Jump to content

Welcome to CyanogenMod

Welcome to our forum. Like most online communities you must register to post, but don't worry this is a simple free process that requires minimal information for you to signup. Be a part of the CyanogenMod Forum by signing in or creating an account. You can even sign in with your Facebook or Twitter account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates
  • Get your own profile and make new friends
  • Download files attached to the forum.
  • Customize your experience here
  • Share your CyanogenMod experience!
Guest Message by DevFuse
 

The Kernel Is A .tar.md5?


  • Please log in to reply
3 replies to this topic

#1 windfold

windfold
  • Members
  • 2 posts
  • Country:
    us - United States
  • Device Model:
    SCHI545
  • CM Version:
    nil
  • Recovery Image:
    ClockworkMod

Posted 24 September 2013 - 03:50 AM

I'm attempting to follow the Install CM for jfltevzw instructions but I'm stuck on the first step: Download the kernel. The file referenced is SCH-I545_MD2_423399_Kernel.tar.md5. I see that it has a boot.img in it but whats with the md5 extension?

#2 bassmadrigal

bassmadrigal
  • Administrators
  • 12912 posts
  • Country:
    us - United States
  • Location:
    Newport News, VA
  • Device Model:
    Nexus 4
  • CM Version:
    10.2 Nightlies
  • Recovery Image:
    TWRP

Posted 24 September 2013 - 05:04 PM

You need to extract it. A tar.md5 is like a zip file. You can use 7zip to extract it.

#3 windfold

windfold
  • Members
  • 2 posts
  • Country:
    us - United States
  • Device Model:
    SCHI545
  • CM Version:
    nil
  • Recovery Image:
    ClockworkMod

Posted 24 September 2013 - 08:18 PM

Thanks Bassmadrigal! I was just a bit skeeved by the extra .md5. This post from Stackoverflow states that a tar.md5 file is just a tar file with a checksum appended. It even gives bash script to do the checksum validation.

Hmm... that begs the question, does appending a checksum onto the distributed file give any security?

#4 bassmadrigal

bassmadrigal
  • Administrators
  • 12912 posts
  • Country:
    us - United States
  • Location:
    Newport News, VA
  • Device Model:
    Nexus 4
  • CM Version:
    10.2 Nightlies
  • Recovery Image:
    TWRP

Posted 26 September 2013 - 04:48 AM

There's nothing wrong with doing it. It still allows the download to be validated. If the compressed tar is changed or if the download is corrupted, the md5 won't match.

But if the download is coming from somewhere nefarious, they could change that attached md5 to one that matches a modified zip containing bad code. But (not to make you a paranoid tinfoil hat wearing person, and hopefully not to give you any ideas), the CM wiki is able to be modified by normal users (as long as they create an account, so there is at least a small amount of accountability). They could point it to a different file and then change the md5 on the wiki to match the file.