3

I'm trying to check the integrity of a source package following this tutorial (https://askubuntu.com/a/509816/978081), however, I don't understand step 4 onward as already described in the title.

  1. Compare hashes obtained from sha256sum Sources.gz and grep main/source/Sources.gz Release

Can you help me?

Soren A
  • 6,799
logbasex
  • 349

1 Answers1

6

I think that you misunderstands the grep command

grep main/source/Sources.gz Release

The command looks for a text-string "main/source/Sources.gz" in a file called "Release" in current directory.

Soren A
  • 6,799
  • Soren A is right, but if you did want to locate Sources.gz that should work, man locate gives you the manual for slocate/mlocate or whatever app provides your locate command. sudo updatedb updates locate's database. – pbhj Feb 06 '21 at 12:47
  • Oh, I see. Thank you very much :D – logbasex Feb 06 '21 at 12:54
  • @Soren A: Could you explain steps 5 & 6 for me? Where is the .dsc file? – logbasex Feb 06 '21 at 12:57
  • 1
    @logbasex basically run the commands mentioned and compare the output. If you want to know what the different commands (sha256sum, zcat, cat, sed) are doing you can look them up with man command (like man zcat) or google them. – Soren A Feb 06 '21 at 13:05