Comment # 2 on bug 1139915 from Freek de Kruijf

(In reply to Andreas F�rber from comment #1)
> It sounds like there are two separate issues here:
> 
> 1) No .xz: Have you checked that the checksum actually matches the
> compressed .raw.xz file? Or is it rather the checksum of the extracted .raw
> file and just missing one for the compressed file?

The sha256 checksum is the checksum of the .raw.xz file and gives a good when
the downloaded file, whether it be the one with Current or Snapshot in the
name, is renamed to the name in the .sha256 file. Although it is then named
.raw, it is still a .raw.xz file.

> 2) -Current: Those files either get symlink'ed or copied to the generic
> name, so some additional postprocessing would need to happen to match the
> new filename.

Apparently the checksum file .sha256 is generated when the file has the
extension .raw and is named with Build in its name, although the file in fact
is a .raw.xz type file. This .sha256 file is then signed with the Gpg code. The
proper procedure is generate the file with Build in it name and give it the
right extension raw.xz. Rename that file as it should appear in the repository.
Generate the sha256 checksum file with this name and sign it with the Gpg code.
Last make the symlinks with Current to these two files.