Message ID | 1412680305-28778-1-git-send-email-gustavo@zacarias.com.ar |
---|---|
State | Accepted |
Commit | cf197b2d18b5ac4fabd0a16e58f6800b42bbff45 |
Headers | show |
Hi Gustavo, On Tue, Oct 07, 2014 at 08:11:45AM -0300, Gustavo Zacarias wrote: > Also add hash file. > > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> > --- > package/openssh/openssh.hash | 2 ++ > package/openssh/openssh.mk | 2 +- > 2 files changed, 3 insertions(+), 1 deletion(-) > create mode 100644 package/openssh/openssh.hash > > diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash > new file mode 100644 > index 0000000..0b57d48 > --- /dev/null > +++ b/package/openssh/openssh.hash > @@ -0,0 +1,2 @@ > +# Locally calculated after checking pgp signature > +sha256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 openssh-6.7p1.tar.gz Why not use the (base64 encoded) hash values from http://www.openssh.com/txt/release-6.7? The output of echo svg5Tq6Fjau9732sELma7ADJVGJ1PoA0LlMLu29yVQc= |base64 -d |hd matches your calculated SHA256 AFAICS. baruch
On 10/07/2014 09:39 AM, Baruch Siach wrote: > Why not use the (base64 encoded) hash values from > http://www.openssh.com/txt/release-6.7? The output of > > echo svg5Tq6Fjau9732sELma7ADJVGJ1PoA0LlMLu29yVQc= |base64 -d |hd > > matches your calculated SHA256 AFAICS. Hi. Because i've found out about the release from another source. Both are equally good though. Regards.
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes: > Also add hash file. > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Committed, thanks.
Hi Gustavo, On Tue, Oct 07, 2014 at 09:46:42AM -0300, Gustavo Zacarias wrote: > On 10/07/2014 09:39 AM, Baruch Siach wrote: > > Why not use the (base64 encoded) hash values from > > http://www.openssh.com/txt/release-6.7? The output of > > > > echo svg5Tq6Fjau9732sELma7ADJVGJ1PoA0LlMLu29yVQc= |base64 -d |hd > > > > matches your calculated SHA256 AFAICS. > > Because i've found out about the release from another source. > Both are equally good though. I think this link is worth mentioning in the .hash file. It allows the user to verify the hash against an external source, adding to the warm and fuzzy feeling that is the whole point of .hash files. This is especially important for sensitive packages like OpenSSH. baruch
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes: >> Because i've found out about the release from another source. >> Both are equally good though. > I think this link is worth mentioning in the .hash file. It allows > the user to verify the hash against an external source, adding to the > warm and fuzzy feeling that is the whole point of .hash files. This > is especially important for sensitive packages like OpenSSH. Agreed.
diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash new file mode 100644 index 0000000..0b57d48 --- /dev/null +++ b/package/openssh/openssh.hash @@ -0,0 +1,2 @@ +# Locally calculated after checking pgp signature +sha256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 openssh-6.7p1.tar.gz diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index b934722..17097d5 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -4,7 +4,7 @@ # ################################################################################ -OPENSSH_VERSION = 6.6p1 +OPENSSH_VERSION = 6.7p1 OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable OPENSSH_LICENSE = BSD-3c BSD-2c Public Domain OPENSSH_LICENSE_FILES = LICENCE
Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> --- package/openssh/openssh.hash | 2 ++ package/openssh/openssh.mk | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 package/openssh/openssh.hash