Hi Naddy,
Christian Weisgerber wrote on Sat, Jul 07, 2012 at 03:40:00PM +0200:
> This adds support for the "sha256digest" keyword to create/compare
> SHA2-256 digests of files. In the man page, also replace SHA-1
> with SHA2-256 in the examples section.
Looks reasonable to me and survived light testing on i386.
The following slightly improves the formatting:
Index: mtree.8
===================================================================
RCS file: /cvs/src/usr.sbin/mtree/mtree.8,v
retrieving revision 1.35
diff -u -r1.35 mtree.8
--- mtree.8 3 Sep 2010 11:22:36 -0000 1.35
+++ mtree.8 7 Jul 2012 15:19:00 -0000
@@ -156,7 +156,7 @@
checks based on it are performed.
.Pp
Currently supported keywords are as follows:
-.Bl -tag -width Cm
+.Bl -tag -width sha256digest
.It Cm cksum
The checksum of the file using the default algorithm specified by
the
Here is a security(8) diff to go with it:
Index: security
===================================================================
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.18
diff -u -p -r1.18 security
--- security 17 May 2012 16:06:03 -0000 1.18
+++ security 7 Jul 2012 15:09:58 -0000
@@ -2,7 +2,7 @@
# $OpenBSD: security,v 1.18 2012/05/17 16:06:03 pascal Exp $
#
-# Copyright (c) 2011 Ingo Schwarze <schwa...@openbsd.org>
+# Copyright (c) 2011, 2012 Ingo Schwarze <schwa...@openbsd.org>
# Copyright (c) 2011 Andrew Fresh <and...@afresh1.com>
#
# Permission to use, copy, modify, and distribute this software for any
@@ -20,7 +20,7 @@
use warnings;
use strict;
-require Digest::MD5;
+use Digest::SHA qw(sha256_hex);
use Errno qw(ENOENT);
use Fcntl qw(:mode);
use File::Basename qw(basename);
@@ -689,7 +689,7 @@ sub check_disks {
#
# Create the mtree tree specifications using:
#
-# mtree -cx -p DIR -K md5digest,type >/etc/mtree/DIR.secure
+# mtree -cx -p DIR -K sha256digest,type > /etc/mtree/DIR.secure
# chown root:wheel /etc/mtree/DIR.secure
# chmod 600 /etc/mtree/DIR.secure
#
@@ -764,56 +764,57 @@ sub backup_if_changed {
}
}
-sub backup_md5 {
+sub backup_digest {
my ($orig) = @_;
my ($backup) = $orig =~ m{^/?(.*)};
$backup =~ s{/}{_}g;
- my $current = BACKUP_DIR . "$backup.current.md5";
- $backup = BACKUP_DIR . "$backup.backup.md5";
+ my $current = BACKUP_DIR . "$backup.current.sha256";
+ $backup = BACKUP_DIR . "$backup.backup.sha256";
- my $md5_new = 0;
+ my $digest_new = 0;
if (-s $orig) {
if (open my $fh, '<', $orig) {
binmode $fh;
- $md5_new = Digest::MD5->new->addfile($fh)->hexdigest;
+ local $/;
+ $digest_new = sha256_hex(<$fh>);
close $fh;
} else { nag 1, "open: $orig: $!"; }
}
- my $md5_old = 0;
+ my $digest_old = 0;
if (-s $current) {
if (open my $fh, '<', $current) {
- $md5_old = <$fh>;
+ $digest_old = <$fh>;
close $fh;
- chomp $md5_old;
+ chomp $digest_old;
} else { nag 1, "open: $current: $!"; }
}
- return if $md5_old eq $md5_new;
+ return if $digest_old eq $digest_new;
- if ($md5_old && $md5_new) {
+ if ($digest_old && $digest_new) {
copy $current, $backup;
chown 0, 0, $backup;
chmod 0600, $backup;
- } elsif ($md5_old) {
- $check_title = "======\n$orig removed MD5 checksum\n======";
+ } elsif ($digest_old) {
+ $check_title = "======\n$orig removed SHA-256 checksum\n======";
unlink $current;
- } elsif ($md5_new) {
- $check_title = "======\n$orig new MD5 checksum\n======";
+ } elsif ($digest_new) {
+ $check_title = "======\n$orig new SHA-256 checksum\n======";
}
- if ($md5_new) {
+ if ($digest_new) {
if (open my $fh, '>', $current) {
- print $fh "$md5_new\n";
+ print $fh "$digest_new\n";
close $fh;
} else { nag 1, "open: $current: $!\n"; }
chown 0, 0, $current;
chmod 0600, $current;
}
- nag $md5_old, "OLD: $md5_old";
- nag $md5_new, "NEW: $md5_new";
+ nag $digest_old, "OLD: $digest_old";
+ nag $digest_new, "NEW: $digest_new";
}
# List of files that get backed up and checked for any modifications. Each
@@ -842,8 +843,8 @@ sub check_changelist {
if ($plus) {
$check_title =
- "======\n$_ MD5 checksums\n======";
- backup_md5 $_;
+ "======\n$_ SHA-256 checksums\n======";
+ backup_digest $_;
} else {
$check_title =
"======\n$_ diffs (-OLD +NEW)\n======";
