Site Navigation

Date:      Tue, 30 Oct 2018 01:39:22 +0000 (UTC)
From:      Colin Percival <cperciva@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-user@freebsd.org
Subject:   svn commit: r339903 - user/cperciva/freebsd-update-mirror
Message-ID:  <201810300139.w9U1dMnA084635@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: cperciva
Date: Tue Oct 30 01:39:22 2018
New Revision: 339903
URL: https://svnweb.freebsd.org/changeset/base/339903

Log:
  Unbreak FreeBSD Update mirroring code for OpenSSL 1.1
  
  The default key derivation algorithm for "openssl enc" changed.  Force
  it back to the pre-1.1 default to regain backwards compatibility; we
  use strong keys so this is safe.

Modified:
  user/cperciva/freebsd-update-mirror/umirror-package.sh
  user/cperciva/freebsd-update-mirror/umirror.sh

Modified: user/cperciva/freebsd-update-mirror/umirror-package.sh
==============================================================================
--- user/cperciva/freebsd-update-mirror/umirror-package.sh	Tue Oct 30 00:47:40 2018	(r339902)
+++ user/cperciva/freebsd-update-mirror/umirror-package.sh	Tue Oct 30 01:39:22 2018	(r339903)
@@ -43,7 +43,7 @@ dd if=/dev/urandom bs=1k count=1 2>/dev/null |
 echo >> "${PRIVDIR}/key-${ID}"
 
 # Create an encrypted tarball
-openssl enc -aes-256-cbc -pass "file:${PRIVDIR}/key-${ID}"	\
+openssl enc -aes-256-cbc -pass "file:${PRIVDIR}/key-${ID}" -md md5	\
     < "${PRIVDIR}/dec-${ID}" > "${PRIVDIR}/tar-${ID}"
 
 # Add line to flist

Modified: user/cperciva/freebsd-update-mirror/umirror.sh
==============================================================================
--- user/cperciva/freebsd-update-mirror/umirror.sh	Tue Oct 30 00:47:40 2018	(r339902)
+++ user/cperciva/freebsd-update-mirror/umirror.sh	Tue Oct 30 01:39:22 2018	(r339903)
@@ -131,7 +131,7 @@ while read ID FHASH FDECHASH; do
 	# Attempt to decrypt the file
 	if ! [ -r "${PRIVDIR}/dec-${ID}" ]; then
 		if ! openssl enc -aes-256-cbc -d		\
-		-pass "file:${PRIVDIR}/key-${ID}"		\
+		-pass "file:${PRIVDIR}/key-${ID}" -md md5	\
 		    < "${PRIVDIR}/tar-${ID}" > "${PRIVDIR}/dec-${ID}"; then
 			echo "Decrypting tar-${ID} failed"
 			exit 1

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810300139.w9U1dMnA084635>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact