[arm-allstar] Arch vulnerabilities
David McGough
kb4fxc at inttek.net
Fri May 1 06:22:25 EST 2015
Hi Fred,
It appears that still don't have the correct image. The stats are:
root at testserv/RPi2# shasum RPi2_V1.0_Allstar.zip
5498bea63d11de3edd10294d68256005653e8ff6 RPi2_V1.0_Allstar.zip
And the file size is: 540,626,394 bytes
Once unzipped, the binary flash image will be just smaller than 4GB in
size.
Typically, the zip container will provide a very high degree of file
integrity for guarding against download failures, since it internally
includes a checksum....What version of unzip are you using?
And, to answer your question about significant security issues, should one
occur, we'll release a patched downloadable image, and depending on
complexity, perhaps a tarball of replacement binares as well.
Sorry you're having problems,
73, David KB4FXC
On Fri, 1 May 2015, Fred Moore wrote:
> Hate to reply to myself.. but I should have included the shasum of the
> image I was using (downloaded)
>
> d1b4d6367d6b2cd7bcaf6ee613d6243da3e1ddd1
>
> Regards.. Fred
>
> On 5/1/15 3:38 AM, Fred Moore wrote:
> > Just curious how vulnerabilities are planned for... has a system (other
> > than) ABS/Packman been thought out or incorporated into this custom Arch
> > distribution.. if so is app-rpt going to be just a source package in
> > the future, how is this going to be handled.. I am wondering about
> > updates.. patches or ???
> >
> > For some reason when I dd the image to a 16G class 4 card it took almost
> > 2 hours.. I was monitoring the process with isotat, it appeared that
> > some block sequences were transmitted several times each second..
> > anyone else seeing this.. I ran this with two different files with the
> > same result.. ??? Both file's checksum agreed.
> >
> > BTW I tested with Rasbarian image and it finished in about 15 minutes
> > and didn't seem to be having any problem when monitored with iostat. I
> > did veryify the sha of all files I downloaded with each other...
> >
> > Doug if I may be so bold, would you mind publishing the sha checksum's
> > on the website, so we don't have to download several times and compare
> > to each other, and are able to verify a 100% correct download.. you
> > might also think about a code signature.. so we know code that is not
> > from you, but somehow will get out in the wild..
> >
> > Thanks for all the hard work... regards.. Fred
> >
> >
> >
> >
> > _______________________________________________
> >
> > arm-allstar mailing list
> > arm-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB web page - http://www.crompton.com/hamradio/BeagleBoneBlackAllstar/
>
>
More information about the arm-allstar
mailing list