Jim Meyering wrote:
> > I think we should encourage people to use 'cksum' rather than
> > 'sha256sum' since the latter is a bad pattern that leads to an explosion
> > of tools when new hash algorithms are introduced.
>
> I too prefer the shorter checksums and would like to encourage the use
> of the more compact representation by making that the default. Not
> just to keep line lengths under 80 columns, but just generally to
> minimize the noise of checksums in announcements.
OK, clearly there are different preferences. So, let me restore the
previous behaviour through a command-line option: --cksum-checksums.
Here's why I believe that hex as the default is the better choice:
1) When end users are responsible for adopting a secure behaviour,
you need to make it easy for them, otherwise they will just skip the
secure behaviour.
Examples:
- PGP and S/MIME are accepted by users when integrated into the
mail client, without need for configuration; otherwise not.
- When downloading an ISO 9660 image, if you need to explain them
how to verify the integrity of the download in a lengthy way,
most users will just not do it.
- Online banking with a separate TAN device is more secure than
by using a smartphone. But that TAN device is not the default
and costs extra money.
In this case, "easy" means also "easy to remember". Doing
$ sha256<TAB>
command completion is the easiest one. 'cksum' with two options
is not.
2) Look what commands are available on various OSes:
GNU, Cygwin (coreutils) sha256sum FILE, cksum -a sha256 FILE
Alpine Linux (BusyBox) sha256sum FILE (cksum does only CRC32)
macOS shasum -a 256 FILE (cksum does only CRC32)
FreeBSD sha256sum FILE, sha256 FILE (cksum does only CRC32)
NetBSD sha256 FILE, cksum -a sha256 FILE
OpenBSD sha256 FILE, cksum -a sha256 FILE
AIX 7 shasum -a 256 FILE (cksum does only CRC32)
Solaris 11 sha256sum FILE (cksum does only CRC32)
Native Windows CertUtil -hashfile FILE SHA256
Also: openssl dgst -sha256 FILE
Obviously, sha256<TAB> works best on all OSes, except native Windows.
On five of the platforms, cksum does only CRC32; thus, users would not
only have to remember the 'cksum' command with options, to use with GNU
coreutils, but also to remember that it does not work everywhere.
3) Your arguments, Simon and Jim, refer to the future: "when new hash
algorithms are introduced".
When will that be? When do you expect that SHA256 sums will be
insufficient? In 5 years or 10 years, maybe?
Then, what is the point of letting users to complex things _now_
and in the next 5 or 10 years — and thus, as explained above, have
many users skip the procedure entirely —, when this is not needed yet?
It's like saying "the gunzip program is redundant, we would prefer
everyone to learn to use 'gzip -d' instead". Or "the fgrep program
is redundant. we would prefer everyone to use 'grep -F' instead";
such a move has shown to not sit well with users.
4) > encourage the use
> of the more compact representation by making that the default
Before doing that, I claim, we would need that more compact
representation available across OSes (see point 2 above) *first*.
Then it would make sense to make it the default.
5) > Not just to keep line lengths under 80 columns
The hex representation first under 80 columns. So, this is a strawman
argument.
Also, if you want to prepare for better algorithms in 5 or 10 years,
then wouldn't it be SHA512? But an SHA512 sum needs 2 80-columns
lines anyway (128 characters in one case, 88 characters in the other
case). So, you effectively win nothing from the base64 output.
Bruno
>From 146d5f8c83255ceab590facb5520c03b7ba07f24 Mon Sep 17 00:00:00 2001
From: Bruno Haible <br...@clisp.org>
Date: Mon, 2 Dec 2024 21:27:56 +0100
Subject: [PATCH] announce-gen: Add option --cksum-checksums.
* build-aux/announce-gen: Accept option --cksum-checksums.
(usage): Document option --cksum-checksums.
(print_checksums): Add prefer_cksum parameter.
---
ChangeLog | 7 +++++++
build-aux/announce-gen | 35 ++++++++++++++++++++++++++---------
2 files changed, 33 insertions(+), 9 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 6d6fc99169..4f68d635bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2024-12-02 Bruno Haible <br...@clisp.org>
+
+ announce-gen: Add option --cksum-checksums.
+ * build-aux/announce-gen: Accept option --cksum-checksums.
+ (usage): Document option --cksum-checksums.
+ (print_checksums): Add prefer_cksum parameter.
+
2024-12-01 Bruno Haible <br...@clisp.org>
announce-gen: Show an SHA256 sum that can be verified more easily.
diff --git a/build-aux/announce-gen b/build-aux/announce-gen
index 0ec065a437..318eeb19e4 100755
--- a/build-aux/announce-gen
+++ b/build-aux/announce-gen
@@ -35,7 +35,7 @@
eval 'exec perl -wSx "$0" "$@"'
if 0;
-my $VERSION = '2024-07-17 02:16'; # UTC
+my $VERSION = '2024-12-02 20:10'; # UTC
# The definition above must lie within the first 8 lines in order
# for the Emacs time-stamp write hook (at end) to update it.
# If you change this file with Emacs, please let the write hook
@@ -95,6 +95,8 @@ The following are optional:
--gpg-keyring-url=URL URL pointing to keyring containing the key used
to sign the tarballs
--no-print-checksums do not emit SHA1 or SHA256 checksums
+ --cksum-checksums emit SHA256 checksums in a form that requires
+ cksum from coreutils or OpenBSD
--archive-suffix=SUF add SUF to the list of archive suffixes
--mail-headers=HEADERS a space-separated list of mail headers, e.g.,
To: x\@example.com Cc: y-announce\@example.com,...
@@ -180,21 +182,34 @@ sub digest_file_base64_wrap ($$)
return $h . '=' x $pad{$alg};
}
-sub print_checksums (@)
+sub print_checksums ($@)
{
- my (@file) = @_;
+ my ($prefer_cksum, @file) = @_;
print "Here are the SHA1 and SHA256 checksums:\n";
print "\n";
use Digest::file qw(digest_file_hex digest_file_base64);
- foreach my $f (@file)
+ if ($prefer_cksum)
+ {
+ foreach my $f (@file)
+ {
+ print ' ', digest_file_hex ($f, "SHA-1"), " $f\n";
+ print ' ', digest_file_base64_wrap ($f, "SHA-256"), " $f\n";
+ }
+ print "\nVerify the base64 SHA256 checksum with cksum -a sha256 --check\n";
+ print "from coreutils-9.2 or OpenBSD's cksum since 2007.\n\n";
+ }
+ else
{
- print " File: $f\n";
- print ' SHA1 sum: ', digest_file_hex ($f, "SHA-1"), "\n";
- print ' SHA256 sum: ', digest_file_hex ($f, "SHA-256"), "\n";
- print "\n";
+ foreach my $f (@file)
+ {
+ print " File: $f\n";
+ print ' SHA1 sum: ', digest_file_hex ($f, "SHA-1"), "\n";
+ print ' SHA256 sum: ', digest_file_hex ($f, "SHA-256"), "\n";
+ print "\n";
+ }
}
}
@@ -428,6 +443,7 @@ sub readable_interval($)
my $bootstrap_tools;
my $gnulib_version;
my $print_checksums_p = 1;
+ my $cksum_checksums_p;
my $gpg_key_email;
my $gpg_keyring_url;
@@ -456,6 +472,7 @@ sub readable_interval($)
'bootstrap-tools=s' => \$bootstrap_tools,
'gnulib-version=s' => \$gnulib_version,
'print-checksums!' => \$print_checksums_p,
+ 'cksum-checksums' => \$cksum_checksums_p,
'archive-suffix=s' => \@archive_suffixes,
help => sub { usage 0 },
@@ -621,7 +638,7 @@ EOF
}
$print_checksums_p
- and print_checksums (@sizable);
+ and print_checksums ($cksum_checksums_p, @sizable);
print <<EOF;
Use a .sig file to verify that the corresponding file (without the
--
2.34.1
