You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jf...@apache.org on 2020/03/18 08:36:46 UTC
svn commit: r1875349 - /httpd/site/trunk/tools/roll.sh
Author: jfclere
Date: Wed Mar 18 08:36:46 2020
New Revision: 1875349
URL: http://svn.apache.org/viewvc?rev=1875349&view=rev
Log:
Add sha512
Modified:
httpd/site/trunk/tools/roll.sh
Modified: httpd/site/trunk/tools/roll.sh
URL: http://svn.apache.org/viewvc/httpd/site/trunk/tools/roll.sh?rev=1875349&r1=1875348&r2=1875349&view=diff
==============================================================================
--- httpd/site/trunk/tools/roll.sh (original)
+++ httpd/site/trunk/tools/roll.sh Wed Mar 18 08:36:46 2020
@@ -103,9 +103,11 @@ openssl="`which openssl 2> /dev/null | h
md5sum="`which md5sum 2> /dev/null | head -1`"
sha1sum="`which sha1sum 2> /dev/null | head -1`"
sha256sum="`which sha256sum 2> /dev/null | head -1`"
+sha512sum="`which sha512sum 2> /dev/null | head -1`"
md5="`which md5 2> /dev/null | head -1`"
sha1="`which sha1 2> /dev/null | head -1`"
sha256="`which sha256 2> /dev/null | head -1`"
+sha512sum="`which sha512sum 2> /dev/null | head -1`"
sed="`which gsed 2> /dev/null | head -1`"
if ! test -x "${sed}"; then
sed="`which sed 2> /dev/null | head -1`"
@@ -126,6 +128,9 @@ if test -x "${openssl}"; then
echo "openssl: creating sha256 checksum file for ${file} ..."
${openssl} sha256 ${file} |\
${sed} -e 's#^SHA256(\(.*\))= \([0-9a-f]*\)$#\2 *\1#' > ${file}.sha256
+ echo "openssl: creating sha512 checksum file for ${file} ..."
+ ${openssl} sha512 ${file} |\
+ ${sed} -e 's#^SHA512(\(.*\))= \([0-9a-f]*\)$#\2 *\1#' > ${file}.sha512
fi
done
# no openssl found - check if we have gpg2
@@ -142,10 +147,16 @@ elif test -x "${gpg2}"; then
${sed} -e '{N;s#\n##;}' |\
${sed} -e 's#\(.*\): \(.*\)#\2::\1#;s#[\r\n]##g;s# ##g' \
-e 'y#ABCDEF#abcdef#;s#::# *#' > ${file}.sha1
+ echo "gpg2: creating sha256 checksum file for ${file} ..."
${gpg} --print-md sha256 ${file} |\
${sed} -e '{N;s#\n##;}' |\
${sed} -e 's#\(.*\): \(.*\)#\2::\1#;s#[\r\n]##g;s# ##g' \
-e 'y#ABCDEF#abcdef#;s#::# *#' > ${file}.sha256
+ echo "gpg2: creating sha512 checksum file for ${file} ..."
+ ${gpg} --print-md sha512 ${file} |\
+ ${sed} -e '{N;s#\n##;}' |\
+ ${sed} -e 's#\(.*\): \(.*\)#\2::\1#;s#[\r\n]##g;s# ##g' \
+ -e 'y#ABCDEF#abcdef#;s#::# *#' > ${file}.sha512
fi
done
# no gpg2 found - check if we have gpg
@@ -162,10 +173,16 @@ elif test -x "${gpg}"; then
${sed} -e '{N;s#\n##;}' |\
${sed} -e 's#\(.*\): \(.*\)#\2::\1#;s#[\r\n]##g;s# ##g' \
-e 'y#ABCDEF#abcdef#;s#::# *#' > ${file}.sha1
+ echo "gpg: creating sha256 checksum file for ${file} ..."
${gpg} --print-md sha256 ${file} |\
${sed} -e '{N;s#\n##;}' |\
${sed} -e 's#\(.*\): \(.*\)#\2::\1#;s#[\r\n]##g;s# ##g' \
-e 'y#ABCDEF#abcdef#;s#::# *#' > ${file}.sha256
+ echo "gpg: creating sha512 checksum file for ${file} ..."
+ ${gpg} --print-md sha512 ${file} |\
+ ${sed} -e '{N;s#\n##;}' |\
+ ${sed} -e 's#\(.*\): \(.*\)#\2::\1#;s#[\r\n]##g;s# ##g' \
+ -e 'y#ABCDEF#abcdef#;s#::# *#' > ${file}.sha512
fi
done
else
@@ -203,6 +220,7 @@ else
fi
done
fi
+ # no openssl or gpg found - check for sha256sum
if test -x "${sha256sum}"; then
for file; do
if test -f "${file}"; then
@@ -210,7 +228,7 @@ else
${sha256sum} -b ${file} > ${file}.sha256
fi
done
- # no openssl or gpg found - check for sha1
+ # no openssl or gpg found - check for sha256
elif test -x "${sha256}"; then
for file; do
if test -f "${file}"; then
@@ -219,6 +237,23 @@ else
fi
done
fi
+ # no openssl or gpg found - check for sha512sum
+ if test -x "${sha512sum}"; then
+ for file; do
+ if test -f "${file}"; then
+ echo "sha512sum: creating sha512 checksum file for ${file} ..."
+ ${sha512sum} -b ${file} > ${file}.sha512
+ fi
+ done
+ # no openssl or gpg found - check for sha512
+ elif test -x "${sha512}"; then
+ for file; do
+ if test -f "${file}"; then
+ echo "sha512: creating sha512 checksum file for ${file} ..."
+ ${sha512} -r ${file} | ${sed} -e 's# # *#' > ${file}.sha512
+ fi
+ done
+ fi
fi
echo $split
Re: svn commit: r1875349 - /httpd/site/trunk/tools/roll.sh
Posted by Alex Hautequest <hq...@hquest.pro.br>.
From OpenSSL download page (https://www.openssl.org/source/):
Note: The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023. All other versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encourage to upgrade to 1.1.1 as soon as possible. Extended support for 1.0.2 to gain access to security fixes for that version is available.
While I understand they do offer paid support for previous versions, I don’t think it is wise for httpd to openly support a discouraged code. Previous OpenSSL versions were fun, but it is time to move on.
Just my $.02.
Alex
> On Mar 18, 2020, at 09:44, jean-frederic clere <jf...@gmail.com> wrote:
>
> On 18/03/2020 11:09, Ruediger Pluem wrote:
>>> On 3/18/20 9:36 AM, jfclere@apache.org wrote:
>>> Author: jfclere
>>> Date: Wed Mar 18 08:36:46 2020
>>> New Revision: 1875349
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1875349&view=rev
>>> Log:
>>> Add sha512
>>>
>>> Modified:
>>> httpd/site/trunk/tools/roll.sh
>>>
>>> Modified: httpd/site/trunk/tools/roll.sh
>>> URL: http://svn.apache.org/viewvc/httpd/site/trunk/tools/roll.sh?rev=1875349&r1=1875348&r2=1875349&view=diff
>>> ==============================================================================
>>> --- httpd/site/trunk/tools/roll.sh (original)
>>> +++ httpd/site/trunk/tools/roll.sh Wed Mar 18 08:36:46 2020
>>> @@ -103,9 +103,11 @@ openssl="`which openssl 2> /dev/null | h
>>> md5sum="`which md5sum 2> /dev/null | head -1`"
>>> sha1sum="`which sha1sum 2> /dev/null | head -1`"
>>> sha256sum="`which sha256sum 2> /dev/null | head -1`"
>>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>>> md5="`which md5 2> /dev/null | head -1`"
>>> sha1="`which sha1 2> /dev/null | head -1`"
>>> sha256="`which sha256 2> /dev/null | head -1`"
>>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>> Should the above be sha512 instead of sha512sum?
>> Are we sure that openssl / gpg are capable of sha512 for a reasonable span of versions or is it worth checking for a
>> minimal version?
>
> gpg looks good, openssl > 1.0.0 is good too and 10 years old no?
>
>> Regards
>> Rüdiger
>
>
> --
> Cheers
>
> Jean-Frederic
Re: svn commit: r1875349 - /httpd/site/trunk/tools/roll.sh
Posted by Ruediger Pluem <rp...@apache.org>.
On 3/18/20 2:44 PM, jean-frederic clere wrote:
> On 18/03/2020 11:09, Ruediger Pluem wrote:
>>
>>
>> On 3/18/20 9:36 AM, jfclere@apache.org wrote:
>>> Author: jfclere
>>> Date: Wed Mar 18 08:36:46 2020
>>> New Revision: 1875349
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1875349&view=rev
>>> Log:
>>> Add sha512
>>>
>>> Modified:
>>> httpd/site/trunk/tools/roll.sh
>>>
>>> Modified: httpd/site/trunk/tools/roll.sh
>>> URL: http://svn.apache.org/viewvc/httpd/site/trunk/tools/roll.sh?rev=1875349&r1=1875348&r2=1875349&view=diff
>>> ==============================================================================
>>> --- httpd/site/trunk/tools/roll.sh (original)
>>> +++ httpd/site/trunk/tools/roll.sh Wed Mar 18 08:36:46 2020
>>> @@ -103,9 +103,11 @@ openssl="`which openssl 2> /dev/null | h
>>> md5sum="`which md5sum 2> /dev/null | head -1`"
>>> sha1sum="`which sha1sum 2> /dev/null | head -1`"
>>> sha256sum="`which sha256sum 2> /dev/null | head -1`"
>>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>>> md5="`which md5 2> /dev/null | head -1`"
>>> sha1="`which sha1 2> /dev/null | head -1`"
>>> sha256="`which sha256 2> /dev/null | head -1`"
>>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>>
>> Should the above be sha512 instead of sha512sum?
>>
>> Are we sure that openssl / gpg are capable of sha512 for a reasonable span of versions or is it worth checking for a
>> minimal version?
>
> gpg looks good, openssl > 1.0.0 is good too and 10 years old no?
That should be sufficient without further testing.
Regards
Rüdiger
Re: svn commit: r1875349 - /httpd/site/trunk/tools/roll.sh
Posted by jean-frederic clere <jf...@gmail.com>.
On 18/03/2020 11:09, Ruediger Pluem wrote:
>
>
> On 3/18/20 9:36 AM, jfclere@apache.org wrote:
>> Author: jfclere
>> Date: Wed Mar 18 08:36:46 2020
>> New Revision: 1875349
>>
>> URL: http://svn.apache.org/viewvc?rev=1875349&view=rev
>> Log:
>> Add sha512
>>
>> Modified:
>> httpd/site/trunk/tools/roll.sh
>>
>> Modified: httpd/site/trunk/tools/roll.sh
>> URL: http://svn.apache.org/viewvc/httpd/site/trunk/tools/roll.sh?rev=1875349&r1=1875348&r2=1875349&view=diff
>> ==============================================================================
>> --- httpd/site/trunk/tools/roll.sh (original)
>> +++ httpd/site/trunk/tools/roll.sh Wed Mar 18 08:36:46 2020
>> @@ -103,9 +103,11 @@ openssl="`which openssl 2> /dev/null | h
>> md5sum="`which md5sum 2> /dev/null | head -1`"
>> sha1sum="`which sha1sum 2> /dev/null | head -1`"
>> sha256sum="`which sha256sum 2> /dev/null | head -1`"
>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>> md5="`which md5 2> /dev/null | head -1`"
>> sha1="`which sha1 2> /dev/null | head -1`"
>> sha256="`which sha256 2> /dev/null | head -1`"
>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>
> Should the above be sha512 instead of sha512sum?
>
> Are we sure that openssl / gpg are capable of sha512 for a reasonable span of versions or is it worth checking for a
> minimal version?
gpg looks good, openssl > 1.0.0 is good too and 10 years old no?
>
> Regards
>
> Rüdiger
>
--
Cheers
Jean-Frederic
Re: svn commit: r1875349 - /httpd/site/trunk/tools/roll.sh
Posted by jean-frederic clere <jf...@gmail.com>.
On 18/03/2020 14:11, jean-frederic clere wrote:
> On 18/03/2020 11:09, Ruediger Pluem wrote:
>>
>>
>> On 3/18/20 9:36 AM, jfclere@apache.org wrote:
>>> Author: jfclere
>>> Date: Wed Mar 18 08:36:46 2020
>>> New Revision: 1875349
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1875349&view=rev
>>> Log:
>>> Add sha512
>>>
>>> Modified:
>>> httpd/site/trunk/tools/roll.sh
>>>
>>> Modified: httpd/site/trunk/tools/roll.sh
>>> URL:
>>> http://svn.apache.org/viewvc/httpd/site/trunk/tools/roll.sh?rev=1875349&r1=1875348&r2=1875349&view=diff
>>>
>>> ==============================================================================
>>>
>>> --- httpd/site/trunk/tools/roll.sh (original)
>>> +++ httpd/site/trunk/tools/roll.sh Wed Mar 18 08:36:46 2020
>>> @@ -103,9 +103,11 @@ openssl="`which openssl 2> /dev/null | h
>>> md5sum="`which md5sum 2> /dev/null | head -1`"
>>> sha1sum="`which sha1sum 2> /dev/null | head -1`"
>>> sha256sum="`which sha256sum 2> /dev/null | head -1`"
>>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>>> md5="`which md5 2> /dev/null | head -1`"
>>> sha1="`which sha1 2> /dev/null | head -1`"
>>> sha256="`which sha256 2> /dev/null | head -1`"
>>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>>
>> Should the above be sha512 instead of sha512sum?
>
> Oops. fixed thanks.
>
>>
>> Are we sure that openssl / gpg are capable of sha512 for a reasonable
>> span of versions or is it worth checking for a
>> minimal version?
>
> For openssl and gpg sha512 has been here for about 10 years if I am not
> mistaken ;-)
well on my old rhel5 only openssl sha1 works...
+++
[jfclere@dhcp-144-149 ~]$ openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
+++
gpg works :D
>
>>
>> Regards
>>
>> Rüdiger
>>
>
>
--
Cheers
Jean-Frederic
Re: svn commit: r1875349 - /httpd/site/trunk/tools/roll.sh
Posted by jean-frederic clere <jf...@gmail.com>.
On 18/03/2020 11:09, Ruediger Pluem wrote:
>
>
> On 3/18/20 9:36 AM, jfclere@apache.org wrote:
>> Author: jfclere
>> Date: Wed Mar 18 08:36:46 2020
>> New Revision: 1875349
>>
>> URL: http://svn.apache.org/viewvc?rev=1875349&view=rev
>> Log:
>> Add sha512
>>
>> Modified:
>> httpd/site/trunk/tools/roll.sh
>>
>> Modified: httpd/site/trunk/tools/roll.sh
>> URL: http://svn.apache.org/viewvc/httpd/site/trunk/tools/roll.sh?rev=1875349&r1=1875348&r2=1875349&view=diff
>> ==============================================================================
>> --- httpd/site/trunk/tools/roll.sh (original)
>> +++ httpd/site/trunk/tools/roll.sh Wed Mar 18 08:36:46 2020
>> @@ -103,9 +103,11 @@ openssl="`which openssl 2> /dev/null | h
>> md5sum="`which md5sum 2> /dev/null | head -1`"
>> sha1sum="`which sha1sum 2> /dev/null | head -1`"
>> sha256sum="`which sha256sum 2> /dev/null | head -1`"
>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>> md5="`which md5 2> /dev/null | head -1`"
>> sha1="`which sha1 2> /dev/null | head -1`"
>> sha256="`which sha256 2> /dev/null | head -1`"
>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>
> Should the above be sha512 instead of sha512sum?
Oops. fixed thanks.
>
> Are we sure that openssl / gpg are capable of sha512 for a reasonable span of versions or is it worth checking for a
> minimal version?
For openssl and gpg sha512 has been here for about 10 years if I am not
mistaken ;-)
>
> Regards
>
> Rüdiger
>
--
Cheers
Jean-Frederic
Re: svn commit: r1875349 - /httpd/site/trunk/tools/roll.sh
Posted by Ruediger Pluem <rp...@apache.org>.
On 3/18/20 9:36 AM, jfclere@apache.org wrote:
> Author: jfclere
> Date: Wed Mar 18 08:36:46 2020
> New Revision: 1875349
>
> URL: http://svn.apache.org/viewvc?rev=1875349&view=rev
> Log:
> Add sha512
>
> Modified:
> httpd/site/trunk/tools/roll.sh
>
> Modified: httpd/site/trunk/tools/roll.sh
> URL: http://svn.apache.org/viewvc/httpd/site/trunk/tools/roll.sh?rev=1875349&r1=1875348&r2=1875349&view=diff
> ==============================================================================
> --- httpd/site/trunk/tools/roll.sh (original)
> +++ httpd/site/trunk/tools/roll.sh Wed Mar 18 08:36:46 2020
> @@ -103,9 +103,11 @@ openssl="`which openssl 2> /dev/null | h
> md5sum="`which md5sum 2> /dev/null | head -1`"
> sha1sum="`which sha1sum 2> /dev/null | head -1`"
> sha256sum="`which sha256sum 2> /dev/null | head -1`"
> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
> md5="`which md5 2> /dev/null | head -1`"
> sha1="`which sha1 2> /dev/null | head -1`"
> sha256="`which sha256 2> /dev/null | head -1`"
> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
Should the above be sha512 instead of sha512sum?
Are we sure that openssl / gpg are capable of sha512 for a reasonable span of versions or is it worth checking for a
minimal version?
Regards
Rüdiger