Package: busybox-static Version: 1:1.22.0-15 Severity: normal I have an OpenPGP-signed file that contains lines produced by sha512sum[0]. Running sha512sum -c on it exits 0, noting the improperly-formatted lines:
vauxhall ok % LC_ALL=C sha512sum -c SHA512SUMS; echo $? 0223b187.asc: OK README.adoc: OK README.xhtml: OK otr.adoc: OK otr.xhtml: OK ssh-keys.txt: OK sha512sum: WARNING: 20 lines are improperly formatted 0 However, busybox's sha512sum exits 1: vauxhall no % LC_ALL=C busybox sha512sum -c SHA512SUMS; echo $? 0223b187.asc: OK README.adoc: OK README.xhtml: OK otr.adoc: OK otr.xhtml: OK ssh-keys.txt: OK sha512sum: WARNING: 20 of 26 computed checksums did NOT match 1 Furthermore, it claims that there were 20 computed checksums that did not match, which is untrue and misleading. As there were no corresponding files, it did not compute any checksums for those lines, and all the checksums it did compute did, in fact, match. OpenPGP clearsigning hash files is not uncommon; for example, kernel.org does it[1]. busybox's sha512sum (and sha256sum, etc.) should exit 0 on success even in the face of ill-formed lines, and it should accurately reflect that those lines were ill-formed and not lead the user to believe that there was a mismatch when there was not. [0] Available at https://www.crustytoothpaste.net/~bmc/keys/ [1] https://www.kernel.org/pub/software/scm/git/sha256sums.asc -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.1.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=es_US.UTF-8, LC_CTYPE=es_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
