So I go and download the stage3 from: http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3/ I manage to do the GPG validation. Then the Handbook says in Code Listing 3.2: (Verify the checksum) $ sha1sum -c <downloaded iso.DIGESTS.asc> I used this command and got the message: "no properly formatted SHA1 checksum lines found" Somebody on IRC said that I probably need to use sha512sum instead. So I tried that, and it worked, sort of: stage3-amd64-20121013.tar.bz2: OK stage3-amd64-20121013.tar.bz2: FAILED [omitting remaining output] Apparently it verified the file against the SHA512 hash then did it again against the Whirlpool hash, which failed. So the command currently printed in the Handbook doesn't work at all. The obvious replacement is a little better, but someone who's not sophisticated enough to guess what's going on might panic at the "FAILED" line.
After going through some more I see that the section where it talks about stage3 tarballs does in fact mention the new command sha512sum. And it mentions that you have to compare to the digest file yourself. I do find it a bit confusing that different options are used whether it's an ISO vs. a tarball, but nevertheless this is probably tolerable. I do have a small request, though, that maybe a shell script could be provided to do something equivalent to the -c option that used to work. But beyond that, sorry for the bother. :-|
they use different hash schemes last i checked, which is why the instructions differ. glad you found 'em, though. :)
