Gordan Bobic wrote: > Andy Green wrote: >> On 01/07/11 10:40, Somebody in the thread at some point said: >>> It would appear that sha512sum is broken, at least in the F12 distro >>> (coreutils-7.6-5.fc12.fa1.armv5tel). It is producing a different hash >>> for the same file compared to what my x86 machines produce. This is >>> quite worrying and a potentially dangerous crypto-security issue. >>> >>> The only thing that comes to mind as a potential cause (other than a >>> bug) is that I am using gcc/libgcc from F13 with F12 coreutils. I just >>> updated coreutils to the F13 package (coreutils-8.4-5.fc13.armv5tel), >>> and that produces the correct hashes. >>> >>> Can anybody with a clean F12 vanilla copy check if they can reproduce >>> the problem? >> No problem here. >> >> ARM: coreutils-7.6-5.fc12.fa1.armv5tel >> >> [root@ivmon ~]# dd if=/dev/zero of=/tmp/z bs=512 count=10 >> 10+0 records in >> 10+0 records out >> 5120 bytes (5.1 kB) copied, 0.000959 s, 5.3 MB/s >> [root@ivmon ~]# sha512sum /tmp/z >> 1f1e6f098e99bb0ab52c3142f0fb545b00470d267823d44fd609fdaae1a6f45fb437de931fa16bbb4a702c0cba7abb9954b737ff4edb30f16ae39a2c67ee6bb7 >> /tmp/z >> [root@ivmon ~]# >> >> >> x86_64: coreutils-8.8-2.fc15.x86_64 >> >> [agreen@otae Downloads]$ dd if=/dev/zero of=/tmp/z bs=512 count=10 >> 10+0 records in >> 10+0 records out >> 5120 bytes (5.1 kB) copied, 7.6686e-05 s, 66.8 MB/s >> [agreen@otae Downloads]$ sha512sum /tmp/z >> 1f1e6f098e99bb0ab52c3142f0fb545b00470d267823d44fd609fdaae1a6f45fb437de931fa16bbb4a702c0cba7abb9954b737ff4edb30f16ae39a2c67ee6bb7 >> /tmp/z >> [agreen@otae Downloads]$ >> >> Check with ldd what it is linking to. > > Thanks for that. I'll check as soon as I get my vserver chroots going. > I'll put a clean F12 from the backup I took in there and see what it > does. Hopefully it's just a libgcc mismatch issue - which would be > worrying, but it'd only arise in a franken-distro half way between F12 > and F13 (which is, sadly, all I have handy at the moment). OK, this is deeply weird. My F12 rootfs in a chroot is again showing the broken behaviour: [root@sheeva /]# sha512sum /vservers/f12/test-file 9d5f70ef2b126ada3750027b5cd8d2a97c96c66d334385ffea5ae1e7cfd596e1e5ac6930f47b95c5b5b916a3709ba1e1ed3be5e0e47d0327f873ea84bedab2fa /vservers/f12/test-file [root@sheeva /]# vserver f12 enter [root@f12 /]# sha512sum /test-file 3e6984afdbbdc6012df975d70ddbde5166dd216271387a89c4970d6927b461adeb5815453bd994a24566cb9bd04910f62850e1b9f922d7ec4d28b7ef0629e61b /test-file It's the same file, but the computed hash is different. That indicates that it's not a mismatched libgcc linking issue (*phew*). On the broken machine: [root@f12 /]# rpm -qa | grep -i coreutils coreutils-libs-7.6-5.fc12.fa1.armv5tel coreutils-7.6-5.fc12.fa1.armv5tel [root@f12 /]# ldd /usr/bin/sha512sum libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x40241000) libc.so.6 => /lib/libc.so.6 (0x40254000) /lib/ld-linux.so.3 (0x40092000) On the working machine: [root@sheeva /]# rpm -qa | grep coreutils coreutils-8.4-5.fc13.armv5tel coreutils-libs-8.4-5.fc13.armv5tel [root@sheeva /]# ldd /usr/bin/sha512sum libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x401c2000) libc.so.6 => /lib/libc.so.6 (0x401d5000) /lib/ld-linux.so.3 (0x4008d000) So the linking seems to be the same. The only packages that are different between the two are the gcc stuff updated to f13 (which didn't cause the problem in the first place) and the coreutils. The fc13 coreutils package fixed it. Have you god an md5sum of the sha512 binary? Mine is: [root@sheeva ~]# md5sum /vservers/f12/usr/bin/sha512sum 7667ac4b53249e53533860518e916719 /vservers/f12/usr/bin/sha512sum It's the only thing I can think of right now, since your coreutils version is exactly the same as mine, and mine is verifiably and consistently producing wrong hashes. Gordan _______________________________________________ arm mailing list arm@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/arm
