« Return to Thread: OpenSSL 1.0.1b released
Re: OpenSSL 1.0.1b released, invalid tar file!
by Jakob Bohm-7
::
Rate this Message:
On 4/27/2012 9:43 AM, Dr. David Kirkby wrote:
> On 04/27/12 02:29 AM, Dr. Stephen Henson wrote:
>
>> Hmm never seen any error messages myself, using GNU tar 1.25.
>>
>> The distribution tarballs are always created by doing:
>>
>> make -f Makefile.org dist
>>
>> from any source tree. As you can see from the files this makes use of
>> "tar"
>> and "tardy". The tar version I used was GNU tar 1.25 and tardy version
>> 1.20.D001. If someone can sugest alternative versions or options that
>> will
>> avoid this in future I'll incorporate them into the distrubution.
>>
>> Steve.
>
> I know GNU tar sometimes produces archives the Sun version of tar
> can't open.
>Yes, but that difference is about variations deeper inside
the format, not the end-of-file record which is the same for
all the tar variants implemented by GNU tar.
> The GNU tar documentation
>
> http://www.gnu.org/software/tar/manual/tar.html#SEC130
>
> makes for interesting reading. Note this bit.
>
> "The default format for GNU tar is defined at compilation time. You
> may check it by running tar --help, and examining the last lines of
> its output. Usually, GNU tar is configured to create archives in ‘gnu’
> format, however, future version will switch to ‘posix’."All the forms that GNU tar supports as output have the
terminating all 0 2x512 bytes.
>
> See also
>
> http://www.gnu.org/software/tar/manual/html_section/Portability.html
>
> I also know that Joerg Schilling
>
> http://en.wikipedia.org/wiki/J%C3%B6rg_Schilling
>
> the author of cdrecord and mkisofs has been very critical of GNU tar.
> See for
>
> ftp://ftp.berlios.de/pub/star/README.otherbugs
>
> He has developed "star"
>
> http://developer.berlios.de/projects/star
>
> which he has said produces POSIX compliant tar files.
>Mr. Schilling can be quite a difficult man to work
with and sometimes perpetuates old information beyond
its relevancy.
That said, his list of GNU tar bugs does seem to
include one that is halfway the bug in tardy modified
GNU tar output we are looking at. (Mr. Schilling
reports that an unidentified old version of GNU tar
sometimes only outputs 1x512 bytes of zeroes).
>
> So if someone is running a non Linux system, it does not surprise me
> the GNU tar is not working for them.
>
> Given the POSIX standard has been out over a decade, perhaps you using
> the option for posix, which GNU apparently intends using one day,
> might help.
>
> But this topic does seem a bit of a can of worms.
>Note that the hard test for good tar archives that I
have been using is not to run it through some "known
to complain" tar unpacker and look for the error
message, but to simply run the following pipe
zcat openssl-1.0.1b.tar.gz | tail -c 10752 | od -A x -t x1z
A valid tar file should show that this includes a
0x200 aligned sequence of at least 0x400 all 0 bytes
followed by arbitrary junk (preferable any bytes after
those 0x400 bytes are 0 too, but this is not mandatory).
The openssl-1.0.1b.tar.gz had NONE of the required 0 bytes.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@...
Automated List Manager majordomo@...
> On 04/27/12 02:29 AM, Dr. Stephen Henson wrote:
>
>> Hmm never seen any error messages myself, using GNU tar 1.25.
>>
>> The distribution tarballs are always created by doing:
>>
>> make -f Makefile.org dist
>>
>> from any source tree. As you can see from the files this makes use of
>> "tar"
>> and "tardy". The tar version I used was GNU tar 1.25 and tardy version
>> 1.20.D001. If someone can sugest alternative versions or options that
>> will
>> avoid this in future I'll incorporate them into the distrubution.
>>
>> Steve.
>
> I know GNU tar sometimes produces archives the Sun version of tar
> can't open.
>
the format, not the end-of-file record which is the same for
all the tar variants implemented by GNU tar.
> The GNU tar documentation
>
> http://www.gnu.org/software/tar/manual/tar.html#SEC130
>
> makes for interesting reading. Note this bit.
>
> "The default format for GNU tar is defined at compilation time. You
> may check it by running tar --help, and examining the last lines of
> its output. Usually, GNU tar is configured to create archives in ‘gnu’
> format, however, future version will switch to ‘posix’."
terminating all 0 2x512 bytes.
>
> See also
>
> http://www.gnu.org/software/tar/manual/html_section/Portability.html
>
> I also know that Joerg Schilling
>
> http://en.wikipedia.org/wiki/J%C3%B6rg_Schilling
>
> the author of cdrecord and mkisofs has been very critical of GNU tar.
> See for
>
> ftp://ftp.berlios.de/pub/star/README.otherbugs
>
> He has developed "star"
>
> http://developer.berlios.de/projects/star
>
> which he has said produces POSIX compliant tar files.
>
with and sometimes perpetuates old information beyond
its relevancy.
That said, his list of GNU tar bugs does seem to
include one that is halfway the bug in tardy modified
GNU tar output we are looking at. (Mr. Schilling
reports that an unidentified old version of GNU tar
sometimes only outputs 1x512 bytes of zeroes).
>
> So if someone is running a non Linux system, it does not surprise me
> the GNU tar is not working for them.
>
> Given the POSIX standard has been out over a decade, perhaps you using
> the option for posix, which GNU apparently intends using one day,
> might help.
>
> But this topic does seem a bit of a can of worms.
>
have been using is not to run it through some "known
to complain" tar unpacker and look for the error
message, but to simply run the following pipe
zcat openssl-1.0.1b.tar.gz | tail -c 10752 | od -A x -t x1z
A valid tar file should show that this includes a
0x200 aligned sequence of at least 0x400 all 0 bytes
followed by arbitrary junk (preferable any bytes after
those 0x400 bytes are 0 too, but this is not mandatory).
The openssl-1.0.1b.tar.gz had NONE of the required 0 bytes.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@...
Automated List Manager majordomo@...
« Return to Thread: OpenSSL 1.0.1b released
| Free embeddable forum powered by Nabble | Forum Help |
