The current .DIGESTS file for the x86 minimal ISO image contains both SHA512 and WHIRLPOOL hashes. The sha512sum utility out of sys-apps/coreutils-8.21 reacts to this as follows: $ sha512sum -c install-x86-minimal-20131224.iso.DIGESTS install-x86-minimal-20131224.iso: OK install-x86-minimal-20131224.iso: FAILED install-x86-minimal-20131224.iso.CONTENTS: OK install-x86-minimal-20131224.iso.CONTENTS: FAILED sha512sum: WARNING: 2 computed checksums did NOT match $ echo $? # show exit code 1 # failed With the appropriate background, it is fairly obvious - looking at the DIGESTS file - that the FAILED checksums are the Whirlpool ones: ===== DIGESTS file ===== # SHA512 HASH 609b2f933234f0a75ec6d518b84388e75e0c5af6f5bf9a018455ebbdc776ca45b6bd2b4c90f32551facd1a03c4282c1b84776e781daff0a72e7b0b83979d6f91 install-x86-minimal-20131224.iso # WHIRLPOOL HASH a9b53a4067d0b1bc8b14d30e7a9659999a668ee0203ddc71153773a4434318bea8e971f5778e37413d91bc36cd0da3740d7fb561ee5da0f8a6b049ef486503ea install-x86-minimal-20131224.iso # SHA512 HASH 47b9a79b8db81595575f37c0671f43b47a341114b443c864f675eec590fcf30972eb38124a0466b444f4fdc5f8a34a63cfe81198088989f059eaba9037eb7a32 install-x86-minimal-20131224.iso.CONTENTS # WHIRLPOOL HASH c27492e6e9919f9d4cafbbe5e5f83cc0bceaffd75120670c4fa5822a742fba2100ab6dd7e0c1555ee07e22ceb37eaa25b278fcf104b233e833b7070c5a647b5a install-x86-minimal-20131224.iso.CONTENTS ======================== But an uninitiated user might not understand this and assume a failed checksum. I suggest that either: a) Preferably there are separate checksum files for different types of checksums, so that e.g. 'sha512sum -c install-x86-minimal-20131224.iso.DIGESTS.SHA512' would only verify the SHA512 checksums and give an unambiguously affirmative result. b) If available, a checksum verification tool instead of sha512sum is suggested that is able to parse the hash type comments and verifies accordingly, yielding an unambiguous result. c) The situation is described in the documentation. I do not see a really good way to describe this while keeping it simple - can/should we assume knowledge about typical record-style text file formats at this point...?
Indeed. For now, I've added in a note that the tool will attempt to verify multiple checksums even when generated with different algorithms. It's not perfect, but it is the fastest and most correct solution I can provide for now. Creating different files has more impact and will take much longer, /if/ it would be done at all. With respect to the tool - some tools support prepending a hash with the used algorithm, like so: {SHA512}7da2a4c04707ef64f0d3933... However, the tools currently supported in the instructions do not allow this.