| Message ID | 20230315130518.4496-1-unixbhaskar@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Kbuild: Elevate sha1sum to sha256sum for atomic headers check | expand |
From: Bhaskar Chowdhury > Sent: 15 March 2023 13:05 > > Thought it would be a good idea to use a elevated mechanism i.e sha256sum How can this change possibly work. It is just a list of definitions read by another makefile. You've changed the name of a definition without changing where it is used. Also if the code is looking for a change, you'd need to change what it is compared against. In any case no one is worried about malicious attempts to change things without being noticed, even sha1 is OTT. David > > Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com> > --- > Kbuild | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/Kbuild b/Kbuild > index 464b34a08f51..b74040346d76 100644 > --- a/Kbuild > +++ b/Kbuild > @@ -45,14 +45,14 @@ missing-syscalls: scripts/checksyscalls.sh $(offsets-file) > > # Check the manual modification of atomic headers > > -quiet_cmd_check_sha1 = CHKSHA1 $< > - cmd_check_sha1 = \ > - if ! command -v sha1sum >/dev/null; then \ > - echo "warning: cannot check the header due to sha1sum missing"; \ > +quiet_cmd_check_sha256 = CHKSHA256 $< > + cmd_check_sha256 = \ > + if ! command -v sha256sum >/dev/null; then \ > + echo "warning: cannot check the header due to sha256sum missing"; \ > exit 0; \ > fi; \ > if [ "$$(sed -n '$$s:// ::p' $<)" != \ > - "$$(sed '$$d' $< | sha1sum | sed 's/ .*//')" ]; then \ > + "$$(sed '$$d' $< | sha256sum | sed 's/ .*//')" ]; then \ > echo "error: $< has been modified." >&2; \ > exit 1; \ > fi; \ > -- > 2.39.2 - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
On 08:58 Fri 17 Mar 2023, David Laight wrote: >From: Bhaskar Chowdhury >> Sent: 15 March 2023 13:05 >> >> Thought it would be a good idea to use a elevated mechanism i.e sha256sum > >How can this change possibly work. >It is just a list of definitions read by another makefile. >You've changed the name of a definition without changing where it is used. >Also if the code is looking for a change, you'd need to change >what it is compared against. Gotcha. Thanks for the heads-up , David. I missed it. >In any case no one is worried about malicious attempts to change >things without being noticed, even sha1 is OTT. > > David > >> >> Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com> >> --- >> Kbuild | 10 +++++----- >> 1 file changed, 5 insertions(+), 5 deletions(-) >> >> diff --git a/Kbuild b/Kbuild >> index 464b34a08f51..b74040346d76 100644 >> --- a/Kbuild >> +++ b/Kbuild >> @@ -45,14 +45,14 @@ missing-syscalls: scripts/checksyscalls.sh $(offsets-file) >> >> # Check the manual modification of atomic headers >> >> -quiet_cmd_check_sha1 = CHKSHA1 $< >> - cmd_check_sha1 = \ >> - if ! command -v sha1sum >/dev/null; then \ >> - echo "warning: cannot check the header due to sha1sum missing"; \ >> +quiet_cmd_check_sha256 = CHKSHA256 $< >> + cmd_check_sha256 = \ >> + if ! command -v sha256sum >/dev/null; then \ >> + echo "warning: cannot check the header due to sha256sum missing"; \ >> exit 0; \ >> fi; \ >> if [ "$$(sed -n '$$s:// ::p' $<)" != \ >> - "$$(sed '$$d' $< | sha1sum | sed 's/ .*//')" ]; then \ >> + "$$(sed '$$d' $< | sha256sum | sed 's/ .*//')" ]; then \ >> echo "error: $< has been modified." >&2; \ >> exit 1; \ >> fi; \ >> -- >> 2.39.2 > >- >Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK >Registration No: 1397386 (Wales) -- Thanks, Bhaskar "Here's looking at you kid"-- Casablanca https://about.me/unixbhaskar
diff --git a/Kbuild b/Kbuild index 464b34a08f51..b74040346d76 100644 --- a/Kbuild +++ b/Kbuild @@ -45,14 +45,14 @@ missing-syscalls: scripts/checksyscalls.sh $(offsets-file) # Check the manual modification of atomic headers -quiet_cmd_check_sha1 = CHKSHA1 $< - cmd_check_sha1 = \ - if ! command -v sha1sum >/dev/null; then \ - echo "warning: cannot check the header due to sha1sum missing"; \ +quiet_cmd_check_sha256 = CHKSHA256 $< + cmd_check_sha256 = \ + if ! command -v sha256sum >/dev/null; then \ + echo "warning: cannot check the header due to sha256sum missing"; \ exit 0; \ fi; \ if [ "$$(sed -n '$$s:// ::p' $<)" != \ - "$$(sed '$$d' $< | sha1sum | sed 's/ .*//')" ]; then \ + "$$(sed '$$d' $< | sha256sum | sed 's/ .*//')" ]; then \ echo "error: $< has been modified." >&2; \ exit 1; \ fi; \
Thought it would be a good idea to use a elevated mechanism i.e sha256sum Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com> --- Kbuild | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) -- 2.39.2