lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 8 Mar 2021 04:29:41 +0530
From:   Bhaskar Chowdhury <unixbhaskar@...il.com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
        Ronald Warsow <rwarsow@....de>, stable@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: stable kernel checksumming fails

On 15:45 Sun 07 Mar 2021, Greg KH wrote:
>On Sun, Mar 07, 2021 at 03:10:49PM +0100, Ronald Warsow wrote:
>> hello
>>
>> getting stable kernels with this script:
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/mricon/korg-helpers.git/tree/get-verified-tarball
>>
>>
>> fails since the last 2 (?) stable releases with (last lines):
>>
>> ...
>>
>> + /usr/bin/curl -L -o
>> /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted/linux-5.11.4.tar.xz
>> https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.11.4.tar.xz
>>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
>> Current
>>                                  Dload  Upload   Total   Spent    Left
>> Speed
>> 100  112M  100  112M    0     0  5757k      0  0:00:19  0:00:19 --:--:--
>> 5938k
>>
>> pushd ${TMPDIR} >/dev/null
>> + pushd /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted
>> echo "Verifying checksum on linux-${VER}.tar.xz"
>> + echo 'Verifying checksum on linux-5.11.4.tar.xz'
>> Verifying checksum on linux-5.11.4.tar.xz
>> if ! ${SHA256SUMBIN} -c ${SHACHECK}; then
>>     echo "FAILED to verify the downloaded tarball checksum"
>>     popd >/dev/null
>>     rm -rf ${TMPDIR}
>>     exit 1
>> fi
>> + /usr/bin/sha256sum -c
>> /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted/sha256sums.txt
>> /usr/bin/sha256sum:
>> /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted/sha256sums.txt:
>> no properly formatted SHA256 checksum lines found
>> + echo 'FAILED to verify the downloaded tarball checksum'
>> FAILED to verify the downloaded tarball checksum
>> + popd
>> + rm -rf /home/ron/Downloads/linux-tarball-verify.1GiZid5WT.untrusted
>> + exit 1
>>
>>
>> checksumming the downloaded kernel manually gives an "Okay" though.
>>
>>
>> is this just me (on Fedora 33) ?
>
>Fails for me on Arch:
>
>Verifying checksum on linux-5.11.4.tar.xz
>/usr/bin/sha256sum: /home/gregkh/Downloads/linux-tarball-verify.gZo313NCk.untrusted/sha256sums.txt: no properly formatted SHA256 checksum lines found
>FAILED to verify the downloaded tarball checksum
>
I can confirm it works alright with me on OpenSuse Tumbleweed and Slackware
...yet to test on others....Debian....Arch and Gentoo ...
>

Oh btw ...sometimes I got that specific error because of lack of dns
propogation to dns stuff in some reason...


>Konstantin, anything change recently?
>

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ