We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SHA512SUMs for Firefox 46.0 are useless. Why?

  • 1 reply
  • 2 have this problem
  • 1 view
  • Last reply by philipp

more options

Before Firefox 46.0, I could download the SHA512SUMS file, check its signature with gpg, then use that file to check that the copy of Firefox I was downloading was intact and hadn't been tampered with. I'd even created a script that downloaded the files and checked them for me. There are at least two things wrong with the SHA512SUMS file available for Firefox 46.0:

1. The filenames in it no longer correspond to the filenames on your site. Example: the entry for en-US linux-i686 for 45.0 has this for a filename after the SHA512 sum:

> linux-i686/en-US/firefox-45.0.tar.bz2

which reflects the actual directory and filename that the file is stored as. In contrast, the same entry for firefox 46.0 is:

> firefox-46.0.en-US.linux-i686.tar.bz2

... but the file on your website is still stored in the linux-i686/en-US directory as "forefox-46.0.tar.bz2".

Yes, I could correct for that in my script. But at's annoying, and also there's the second problem:

2. Some files aren't even in the SHA512SUMS file. The Windows files are nowhere to be seen. There's no ".exe" string in the file.

Please tell me this whole thing is an error that will be fixed?

Before Firefox 46.0, I could download the SHA512SUMS file, check its signature with gpg, then use that file to check that the copy of Firefox I was downloading was intact and hadn't been tampered with. I'd even created a script that downloaded the files and checked them for me. There are at least two things wrong with the SHA512SUMS file available for Firefox 46.0: 1. The filenames in it no longer correspond to the filenames on your site. Example: the entry for en-US linux-i686 for 45.0 has this for a filename after the SHA512 sum: > linux-i686/en-US/firefox-45.0.tar.bz2 which reflects the actual directory and filename that the file is stored as. In contrast, the same entry for firefox 46.0 is: > firefox-46.0.en-US.linux-i686.tar.bz2 ... but the file on your website is still stored in the linux-i686/en-US directory as "forefox-46.0.tar.bz2". Yes, I could correct for that in my script. But at's annoying, and also there's the second problem: 2. Some files aren't even in the SHA512SUMS file. The Windows files are nowhere to be seen. There's no ".exe" string in the file. Please tell me this whole thing is an error that will be fixed?

All Replies (1)

more options

Chosen Solution