lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210307154354.qbbsy355d5zfubnf@chatter.i7.local>
Date:   Sun, 7 Mar 2021 10:43:54 -0500
From:   Konstantin Ryabitsev <konstantin@...uxfoundation.org>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Ronald Warsow <rwarsow@....de>, stable@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: stable kernel checksumming fails

On Sun, Mar 07, 2021 at 03:45:15PM +0100, Greg KH wrote:
> > checksumming the downloaded kernel manually gives an "Okay" though.
> > 
> > 
> > is this just me (on Fedora 33) ?
> 
> Fails for me on Arch:
> 
> Verifying checksum on linux-5.11.4.tar.xz
> /usr/bin/sha256sum: /home/gregkh/Downloads/linux-tarball-verify.gZo313NCk.untrusted/sha256sums.txt: no properly formatted SHA256 checksum lines found
> FAILED to verify the downloaded tarball checksum
> 
> 
> Konstantin, anything change recently?

I think it's just cache invalidation problems. I've committed a tiny change to
the script that always grabs that file from the origin servers instead of
going via the CDN.

https://git.kernel.org/pub/scm/linux/kernel/git/mricon/korg-helpers.git/commit/?id=71e570c5f090b5740e323f98504bf38592785b49

This should sidestep the problem.

-K

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ