lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YETm+6sQqek6kY/A@kroah.com>
Date:   Sun, 7 Mar 2021 15:45:15 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
        Ronald Warsow <rwarsow@....de>
Cc:     stable@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: stable kernel checksumming fails

On Sun, Mar 07, 2021 at 03:10:49PM +0100, Ronald Warsow wrote:
> hello
> 
> getting stable kernels with this script:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/mricon/korg-helpers.git/tree/get-verified-tarball
> 
> 
> fails since the last 2 (?) stable releases with (last lines):
> 
> ...
> 
> + /usr/bin/curl -L -o
> /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted/linux-5.11.4.tar.xz
> https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.11.4.tar.xz
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
>                                  Dload  Upload   Total   Spent    Left
> Speed
> 100  112M  100  112M    0     0  5757k      0  0:00:19  0:00:19 --:--:--
> 5938k
> 
> pushd ${TMPDIR} >/dev/null
> + pushd /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted
> echo "Verifying checksum on linux-${VER}.tar.xz"
> + echo 'Verifying checksum on linux-5.11.4.tar.xz'
> Verifying checksum on linux-5.11.4.tar.xz
> if ! ${SHA256SUMBIN} -c ${SHACHECK}; then
>     echo "FAILED to verify the downloaded tarball checksum"
>     popd >/dev/null
>     rm -rf ${TMPDIR}
>     exit 1
> fi
> + /usr/bin/sha256sum -c
> /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted/sha256sums.txt
> /usr/bin/sha256sum:
> /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted/sha256sums.txt:
> no properly formatted SHA256 checksum lines found
> + echo 'FAILED to verify the downloaded tarball checksum'
> FAILED to verify the downloaded tarball checksum
> + popd
> + rm -rf /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted
> + exit 1
> 
> 
> checksumming the downloaded kernel manually gives an "Okay" though.
> 
> 
> is this just me (on Fedora 33) ?

Fails for me on Arch:

Verifying checksum on linux-5.11.4.tar.xz
/usr/bin/sha256sum: /home/gregkh/Downloads/linux-tarball-verify.gZo313NCk.untrusted/sha256sums.txt: no properly formatted SHA256 checksum lines found
FAILED to verify the downloaded tarball checksum


Konstantin, anything change recently?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ