This adds support for the "sha256digest" keyword to create/compare SHA2-256 digests of files. In the man page, also replace SHA-1 with SHA2-256 in the examples section.
ok? Index: compare.c =================================================================== RCS file: /cvs/src/usr.sbin/mtree/compare.c,v retrieving revision 1.22 diff -u -p -r1.22 compare.c --- compare.c 27 Oct 2009 23:59:53 -0000 1.22 +++ compare.c 7 Jul 2012 12:44:46 -0000 @@ -39,8 +39,9 @@ #include <time.h> #include <unistd.h> #include <md5.h> -#include <sha1.h> #include <rmd160.h> +#include <sha1.h> +#include <sha2.h> #include "mtree.h" #include "extern.h" @@ -283,6 +284,22 @@ typeerr: LABEL; } else if (strcmp(new_digest, s->sha1digest)) { LABEL; printf("%sSHA1 (%s, %s)\n", tab, s->sha1digest, + new_digest); + tab = "\t"; + } + } + if (s->flags & F_SHA256) { + char *new_digest, buf[SHA256_DIGEST_STRING_LENGTH]; + + new_digest = SHA256File(p->fts_accpath, buf); + if (!new_digest) { + LABEL; + printf("%sSHA256File: %s: %s\n", tab, p->fts_accpath, + strerror(errno)); + tab = "\t"; + } else if (strcmp(new_digest, s->sha256digest)) { + LABEL; + printf("%sSHA256 (%s, %s)\n", tab, s->sha256digest, new_digest); tab = "\t"; } Index: create.c =================================================================== RCS file: /cvs/src/usr.sbin/mtree/create.c,v retrieving revision 1.26 diff -u -p -r1.26 create.c --- create.c 27 Oct 2009 23:59:53 -0000 1.26 +++ create.c 7 Jul 2012 12:47:05 -0000 @@ -44,8 +44,9 @@ #include <stdarg.h> #include <vis.h> #include <md5.h> -#include <sha1.h> #include <rmd160.h> +#include <sha1.h> +#include <sha2.h> #include "mtree.h" #include "extern.h" @@ -222,6 +223,15 @@ statf(int indent, FTSENT *p) error("%s: %s", p->fts_accpath, strerror(errno)); else output(indent, &offset, "sha1digest=%s", sha1digest); + } + if (keys & F_SHA256 && S_ISREG(p->fts_statp->st_mode)) { + char *sha256digest, buf[SHA256_DIGEST_STRING_LENGTH]; + + sha256digest = SHA256File(p->fts_accpath,buf); + if (!sha256digest) + error("%s: %s", p->fts_accpath, strerror(errno)); + else + output(indent, &offset, "sha256digest=%s", sha256digest); } if (keys & F_SLINK && (p->fts_info == FTS_SL || p->fts_info == FTS_SLNONE)) { Index: misc.c =================================================================== RCS file: /cvs/src/usr.sbin/mtree/misc.c,v retrieving revision 1.18 diff -u -p -r1.18 misc.c --- misc.c 1 Aug 2004 18:32:20 -0000 1.18 +++ misc.c 7 Jul 2012 12:41:24 -0000 @@ -64,6 +64,7 @@ static KEY keylist[] = { {"optional", F_OPT, 0}, {"rmd160digest",F_RMD160, NEEDVALUE}, {"sha1digest", F_SHA1, NEEDVALUE}, + {"sha256digest",F_SHA256, NEEDVALUE}, {"size", F_SIZE, NEEDVALUE}, {"time", F_TIME, NEEDVALUE}, {"type", F_TYPE, NEEDVALUE}, Index: mtree.8 =================================================================== RCS file: /cvs/src/usr.sbin/mtree/mtree.8,v retrieving revision 1.35 diff -u -p -r1.35 mtree.8 --- mtree.8 3 Sep 2010 11:22:36 -0000 1.35 +++ mtree.8 7 Jul 2012 13:31:09 -0000 @@ -193,6 +193,8 @@ not in the file hierarchy. The RIPEMD-160 message digest of the file. .It Cm sha1digest The SHA-1 message digest of the file. +.It Cm sha256digest +The SHA2-256 message digest of the file. .It Cm size The size, in bytes, of the file. .It Cm time @@ -305,21 +307,21 @@ it is recommended that .Nm mtree .Fl cK -.Cm sha1digest +.Cm sha256digest be run on the file systems, and a copy of the results stored on a different machine, or, at least, in encrypted form. The output file itself should be digested using the -.Xr sha1 1 +.Xr sha256 1 utility. Then, periodically, .Nm mtree and -.Xr sha1 1 +.Xr sha256 1 should be run against the on-line specifications. While it is possible for the bad guys to change the on-line specifications to conform to their modified binaries, it is believed to be impractical for them to create a modified specification which has -the same SHA1 digest as the original. +the same SHA2-256 digest as the original. .Pp The .Fl d @@ -336,11 +338,13 @@ distribution. .Xr cksum 1 , .Xr md5 1 , .Xr sha1 1 , +.Xr sha256 1 , .Xr stat 2 , .Xr fts 3 , .Xr md5 3 , .Xr rmd160 3 , .Xr sha1 3 , +.Xr sha2 3 , .Xr hier 7 , .Xr chown 8 .Sh HISTORY Index: mtree.h =================================================================== RCS file: /cvs/src/usr.sbin/mtree/mtree.h,v retrieving revision 1.12 diff -u -p -r1.12 mtree.h --- mtree.h 8 Oct 2008 12:17:02 -0000 1.12 +++ mtree.h 7 Jul 2012 13:29:49 -0000 @@ -53,6 +53,7 @@ typedef struct _node { char *md5digest; /* MD5 digest */ char *rmd160digest; /* RIPEMD-160 digest */ char *sha1digest; /* SHA-1 digest */ + char *sha256digest; /* SHA-256 digest */ char *slink; /* symbolic link reference */ uid_t st_uid; /* uid */ gid_t st_gid; /* gid */ @@ -82,6 +83,7 @@ typedef struct _node { #define F_VISIT 0x040000 /* file visited */ #define F_FLAGS 0x080000 /* file flags */ #define F_NOCHANGE 0x100000 /* do not change owner/mode */ +#define F_SHA256 0x200000 /* SHA-256 digest */ u_int32_t flags; /* items set */ #define F_BLOCK 0x001 /* block special */ Index: spec.c =================================================================== RCS file: /cvs/src/usr.sbin/mtree/spec.c,v retrieving revision 1.25 diff -u -p -r1.25 spec.c --- spec.c 27 Oct 2009 23:59:53 -0000 1.25 +++ spec.c 7 Jul 2012 12:38:16 -0000 @@ -235,6 +235,11 @@ set(char *t, NODE *ip) if (!ip->sha1digest) error("%s", strerror(errno)); break; + case F_SHA256: + ip->sha256digest = strdup(val); + if (!ip->sha256digest) + error("%s", strerror(errno)); + break; case F_SIZE: ip->st_size = strtouq(val, &ep, 10); if (*ep) -- Christian "naddy" Weisgerber na...@mips.inka.de