From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 5F7F448ED4
	for <ffmpegdev@gitmailbox.com>; Sat, 30 Mar 2024 14:51:18 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A20DD68D39F;
	Sat, 30 Mar 2024 16:51:17 +0200 (EET)
Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com
 [209.85.210.176])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5C6E468D27F
 for <ffmpeg-devel@ffmpeg.org>; Sat, 30 Mar 2024 16:51:11 +0200 (EET)
Received: by mail-pf1-f176.google.com with SMTP id
 d2e1a72fcca58-6e6b22af648so2712421b3a.0
 for <ffmpeg-devel@ffmpeg.org>; Sat, 30 Mar 2024 07:51:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1711810269; x=1712415069; darn=ffmpeg.org;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id:from
 :to:cc:subject:date:message-id:reply-to;
 bh=vobEKi4FE/wTNZ0oIsZ+QRkwsDCYfSDPKT1uqHOsjVE=;
 b=C1fIr3gv+XaA/SOKCpkOAKGSvBOZOpE4M6LfVtaODtOKrLxxD20vdj1uHw6Yl/ibPb
 ssvKnJtAvBi9agF3zqnwIHMkWbeQJ5W8R/acWXh+qcyowWvN4pRiAKggS4iIgYlciW8S
 +Dfe40T/RSLNJwqq4qgVq81rnVhALjD/VsPWERin0VIUxpE8hch9mqHIyYenDIDeJeqF
 qPNgLz81Km45+8A36uCrW9r83PlAHSEbidy1MYKjykl/2vYz8i2AyKi3YJacLW2KvgLw
 iaZsmBxlTx1s3yQjn7ILPYaNJdzfv3dZCPuc7Zo3Y3IHgsJiIKs3M62SITZgdPylxVIn
 4Vww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1711810269; x=1712415069;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=vobEKi4FE/wTNZ0oIsZ+QRkwsDCYfSDPKT1uqHOsjVE=;
 b=sJk5DlxwoHNpibsvC4c/jEG9thxJHU4swUd8P/VCLaDDmJqMLvAYp7lbS/RPkOPIhf
 CnAX1BzeTDN6cRNJTq/R2TuDLdFvLhwXa6SoZiq0fQ1QbVQMFKE0PnMBcBKBJP7IsFDK
 w+5XhC8b1VB6HFVjNVLnzfQZYGd4aDTJRVYzRe9fhdJcri6q/mwiEY61lPbGodGuD0Hk
 89mC1Jd8DssZyH8nB7DRkROAdRgQz6SKex1p/jlNz4CgLWGuH8X979/jslKXuIKRym7E
 mSOJCFFe+D39uMEjB0BgyDkaqVHmpa/eSQKdtp3/sqpOL3AZsH79ErlLOSgPUQAlqfm3
 dc5w==
X-Gm-Message-State: AOJu0YxYAcBEFM14iO63oRR8a0kkyk20uLaBEZ1VZMlXpAHIbhs+mS47
 xrZP91oJNdXo4V+U9ybCbxxSAOT463Fqu5pva/I9yfLC7dODFwFCZnIiIXQg
X-Google-Smtp-Source: AGHT+IENbpzgRrVV8y/GpYHynRT5K7BJOqgLteVHTy4f7V6tL2KjUoISPq/2A2foHxoTXqb+jQuXGw==
X-Received: by 2002:a05:6a20:4322:b0:1a3:bdd2:a9a0 with SMTP id
 h34-20020a056a20432200b001a3bdd2a9a0mr6574421pzk.20.1711810269087; 
 Sat, 30 Mar 2024 07:51:09 -0700 (PDT)
Received: from [192.168.0.15] ([190.194.167.233])
 by smtp.gmail.com with ESMTPSA id
 fc29-20020a056a002e1d00b006eaf186e078sm1843622pfb.132.2024.03.30.07.51.08
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Sat, 30 Mar 2024 07:51:08 -0700 (PDT)
Message-ID: <ef8a2c6f-1790-4eb9-a3ea-5334f2acf3d2@gmail.com>
Date: Sat, 30 Mar 2024 11:51:17 -0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: ffmpeg-devel@ffmpeg.org
References: <20240330140225.3395-1-michael@niedermayer.cc>
Content-Language: en-US
From: James Almer <jamrial@gmail.com>
In-Reply-To: <20240330140225.3395-1-michael@niedermayer.cc>
Subject: Re: [FFmpeg-devel] [PATCH] web/download: Extend the verification
 procedure to check for difference between git and release tarball
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/ef8a2c6f-1790-4eb9-a3ea-5334f2acf3d2@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On 3/30/2024 11:02 AM, Michael Niedermayer wrote:
> Iam not 100% sure this is the best place to put this. But we should somewhere
> describe what differences are expected
> 
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   src/download | 34 ++++++++++++++++++++++++++++++++++
>   1 file changed, 34 insertions(+)
> 
> diff --git a/src/download b/src/download
> index 0e6fa7e..34733de 100644
> --- a/src/download
> +++ b/src/download
> @@ -284,6 +284,40 @@ gpg:                using RSA key FCF986EA15E6E293A5644F10B4322F04D67658D8
>   gpg:                issuer "ffmpeg-devel@ffmpeg.org"
>   gpg: Good signature from "FFmpeg release signing key &lt;ffmpeg-devel@ffmpeg.org&gt;" [full]</pre>
>         </li>
> +      <li>
> +        Verify that the release tarball matches the git tag: (expected differences are missing .git, .gitignore and .gitattributes and an additional VERSION file)
> +        <pre>
> +        $ diff -ru ffmpeg-5.1.4 gitdir2
> +Only in gitdir2/doc/doxy: .gitignore
> +Only in gitdir2/doc/examples: .gitignore
> +Only in gitdir2/doc: .gitignore
> +Only in gitdir2/ffbuild: .gitignore
> +Only in gitdir2: .git
> +Only in gitdir2: .gitattributes
> +Only in gitdir2: .gitignore
> +Only in gitdir2/libavcodec: .gitignore
> +Only in gitdir2/libavcodec/tests: .gitignore
> +Only in gitdir2/libavdevice: .gitignore
> +Only in gitdir2/libavdevice/tests: .gitignore
> +Only in gitdir2/libavfilter: .gitignore
> +Only in gitdir2/libavfilter/opencl: .gitignore
> +Only in gitdir2/libavfilter/tests: .gitignore
> +Only in gitdir2/libavformat: .gitignore
> +Only in gitdir2/libavformat/tests: .gitignore
> +Only in gitdir2/libavutil: .gitignore
> +Only in gitdir2/libavutil/tests: .gitignore
> +Only in gitdir2/libswresample/tests: .gitignore
> +Only in gitdir2/libswscale/tests: .gitignore
> +Only in gitdir2/tests/api: .gitignore
> +Only in gitdir2/tests/checkasm: .gitignore
> +Only in gitdir2/tests: .gitignore
> +Only in gitdir2/tools: .gitignore
> +Only in ffmpeg-5.1.4: VERSION
> +        </pre>
> +      </li>
> +      <li>
> +        Verify that the tag in git is signed

The tags are signed with your key made for this purpose, 
DD1EC9E8DE085C629B3E1846B18E8928B3948D64, and not with the tarball one 
listed above. You should include it here the same way, unless the 
signature check for tags is documented elsewhere? If so, a link to that 
place.

> +      </li>
>       </ol>
>     </p>
>   
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".