Jim Meyering <j...@meyering.net> writes: > Feel free to make the script generate a full fingerprint and even > (though it feels a little like giving up) add a checksum or two.
I think checksums still serve a purpose. Many announcement e-mails are OpenPGP signed (and sometimes with a different key than the release tarballs, thus creating another way to verify tarballs). Checksums also makes it harder to replace the tarball on the server with a fake (or, after a key compromise, a genuine) signature. I don't think it is a either-or situation, but rather a belt-and-suspender case. Ideally, people downloading a release should verify both the signature (to know it comes from a trusted origin) and checksum (to know it is the intended release, in case multiple signed versions co-exists). The patches below make the maintainer-makefile announcements contain SHA1 and B64(SHA256) checksums by default. The MD5 checksums are dropped; they are completely insecure now. The B64(SHA256) output is inspired by OpenSSH which started this practice with release 6.5 in 2014 and still today prints similar outputs, see: https://www.openssh.com/txt/release-6.5 https://www.openssh.com/txt/release-8.6 Unfortunately, 'sha256sum' can't verify these outputs, but I recall earlier discussions around 'sha256sum --base64' so I will resume work on that. We could opt to simply use the "standard" sha256sum output instead, if people here don't like the base64 output format. /Simon
From 4adae938b8dbe01750698109bcbf5f1c9eb045b1 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <si...@josefsson.org>
Date: Tue, 3 Aug 2021 17:15:16 +0200
Subject: [PATCH 1/2] announce-gen: Print SHA1/B64(SHA256) instead of MD5/SHA1.
* build-aux/announce-gen (%digest_classes): Removed.
(usage): Doc fix.
(print_checksums): Instead of MD5/SHA1, print SHA1 and
B64(SHA256), inspired by OpenSSH announcements.
---
ChangeLog | 8 ++++++++
build-aux/announce-gen | 33 +++++++++++----------------------
2 files changed, 19 insertions(+), 22 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 06f139a54..079a5b71c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2021-08-03 Simon Josefsson <si...@josefsson.org>
+
+ announce-gen: Print SHA1/B64(SHA256) instead of MD5/SHA1.
+ * build-aux/announce-gen (%digest_classes): Removed.
+ (usage): Doc fix.
+ (print_checksums): Instead of MD5/SHA1, print SHA1 and
+ B64(SHA256), inspired by OpenSSH announcements.
+
2021-08-02 Paul Eggert <egg...@cs.ucla.edu>
manywarnings: enable some malloc warnings
diff --git a/build-aux/announce-gen b/build-aux/announce-gen
index daa478c8e..b07cbd742 100755
--- a/build-aux/announce-gen
+++ b/build-aux/announce-gen
@@ -35,7 +35,7 @@
eval 'exec perl -wSx "$0" "$@"'
if 0;
-my $VERSION = '2021-04-11 8:42'; # UTC
+my $VERSION = '2021-08-03 15:13'; # UTC
# The definition above must lie within the first 8 lines in order
# for the Emacs time-stamp write hook (at end) to update it.
# If you change this file with Emacs, please let the write hook
@@ -51,12 +51,6 @@ use POSIX qw(strftime);
my %valid_release_types = map {$_ => 1} qw (alpha beta stable);
my @archive_suffixes = qw (tar.gz tar.bz2 tar.lz tar.lzma tar.xz);
-my %digest_classes =
- (
- 'md5' => (eval { require Digest::MD5; } and 'Digest::MD5'),
- 'sha1' => ((eval { require Digest::SHA; } and 'Digest::SHA')
- or (eval { require Digest::SHA1; } and 'Digest::SHA1'))
- );
my $srcdir = '.';
sub usage ($)
@@ -96,7 +90,7 @@ The following are optional:
VERSION is the result of running git describe
in the gnulib source directory.
required if gnulib is in TOOL_LIST.
- --no-print-checksums do not emit MD5 or SHA1 checksums
+ --no-print-checksums do not emit SHA1 or SHA256 checksums
--archive-suffix=SUF add SUF to the list of archive suffixes
--mail-headers=HEADERS a space-separated list of mail headers, e.g.,
To: x\@example.com Cc: y-announce\@example.com,...
@@ -163,7 +157,7 @@ sub print_locations ($\@\%@)
=item C<print_checksums (@file)
-Print the MD5 and SHA1 signature section for each C<@file>.
+Print the SHA1 and SHA256 signature section for each C<@file>.
=cut
@@ -171,23 +165,18 @@ sub print_checksums (@)
{
my (@file) = @_;
- print "Here are the MD5 and SHA1 checksums:\n";
+ print "Here are the SHA1 and SHA256 checksums:\n";
print "\n";
- foreach my $meth (qw (md5 sha1))
+ use Digest::file qw(digest_file_hex digest_file_base64);
+
+ foreach my $f (@file)
{
- my $class = $digest_classes{$meth} or next;
- foreach my $f (@file)
- {
- open IN, '<', $f
- or die "$ME: $f: cannot open for reading: $!\n";
- binmode IN;
- my $dig = $class->new->addfile(*IN)->hexdigest;
- close IN;
- print "$dig $f\n";
- }
+ print digest_file_hex($f, "SHA-1"), " $f\n";
+ print digest_file_base64($f, "SHA-256"), " $f\n";
}
- print "\n";
+ print "\nPlease note that the SHA256 checksum is base64 encoded and not\n";
+ print "hexadecimal (which is the default for most checksum tools).\n\n";
}
=item C<print_news_deltas ($news_file, $prev_version, $curr_version)
--
2.30.2
From 3ace7783656f3e38b6db4e44881959116e581a2b Mon Sep 17 00:00:00 2001 From: Simon Josefsson <si...@josefsson.org> Date: Tue, 3 Aug 2021 17:16:42 +0200 Subject: [PATCH 2/2] maintainer-makefile: Print checksums by default. * top/maint.mk (announcement): Drop --no-print-checksums. --- ChangeLog | 3 +++ top/maint.mk | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 079a5b71c..cb65d202b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ (print_checksums): Instead of MD5/SHA1, print SHA1 and B64(SHA256), inspired by OpenSSH announcements. + maintainer-makefile: Print checksums by default. + * top/maint.mk (announcement): Drop --no-print-checksums. + 2021-08-02 Paul Eggert <egg...@cs.ucla.edu> manywarnings: enable some malloc warnings diff --git a/top/maint.mk b/top/maint.mk index 044254bdc..6a3ea9606 100644 --- a/top/maint.mk +++ b/top/maint.mk @@ -1426,7 +1426,6 @@ announcement: NEWS ChangeLog $(rel-files) --bootstrap-tools=$(bootstrap-tools) \ $$(case ,$(bootstrap-tools), in (*,gnulib,*) \ echo --gnulib-version=$(gnulib-version);; esac) \ - --no-print-checksums \ $(addprefix --url-dir=, $(url_dir_list)) .PHONY: release-commit -- 2.30.2
signature.asc
Description: PGP signature
