Date: Tue, 30 Oct 2018 01:39:22 +0000 (UTC) From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r339903 - user/cperciva/freebsd-update-mirror Message-ID: <201810300139.w9U1dMnA084635@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cperciva Date: Tue Oct 30 01:39:22 2018 New Revision: 339903 URL: https://svnweb.freebsd.org/changeset/base/339903 Log: Unbreak FreeBSD Update mirroring code for OpenSSL 1.1 The default key derivation algorithm for "openssl enc" changed. Force it back to the pre-1.1 default to regain backwards compatibility; we use strong keys so this is safe. Modified: user/cperciva/freebsd-update-mirror/umirror-package.sh user/cperciva/freebsd-update-mirror/umirror.sh Modified: user/cperciva/freebsd-update-mirror/umirror-package.sh ============================================================================== --- user/cperciva/freebsd-update-mirror/umirror-package.sh Tue Oct 30 00:47:40 2018 (r339902) +++ user/cperciva/freebsd-update-mirror/umirror-package.sh Tue Oct 30 01:39:22 2018 (r339903) @@ -43,7 +43,7 @@ dd if=/dev/urandom bs=1k count=1 2>/dev/null | echo >> "${PRIVDIR}/key-${ID}" # Create an encrypted tarball -openssl enc -aes-256-cbc -pass "file:${PRIVDIR}/key-${ID}" \ +openssl enc -aes-256-cbc -pass "file:${PRIVDIR}/key-${ID}" -md md5 \ < "${PRIVDIR}/dec-${ID}" > "${PRIVDIR}/tar-${ID}" # Add line to flist Modified: user/cperciva/freebsd-update-mirror/umirror.sh ============================================================================== --- user/cperciva/freebsd-update-mirror/umirror.sh Tue Oct 30 00:47:40 2018 (r339902) +++ user/cperciva/freebsd-update-mirror/umirror.sh Tue Oct 30 01:39:22 2018 (r339903) @@ -131,7 +131,7 @@ while read ID FHASH FDECHASH; do # Attempt to decrypt the file if ! [ -r "${PRIVDIR}/dec-${ID}" ]; then if ! openssl enc -aes-256-cbc -d \ - -pass "file:${PRIVDIR}/key-${ID}" \ + -pass "file:${PRIVDIR}/key-${ID}" -md md5 \ < "${PRIVDIR}/tar-${ID}" > "${PRIVDIR}/dec-${ID}"; then echo "Decrypting tar-${ID} failed" exit 1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810300139.w9U1dMnA084635>