This PR fixes a misleading sha256sum warning#1
Merged
kavehtehrani merged 1 commit intokavehtehrani:mainfrom Dec 28, 2025
Merged
This PR fixes a misleading sha256sum warning#1kavehtehrani merged 1 commit intokavehtehrani:mainfrom
kavehtehrani merged 1 commit intokavehtehrani:mainfrom
Conversation
Summary
This PR fixes a misleading sha256sum warning encountered during installation when verifying release artifacts.
Problem
During installation, the checksum verification step prints the following warning:
sha256sum: WARNING: 1 line is improperly formatted
even though the checksum itself is valid and the verification succeeds (OK).
This happens because the .sha256 file published in the GitHub release contains an extra empty line at the end. While harmless, sha256sum -c treats empty or malformed lines as warnings, which can confuse users and make automated installation logs appear unreliable.
Motivation
• Avoid confusing warnings during a successful installation
• Make the installation script more robust against minor formatting issues in upstream .sha256 files
• Improve user confidence and script cleanliness without weakening security
Solution
The checksum verification step has been updated to normalize and sanitize the .sha256 file before passing it to sha256sum:
• Remove potential CRLF line endings
• Ignore empty or whitespace-only lines
• Preserve strict checksum verification for valid entries
The updated logic is:
echo "Verifying checksum..." >&2
# Normalize checksum file (remove CRLF) and ignore empty/whitespace-only lines
sed 's/\r$//' "${FILE}.sha256" | grep -E -v '^[[:space:]]*$' | sha256sum -c - \
|| { echo "Error: Checksum verification failed" >&2; exit 1; }
Result
• Checksum verification remains strict and secure
• No more misleading warnings during installation
• Script is more tolerant of minor formatting issues in release assets
Owner
|
Thanks Andrea. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes a misleading sha256sum warning encountered during installation when verifying release artifacts.
Problem
During installation, the checksum verification step prints the following warning:
sha256sum: WARNING: 1 line is improperly formattedeven though the checksum itself is valid and the verification succeeds (OK).
This happens because the
.sha256file published in the GitHub release contains an extra empty line at the end. While harmless, sha256sum -c treats empty or malformed lines as warnings, which can confuse users and make automated installation logs appear unreliable.Solution
The checksum verification step has been updated to normalize and sanitize the .sha256 file before passing it to sha256sum: