This adds support for the "sha256digest" keyword to create/compare
SHA2-256 digests of files. In the man page, also replace SHA-1
with SHA2-256 in the examples section.
ok?
Index: compare.c
===================================================================
RCS file: /cvs/src/usr.sbin/mtree/compare.c,v
retrieving revision 1.22
diff -u -p -r1.22 compare.c
--- compare.c 27 Oct 2009 23:59:53 -0000 1.22
+++ compare.c 7 Jul 2012 12:44:46 -0000
@@ -39,8 +39,9 @@
#include <time.h>
#include <unistd.h>
#include <md5.h>
-#include <sha1.h>
#include <rmd160.h>
+#include <sha1.h>
+#include <sha2.h>
#include "mtree.h"
#include "extern.h"
@@ -283,6 +284,22 @@ typeerr: LABEL;
} else if (strcmp(new_digest, s->sha1digest)) {
LABEL;
printf("%sSHA1 (%s, %s)\n", tab, s->sha1digest,
+ new_digest);
+ tab = "\t";
+ }
+ }
+ if (s->flags & F_SHA256) {
+ char *new_digest, buf[SHA256_DIGEST_STRING_LENGTH];
+
+ new_digest = SHA256File(p->fts_accpath, buf);
+ if (!new_digest) {
+ LABEL;
+ printf("%sSHA256File: %s: %s\n", tab, p->fts_accpath,
+ strerror(errno));
+ tab = "\t";
+ } else if (strcmp(new_digest, s->sha256digest)) {
+ LABEL;
+ printf("%sSHA256 (%s, %s)\n", tab, s->sha256digest,
new_digest);
tab = "\t";
}
Index: create.c
===================================================================
RCS file: /cvs/src/usr.sbin/mtree/create.c,v
retrieving revision 1.26
diff -u -p -r1.26 create.c
--- create.c 27 Oct 2009 23:59:53 -0000 1.26
+++ create.c 7 Jul 2012 12:47:05 -0000
@@ -44,8 +44,9 @@
#include <stdarg.h>
#include <vis.h>
#include <md5.h>
-#include <sha1.h>
#include <rmd160.h>
+#include <sha1.h>
+#include <sha2.h>
#include "mtree.h"
#include "extern.h"
@@ -222,6 +223,15 @@ statf(int indent, FTSENT *p)
error("%s: %s", p->fts_accpath, strerror(errno));
else
output(indent, &offset, "sha1digest=%s", sha1digest);
+ }
+ if (keys & F_SHA256 && S_ISREG(p->fts_statp->st_mode)) {
+ char *sha256digest, buf[SHA256_DIGEST_STRING_LENGTH];
+
+ sha256digest = SHA256File(p->fts_accpath,buf);
+ if (!sha256digest)
+ error("%s: %s", p->fts_accpath, strerror(errno));
+ else
+ output(indent, &offset, "sha256digest=%s",
sha256digest);
}
if (keys & F_SLINK &&
(p->fts_info == FTS_SL || p->fts_info == FTS_SLNONE)) {
Index: misc.c
===================================================================
RCS file: /cvs/src/usr.sbin/mtree/misc.c,v
retrieving revision 1.18
diff -u -p -r1.18 misc.c
--- misc.c 1 Aug 2004 18:32:20 -0000 1.18
+++ misc.c 7 Jul 2012 12:41:24 -0000
@@ -64,6 +64,7 @@ static KEY keylist[] = {
{"optional", F_OPT, 0},
{"rmd160digest",F_RMD160, NEEDVALUE},
{"sha1digest", F_SHA1, NEEDVALUE},
+ {"sha256digest",F_SHA256, NEEDVALUE},
{"size", F_SIZE, NEEDVALUE},
{"time", F_TIME, NEEDVALUE},
{"type", F_TYPE, NEEDVALUE},
Index: mtree.8
===================================================================
RCS file: /cvs/src/usr.sbin/mtree/mtree.8,v
retrieving revision 1.35
diff -u -p -r1.35 mtree.8
--- mtree.8 3 Sep 2010 11:22:36 -0000 1.35
+++ mtree.8 7 Jul 2012 13:31:09 -0000
@@ -193,6 +193,8 @@ not in the file hierarchy.
The RIPEMD-160 message digest of the file.
.It Cm sha1digest
The SHA-1 message digest of the file.
+.It Cm sha256digest
+The SHA2-256 message digest of the file.
.It Cm size
The size, in bytes, of the file.
.It Cm time
@@ -305,21 +307,21 @@ it is recommended
that
.Nm mtree
.Fl cK
-.Cm sha1digest
+.Cm sha256digest
be run on the file systems, and a copy of the results stored on a different
machine, or, at least, in encrypted form.
The output file itself should be digested using the
-.Xr sha1 1
+.Xr sha256 1
utility.
Then, periodically,
.Nm mtree
and
-.Xr sha1 1
+.Xr sha256 1
should be run against the on-line specifications.
While it is possible for the bad guys to change the on-line specifications
to conform to their modified binaries, it is believed to be
impractical for them to create a modified specification which has
-the same SHA1 digest as the original.
+the same SHA2-256 digest as the original.
.Pp
The
.Fl d
@@ -336,11 +338,13 @@ distribution.
.Xr cksum 1 ,
.Xr md5 1 ,
.Xr sha1 1 ,
+.Xr sha256 1 ,
.Xr stat 2 ,
.Xr fts 3 ,
.Xr md5 3 ,
.Xr rmd160 3 ,
.Xr sha1 3 ,
+.Xr sha2 3 ,
.Xr hier 7 ,
.Xr chown 8
.Sh HISTORY
Index: mtree.h
===================================================================
RCS file: /cvs/src/usr.sbin/mtree/mtree.h,v
retrieving revision 1.12
diff -u -p -r1.12 mtree.h
--- mtree.h 8 Oct 2008 12:17:02 -0000 1.12
+++ mtree.h 7 Jul 2012 13:29:49 -0000
@@ -53,6 +53,7 @@ typedef struct _node {
char *md5digest; /* MD5 digest */
char *rmd160digest; /* RIPEMD-160 digest */
char *sha1digest; /* SHA-1 digest */
+ char *sha256digest; /* SHA-256 digest */
char *slink; /* symbolic link reference */
uid_t st_uid; /* uid */
gid_t st_gid; /* gid */
@@ -82,6 +83,7 @@ typedef struct _node {
#define F_VISIT 0x040000 /* file visited */
#define F_FLAGS 0x080000 /* file flags */
#define F_NOCHANGE 0x100000 /* do not change
owner/mode */
+#define F_SHA256 0x200000 /* SHA-256 digest */
u_int32_t flags; /* items set */
#define F_BLOCK 0x001 /* block special */
Index: spec.c
===================================================================
RCS file: /cvs/src/usr.sbin/mtree/spec.c,v
retrieving revision 1.25
diff -u -p -r1.25 spec.c
--- spec.c 27 Oct 2009 23:59:53 -0000 1.25
+++ spec.c 7 Jul 2012 12:38:16 -0000
@@ -235,6 +235,11 @@ set(char *t, NODE *ip)
if (!ip->sha1digest)
error("%s", strerror(errno));
break;
+ case F_SHA256:
+ ip->sha256digest = strdup(val);
+ if (!ip->sha256digest)
+ error("%s", strerror(errno));
+ break;
case F_SIZE:
ip->st_size = strtouq(val, &ep, 10);
if (*ep)
--
Christian "naddy" Weisgerber [email protected]
