From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-3.9 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 93C661F8C6 for ; Tue, 3 Aug 2021 15:40:35 +0000 (UTC) Received: from localhost ([::1]:49468 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mAwWw-0000NC-Hv for normalperson@yhbt.net; Tue, 03 Aug 2021 11:40:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46296) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAwWt-0000MS-2p for bug-gnulib@gnu.org; Tue, 03 Aug 2021 11:40:31 -0400 Received: from uggla.sjd.se ([2001:9b1:8633::107]:46418) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAwWp-0003Vz-Lr for bug-gnulib@gnu.org; Tue, 03 Aug 2021 11:40:30 -0400 DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2101; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gxwpnWqodcnxmd7CB3Kd1GzZ2dKGGRxJDefzITNI/wo=; t=1628005226; x=1629214826; b=6kblfElNlauT9lqDn4UnsT2XuQ61YFXlBZAHgpbEXlrlJpe103SaNLgPzUK1bavboqJ+jAqfRC lZttIVrte5AA==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2101; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=gxwpnWqodcnxmd7CB3Kd1GzZ2dKGGRxJDefzITNI/wo=; t=1628005226; x=1629214826; b=P5N4dSdiNSkqwvgaXJvPZGD3O+hWo7BT7J5wWUANYTaMlX0W/F6rdGoCqNzi3nmQZ2ce+rYH1r +EuKfBVjX99vHd6rN9QXfGRYdv41E7TKLstmxmNW7weYRxR7/P78Cf1Lo382I2t2zsAphQtU9U/op 7Hj07ZU9Dy0gBZNnMXMFIZzPb0RQYeg4qCPA/RlmGB2PqmlZPvOygI0o6QN3UgKj3EDbUGP5/UfKF eMaIilPPHErLnnERBTjBdZWPfYpGCh9nkjcsBkGM8/LN3PNJXRlhDGrox31cdcx1Nl5aH3BAsyHb8 2yVzMADbYx9a2rwgRJIzqg/fB4QT/dL0SCFYiC/5WGy9W4SettsK21VOSahdTFCbLDJqvJeliKg2v iGl5JGHtyXJ4ioxlm8jSfVqVC79YaFAlv5lpnTaJpuzgbfx9eBOQWAoGJElVBStNCTosXgcWUi ; Received: from [2001:9b1:41ac:ff00:ca68:ecc5:3351:c9b9] (port=53600 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mAwWm-0003Oy-2d; Tue, 03 Aug 2021 15:40:24 +0000 To: Jim Meyering Cc: "bug-gnulib@gnu.org List" Subject: Re: announce-gen and OpenPGP key servers References: <87y29sf65o.fsf@latte.josefsson.org> OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt X-Hashcash: 1:22:210803:jim@meyering.net::5ImjU0P/4DdB77rN:YoTF X-Hashcash: 1:22:210803:bug-gnulib@gnu.org::t+M9KYL/yxD1TFEa:oDdV Date: Tue, 03 Aug 2021 17:40:23 +0200 In-Reply-To: (Jim Meyering's message of "Tue, 27 Jul 2021 18:57:15 -0700") Message-ID: <87wnp2o7tk.fsf@latte.josefsson.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Received-SPF: pass client-ip=2001:9b1:8633::107; envelope-from=simon@josefsson.org; helo=uggla.sjd.se X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" Reply-to: Simon Josefsson From: Simon Josefsson via Gnulib discussion list --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Jim Meyering writes: > Feel free to make the script generate a full fingerprint and even > (though it feels a little like giving up) add a checksum or two. I think checksums still serve a purpose. Many announcement e-mails are OpenPGP signed (and sometimes with a different key than the release tarballs, thus creating another way to verify tarballs). Checksums also makes it harder to replace the tarball on the server with a fake (or, after a key compromise, a genuine) signature. I don't think it is a either-or situation, but rather a belt-and-suspender case. Ideally, people downloading a release should verify both the signature (to know it comes from a trusted origin) and checksum (to know it is the intended release, in case multiple signed versions co-exists). The patches below make the maintainer-makefile announcements contain SHA1 and B64(SHA256) checksums by default. The MD5 checksums are dropped; they are completely insecure now. The B64(SHA256) output is inspired by OpenSSH which started this practice with release 6.5 in 2014 and still today prints similar outputs, see: https://www.openssh.com/txt/release-6.5 https://www.openssh.com/txt/release-8.6 Unfortunately, 'sha256sum' can't verify these outputs, but I recall earlier discussions around 'sha256sum --base64' so I will resume work on that. We could opt to simply use the "standard" sha256sum output instead, if people here don't like the base64 output format. /Simon --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0001-announce-gen-Print-SHA1-B64-SHA256-instead-of-MD5-SH.patch Content-Transfer-Encoding: quoted-printable From=204adae938b8dbe01750698109bcbf5f1c9eb045b1 Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Tue, 3 Aug 2021 17:15:16 +0200 Subject: [PATCH 1/2] announce-gen: Print SHA1/B64(SHA256) instead of MD5/SH= A1. * build-aux/announce-gen (%digest_classes): Removed. (usage): Doc fix. (print_checksums): Instead of MD5/SHA1, print SHA1 and B64(SHA256), inspired by OpenSSH announcements. =2D-- ChangeLog | 8 ++++++++ build-aux/announce-gen | 33 +++++++++++---------------------- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index 06f139a54..079a5b71c 100644 =2D-- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2021-08-03 Simon Josefsson + + announce-gen: Print SHA1/B64(SHA256) instead of MD5/SHA1. + * build-aux/announce-gen (%digest_classes): Removed. + (usage): Doc fix. + (print_checksums): Instead of MD5/SHA1, print SHA1 and + B64(SHA256), inspired by OpenSSH announcements. + 2021-08-02 Paul Eggert =20 manywarnings: enable some malloc warnings diff --git a/build-aux/announce-gen b/build-aux/announce-gen index daa478c8e..b07cbd742 100755 =2D-- a/build-aux/announce-gen +++ b/build-aux/announce-gen @@ -35,7 +35,7 @@ eval 'exec perl -wSx "$0" "$@"' if 0; =20 =2Dmy $VERSION =3D '2021-04-11 8:42'; # UTC +my $VERSION =3D '2021-08-03 15:13'; # UTC # The definition above must lie within the first 8 lines in order # for the Emacs time-stamp write hook (at end) to update it. # If you change this file with Emacs, please let the write hook @@ -51,12 +51,6 @@ use POSIX qw(strftime); =20 my %valid_release_types =3D map {$_ =3D> 1} qw (alpha beta stable); my @archive_suffixes =3D qw (tar.gz tar.bz2 tar.lz tar.lzma tar.xz); =2Dmy %digest_classes =3D =2D ( =2D 'md5' =3D> (eval { require Digest::MD5; } and 'Digest::MD5'), =2D 'sha1' =3D> ((eval { require Digest::SHA; } and 'Digest::SHA') =2D or (eval { require Digest::SHA1; } and 'Digest::SHA1')) =2D ); my $srcdir =3D '.'; =20 sub usage ($) @@ -96,7 +90,7 @@ The following are optional: VERSION is the result of running git descr= ibe in the gnulib source directory. required if gnulib is in TOOL_LIST. =2D --no-print-checksums do not emit MD5 or SHA1 checksums + --no-print-checksums do not emit SHA1 or SHA256 checksums --archive-suffix=3DSUF add SUF to the list of archive suffixes --mail-headers=3DHEADERS a space-separated list of mail headers, = e.g., To: x\@example.com Cc: y-announce\@example= .com,... @@ -163,7 +157,7 @@ sub print_locations ($\@\%@) =20 =3Ditem C. +Print the SHA1 and SHA256 signature section for each C<@file>. =20 =3Dcut =20 @@ -171,23 +165,18 @@ sub print_checksums (@) { my (@file) =3D @_; =20 =2D print "Here are the MD5 and SHA1 checksums:\n"; + print "Here are the SHA1 and SHA256 checksums:\n"; print "\n"; =20 =2D foreach my $meth (qw (md5 sha1)) + use Digest::file qw(digest_file_hex digest_file_base64); + + foreach my $f (@file) { =2D my $class =3D $digest_classes{$meth} or next; =2D foreach my $f (@file) =2D { =2D open IN, '<', $f =2D or die "$ME: $f: cannot open for reading: $!\n"; =2D binmode IN; =2D my $dig =3D $class->new->addfile(*IN)->hexdigest; =2D close IN; =2D print "$dig $f\n"; =2D } + print digest_file_hex($f, "SHA-1"), " $f\n"; + print digest_file_base64($f, "SHA-256"), " $f\n"; } =2D print "\n"; + print "\nPlease note that the SHA256 checksum is base64 encoded and not\= n"; + print "hexadecimal (which is the default for most checksum tools).\n\n"; } =20 =3Ditem C Date: Tue, 3 Aug 2021 17:16:42 +0200 Subject: [PATCH 2/2] maintainer-makefile: Print checksums by default. * top/maint.mk (announcement): Drop --no-print-checksums. =2D-- ChangeLog | 3 +++ top/maint.mk | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 079a5b71c..cb65d202b 100644 =2D-- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ (print_checksums): Instead of MD5/SHA1, print SHA1 and B64(SHA256), inspired by OpenSSH announcements. =20 + maintainer-makefile: Print checksums by default. + * top/maint.mk (announcement): Drop --no-print-checksums. + 2021-08-02 Paul Eggert =20 manywarnings: enable some malloc warnings diff --git a/top/maint.mk b/top/maint.mk index 044254bdc..6a3ea9606 100644 =2D-- a/top/maint.mk +++ b/top/maint.mk @@ -1426,7 +1426,6 @@ announcement: NEWS ChangeLog $(rel-files) --bootstrap-tools=3D$(bootstrap-tools) \ $$(case ,$(bootstrap-tools), in (*,gnulib,*) \ echo --gnulib-version=3D$(gnulib-version);; esac) \ =2D --no-print-checksums \ $(addprefix --url-dir=3D, $(url_dir_list)) =20 .PHONY: release-commit =2D-=20 2.30.2 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCYQljZxQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFoi9PAQCgInRAHkX0bG/Ca59pdoqjTYkGYEAZ vzCS82SGcd5JXQD+K2u80uF5bwzKhlo4xJnENJRhHBayJiUfC78EtlICKQo= =xb5K -----END PGP SIGNATURE----- --==-=-=--