useful things about lsof, including a summary of changes for the past few lsof revisions. Even though you may have thought you were getting lsof.tar.bz2, lsof.tar.gz or lsof.tar.Z with ftp, you really got lsof_4.87.tar.bz2, lsof_4.87.tar.gz or lsof_4.87.tar.Z. That's because the triplet of lsof.tar.* files are symbolic links to their longer-named counterparts. The bzip2'd, gzip'd or compressed tar files with lsof_, followed by a number, are wrapper archives, designed to package the lsof source archive, this file, other documentation files, and a GPG authentication certificate together. The number, 4.87, is the lsof revision number. When you bunzip2'd, gunzip'd or uncompressed lsof_4.87.tar.* and used tar to unpack lsof_4.87.tar, you got: 00.README.FIRST_4.87, describing the contents of lsof_4.87; README.lsof_4.87; lsof_4.87_src.tar; and lsof_4.87_src.tar.sig. All are identified with the revision number. You're reading README.lsof_4.87. lsof_4.87_src.tar.sig is a GPG certificate that authenticates the lsof source archive, lsof_4.87_src.tar. After you read the Inventory and Security sections, and hopefully after you check the GPG certificate, unpack the lsof_4.87_src.tar source archive and you will get a sub-directory, named lsof_4.87_src, that contains the lsof 4.87 source distribution. Inventory ========= Once you have unpacked lsof_4.87_src.tar.tar, you can check lsof_4.87_src for completeness by changing to that sub-directory and running the Inventory script. The lsof_4.87_src/Configure script runs the Inventory script, too. The Configure script also calls a customization script, called Customize. You can direct Configure to avoid calling Inventory and Customize with the -n option. See the Distribution Contents section of the 00DIST file and The Inventory Script section of the 00README file for more information on the contents of the lsof distribution, and the Configure, Customize and Inventory scripts. The 00DIST and 00README files will be found in the lsof_4.87_src sub-directory you just created. Security ======== The md5 checksum for lsof_4.87_src.tar is: MD5 (lsof_4.87_src.tar) = d451291231fcfeec92b5a9a2b7fff4e5 A good source for an MD5 checksum computation tool is the OpenSSL project whose work may be found at: www.openssl.org You can use the openssl "dgst" operator to compute an MD5 checksum -- e.g., $ openssl dgst -md5 lsof_4.87_src The old-style sum(1) checksum for lsof_4.87_src.tar (Please read the next paragraph if you don't get this value.) is: 45946 8490 lsof_4.87/lsof_4.87_src.tar If your dialect's sum(1) program defaults to the new style algorithm (e.g., Solaris), you may have to use its -r option (or use the Solaris /usr/ucb/sum). If your Unix dialect doesn't have a sum(1) program (e.g., FreeBSD, or NetBSD), use its cksum(1) program with the -o1 option to get an old-style checksum. You may also need to ignore the block count, depending on the block size used on your your system (i.e., 512 or 1,024). The sum(1) that produced the above checksum considers block size to be 512; in contrast the BSD cksum(1) programs' -o1 option considers block size to be 1,024. lsof_4.87_src.tar.sig is a GPG certificate file, using my public key. My key may be available on some public key servers under the names: Victor A. Abell or Victor A. Abell You will also find it at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/Victor_A_Abell.gpg Get my key and install it in your public key ring. Once my key is installed, use this command to check the certificate of lsof_4.87_src.tar: gpg --verify lsof_4.87_src.tar.sig lsof_4.87_src.tar If the certificate check isn't good, lsof_4.87_src.tar is suspect. Report the problem to me via e-mail at . If you don't have GPG, you can compare the md5 checksum of lsof_4.87_src.tar to the value listed in this file. However, that is a less reliable authentication method, since it can't detect changes to both lsof_4.87_src.tar and the md5 checksum value listed in this tile. Other Security ============== Signature information for the distribution file that contains this file may be found in the CHECKSUMS file that is located where the distribution file was found. Victor A. Abell Wed Jan 2 12:52:06 EST 2013