svn commit: r339903 - user/cperciva/freebsd-update-mirror
Colin Percival
cperciva at FreeBSD.org
Tue Oct 30 01:39:23 UTC 2018
Author: cperciva
Date: Tue Oct 30 01:39:22 2018
New Revision: 339903
URL: https://svnweb.freebsd.org/changeset/base/339903
Log:
Unbreak FreeBSD Update mirroring code for OpenSSL 1.1
The default key derivation algorithm for "openssl enc" changed. Force
it back to the pre-1.1 default to regain backwards compatibility; we
use strong keys so this is safe.
Modified:
user/cperciva/freebsd-update-mirror/umirror-package.sh
user/cperciva/freebsd-update-mirror/umirror.sh
Modified: user/cperciva/freebsd-update-mirror/umirror-package.sh
==============================================================================
--- user/cperciva/freebsd-update-mirror/umirror-package.sh Tue Oct 30 00:47:40 2018 (r339902)
+++ user/cperciva/freebsd-update-mirror/umirror-package.sh Tue Oct 30 01:39:22 2018 (r339903)
@@ -43,7 +43,7 @@ dd if=/dev/urandom bs=1k count=1 2>/dev/null |
echo >> "${PRIVDIR}/key-${ID}"
# Create an encrypted tarball
-openssl enc -aes-256-cbc -pass "file:${PRIVDIR}/key-${ID}" \
+openssl enc -aes-256-cbc -pass "file:${PRIVDIR}/key-${ID}" -md md5 \
< "${PRIVDIR}/dec-${ID}" > "${PRIVDIR}/tar-${ID}"
# Add line to flist
Modified: user/cperciva/freebsd-update-mirror/umirror.sh
==============================================================================
--- user/cperciva/freebsd-update-mirror/umirror.sh Tue Oct 30 00:47:40 2018 (r339902)
+++ user/cperciva/freebsd-update-mirror/umirror.sh Tue Oct 30 01:39:22 2018 (r339903)
@@ -131,7 +131,7 @@ while read ID FHASH FDECHASH; do
# Attempt to decrypt the file
if ! [ -r "${PRIVDIR}/dec-${ID}" ]; then
if ! openssl enc -aes-256-cbc -d \
- -pass "file:${PRIVDIR}/key-${ID}" \
+ -pass "file:${PRIVDIR}/key-${ID}" -md md5 \
< "${PRIVDIR}/tar-${ID}" > "${PRIVDIR}/dec-${ID}"; then
echo "Decrypting tar-${ID} failed"
exit 1
More information about the svn-src-user
mailing list