Re: kernel.org status: hints on how to check your machine for intrusion

[Willy Tarreau]

On Sat, Oct 01, 2011 at 12:19:16PM -0500, Andy wrote:
> On Sat, Oct 01, 2011 at 06:56:59PM +0200, Willy Tarreau wrote:
> > Result: it's correct. With a bit of scripting, it's easy to match
> > tags signatures with tarballs'.
> 
> I must be doing something wrong. I only have the 2.6 git repo (so my tags
> don't drill down to 2.6.x.y just 2.6.x) but my experiement isn't giving
> the results I expected.
> 
> [Cloned repo]
> $ git archive --format=tar --prefix linux-2.6.39/ v2.6.39 | md5sum
> 482f8bd941def0548a95f34e2d290dfd  -

Indeed I have the same here.

> [Downloaded from kernel.org]
> $ bzcat linux-2.6.39.tar.bz2 | md5sum
> 833d224ee42ddc1e7c2d256368b5d7b3  -

An archive I found from this mirror indeed gave me the same md5 as
yours :

   http://mirror.anl.gov/pub/linux/kernel/v2.6/

OK, found! 2.6 kernels are archived with tar.umask = 022 while I
did not have this config option here. If I fix the umask, I get the
same md5 as in the tarball :

  $ git config tar.umask 022
  $ git archive --format tar --prefix linux-2.6.39/ v2.6.39 | md5sum

So I can redo all the md5 sigs now :-/

Willy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/