[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#15604: sha256sum (and others of the *sum family) lacks important opt
From: |
Pádraig Brady |
Subject: |
bug#15604: sha256sum (and others of the *sum family) lacks important option |
Date: |
Mon, 14 Oct 2013 15:28:36 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 10/13/2013 11:31 AM, Hadmut Danisch wrote:
> Hi,
>
> the hashsum check files like sha256sum would be quite usefull (and
> improve security), if they could easily be used within shellscripts to
> verify downloads. E.g. Ubuntu provides signed hash files like
>
> http://releases.ubuntu.com/precise/SHA256SUMS
> http://releases.ubuntu.com/precise/SHA256SUMS.gpg
>
>
> But one rarely downloads all files, only the needed ones.
>
> Unfortunately, sha256sum prints warnings and exits with exit status 1
> when files are missing, even when the present files are correct. This
> makes checking the files more difficult in shellscripts and might keep
> most script authors from checking downloads.
>
> It would be significantly more usefull and thus more secure if the *sum
> commands had an additional option to not report missing files as an
> error and to verify just the present files.
This was requested previously:
http://lists.gnu.org/archive/html/coreutils/2010-12/msg00032.html
The option presented there might work for you? i.e.
md5sum -c file.sum 2>/dev/null | grep FAILED$
Another disadvantage to the workaround than stated in the original thread,
is that various other md5sum errors might not be diagnosed
(like missing file.sum for example).
So I'm not against a new option for this,
but it warrants discussion.
thanks,
Pádraig.