Re: [lmi] Bad md5sum.exe link

[Greg Chicares]

On 2019-04-29 23:02, Vadim Zeitlin wrote:
> On Mon, 29 Apr 2019 22:39:00 +0000 Greg Chicares <address@hidden> wrote:
> 
> GC> For the long term, we should either build it ourselves (perhaps as
> GC> part of lmi, since we already have part of it in git), or use a
> GC> different technology, because md5sum is so 1990s.
> 
>  Yes, but we'd have a similar problem with sha${SOME_BIG_NUMBER}sum too.

Okay, let's reconsider the reason for using it for system validation.
Each release includes a full set of product files embodying all rates
and parameters for proprietary products, binary rate_table databases,
and (compressed) MST files. We validate all those files to ensure
system integrity. The concern is not that the files have accidentally
been corrupted, but that they've been deliberately altered. That's
what we're guarding against.

And we aren't guarding against sophisticated attacks--after all, our
secret methods are documented online. We're just making improper
modifications difficult enough to defeat casual malpractice. We don't
even need md5sum for that--CRCs would work just as well, although I'd
want something stronger than ROT13.

If we can wrap our existing MD5 or CRC32 code and build a standalone
msw binary, that'd be plenty good enough.

> GC> In the short term, it's not an obstacle for us, so I'll just flag
> GC> it for eventual action.
> 
>  Sure. Out of curiosity, are we still using Savannah tracker for things
> like this or is there something else?

That thing's too heavy and balky, so I use '~/notes' for this purpose.
It would probably be better to add a flat-text file somewhere in the
public repository for this purpose. Of course, you can maintain your
own in the vz/ subdirectory if you like.

> GC> I think it's used also at run time (for end users who don't know
> GC> the Black Speech incantation), and we definitely have a unit test
> GC> or two that use it (though perhaps in a context where any program
> GC> at all would do, and we chose this one only because it seemed handy).
> 
>  For the unit tests, Cygwin md5sum.exe would do just as well, but I've

Except that, when cross compiling, an msw binary is needed, because
system_command() calls wine's CreateProcess(). And I don't think
it's necessarily trivial to substitute cygwin's binary for end users
or for cross builds, because it would require the cygwin dll.

> indeed forgotten about system_command("md5sum --check") in
> authenticity.cpp. In the medium term it might be better to replace this
> with a built-in version, it would mean one dependency less and would also
> speed up the program startup a little.

Sure. I don't recall whether there was some special advantage to using
an external program for this, but it would seem that inserting calls to
lmi's own (adopted from the GNU project) MD5 implementation, at the same
place as that system_command() call, would be an equivalent obstacle to
mischief.