[Pkg-openssl-devel] Bug#766214: c_rehash - stable hash symlink output needed

Vaclav Ovsik vaclav.ovsik at gmail.com
Tue Oct 21 15:03:30 UTC 2014 

Package: openssl
Version: 1.0.1j-1
Severity: wishlist
File: /usr/bin/c_rehash
Tags: patch upstream

Dear Maintainer,
an output of the utility c_rehash depends on the order the readdir
function returns filenames. The order can vary depending on dir-entry
order in the file-system. The different order can be annoying in the case of
version control of CA store (/etc/ssl/certs) or in the case of syncing nodes of
cluster.
The fix is very simple:

--- c_rehash~	2014-10-15 19:48:04.000000000 +0200
+++ c_rehash	2014-10-21 16:43:11.134909249 +0200
@@ -67,7 +67,7 @@
 	print "Doing $_[0]\n";
 	chdir $_[0];
 	opendir(DIR, ".");
-	my @flist = readdir(DIR);
+	my @flist = sort readdir(DIR);
 	# Delete any existing symbolic links
 	foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
 		if(-l $_) {

The sorting the file-list ensure deterministic output of c_rehash.
I had very similar problem with update-ca-certificates solved
in the #727136. Today I discovered this problem with symlinks because of
Wheezy 7.7 upgrade with new CA certs 
    StartCom_Certification_Authority.pem,
    StartCom_Certification_Authority_2.pem,
    ...
Thanks for your time!
Best Regards
-- 
Zito

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssl depends on:
ii  libc6        2.19-11
ii  libssl1.0.0  1.0.1j-1

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20141019

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/bin/c_rehash (from openssl package)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: c_rehash.diff
Type: text/x-diff
Size: 345 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20141021/e4a61d09/attachment.diff>

More information about the Pkg-openssl-devel mailing list