Closed jesterhodl closed 6 days ago
I'm happy to take a stab at fixing this if the sums are created by a script or code in any of the repos here.
So it looks @luke-jr added unix2dos in guix-attest in commit 78afc76a0c558cd4a835d697e289d6cfc6f7ec8f (guix: Use DOS newlines for SHA256SUMS files)
Indeed easy to back it out, but I see the objective was to get those CRLFs to make the .asc compliant with OpenPGP spec. Are we ok to revert this commit completely then?
See #29147 - this was an attempt to make a single-file fingerprints+signatures, and a complete failure :(
Seems the only way to do that is to have everyone --clearsign
. IMO worth it, but someone will have to put more effort into it.
For now, reverting is the only solution
Apparently stripping the final newline would fix this, but a new issue arose: if the signature is detached, it will only verify a pre-canonicalized (DOS-encoded and final newline stripped) file. Some sha256sum -c
tools seem to not like this (they treat the \r
as part of the filename and can't find it). GPG has a --textmode
option that seems to suggest it addresses this, but I can't seem to get it to work.
So IF we're okay with the combined file ONLY being clearsign format (which can then be UNIX newlines again), I can fix this PR. Or someone could spend more time to figure out why --textmode
doesn't work as expected.
The UX for downloading two verification files sucks IMO. I think we should just go for the clearsign option, even if it's exclusive.
Thoughts?
If you would be interested also in a totally new approach, here is my thought: I would suggest to use OpenBSD's signify(1). It can even verify the signature on-the-fly and fail the pipe if it is invalid.
Fixed in 26.1.knots20240513
Is there an existing issue for this?
Current behaviour
It appears that SHA256SUM contains CRLF line endings and sha256sum fails on that. See screenshot:
Expected behaviour
SHA256SUM should not contain CRLF so that sha256sum works as with v25
Steps to reproduce
See screenshot
Relevant log output
See screenshot
How did you obtain Bitcoin Knots
Pre-built binaries
What version of Bitcoin Knots are you using?
26.1.knots20240325
Operating system and version
Ubuntu 22.04.4 LTS
Machine specifications
sha256sum (GNU coreutils) 8.32