joveian: The .sh file GOG distributes is a shell script (text you can look at in an editor, the MS_Check function checks the MD5) followed by a bunch of binary data. The script (if not called with --check that just does the MD5 check) extracts the installer and then executes it. The MD5 is stored in the file itself (as a shell variable) and skips the shell script part of the file. I first assumed it was just checking the entire rest of the file (which seems like it would make sense and not be any harder) but when I looked into having my download script extract and use that value I noticed that it actually just checks a small portion, the same portion that is extracted to get the installer (which is a Linux binary and has both 32 and 64-bit versions). It uses md5sum or the BSD md5 or digest utilities to check the MD5 and dd to extract a gzipped tar file from after the shell script (which is considered to be the first 519 lines). I'm not sure what format the rest of the file is in.
Thanks for the info, but I'm not clear on what program you use
--check with?
I had a look at InnoExtract again, but that parameter is not listed ... or maybe it is in the Linux version?
I use 7-Zip to test SH files, using the asterisk or hash switch (forget which one). I do that in Windows.
Same story for DMG and PKG files for Mac.
I use 7-Zip, presuming a corrupt container would give an error.
I guess the SH file (etc) is a bit like an EXE file in that it is both script and container.
I wish whatever program(s) that GOG use to build the SH, DMG and PKG files was known, works in Windows, and has a test or check option.
NOTE - Of course, because I get the checksum for the installer from the GOG SDK, I don't usually need to test those files with 7-Zip. I only use 7-Zip when the MD5 checksum value is missing.