Shasum - 检查可以为多种算法说可以吗？

发布于 2025-02-02 11:11:03 字数 682 浏览 5 评论 0原文

我想拥有一个简单的一行命令来检查我下载的软件与校验和匹配。我发现此命令：

echo "68001338a60fca58e60e3f8dcff122954443afa984a0d766eea9c3b9b9b151d3783e7fd5e3fd8794c5839d7dc8d457e62057b009fc27d76b97d957903ef8641a  clonezilla-live-3.0.0-26-amd64.zip" | shasum --check -a 512

这会产生确定的结果。但是，如果我将算法更改为256，也可以说还可以。这是为什么？我正在使用 clonezilla chreacksums 显然不是256个校验和与512相同。但仍然说还可以。如果我手动更改命令中的校验和会失败，因此似乎应该有效。 Shasum是否在幕后做一些魔术来选择正确的算法，即使我指定了另一种算法？

原文

I wanted to have an easy one line command to check software I downloaded matches the checksum. I found this command here:

echo "68001338a60fca58e60e3f8dcff122954443afa984a0d766eea9c3b9b9b151d3783e7fd5e3fd8794c5839d7dc8d457e62057b009fc27d76b97d957903ef8641a  clonezilla-live-3.0.0-26-amd64.zip" | shasum --check -a 512

This produces an OK result. But if I change the algorithm to 256, it also says ok. Why is that? I was using the clonezilla checksums provided, and the 256 checksum is clearly not the same as 512. But it still says OK. If I manually change the checksum in the command it will fail, so it seems like it should be working. Does shasum do some magic behind the scenes to pick the right algorithm even though I specified a different one?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

始终不够 2025-02-09 11:11:03

是的。实际上是一个perl脚本，因此您可以轻松地看到自己。在sub verify设置后，对于每行之后，它以此开头：

                if (/^[ \t]*\\?SHA/) {
                        $modesym = '*';
                        ($bslash, $alg, $fname, $sum) =
                        /^[ \t]*(\\?)SHA(\S+) \((.+)\) = ([\da-fA-F]+)/;
                        $alg =~ tr{/}{}d if defined $alg;
                }
                else {
                        ($bslash, $sum, $modesym, $fname) =
                        /^[ \t]*(\\?)([\da-fA-F]+)[ \t]([ *^U])(.+)/;
                        $alg = defined $sum ? $len2alg{length($sum)} : undef;
                }

如果您不知道Perl，可变名称通常以$开头，但在某些情况下<代码>@或％和/.../包含一个REGEXP如果当前的数据项（此处来自校验和文件的行）匹配，当在分配中使用时，例如（$ a，$ b，$ c，$ c，$ d） Parses说数据项，并返回了通过未倾斜的括号在Regexp中标记的“捕获组”，以分配到相应的变量。

第一个分支处理BSD cksum/md5/sha1/etc使用的格式，该格式说明了算法名称，然后在括号中（在regexp中，后面刷新的括号是数据字符），是数据字符），一个间隔相等的符号，一个相等的符号和hash值。第二个分支处理GNU格式，这是您的情况，它使用地图* len2alg根据值的长度来确定哈希算法，该算法定义为：

my %len2alg = (40 => 1, 56 => 224, 64 => 256, 96 => 384, 128 => 512);
$len2alg{56} = 512224 if $alg == 512224;
$len2alg{64} = 512256 if $alg == 512256;

IE确定算法从长度上确定算法在哈希值中，除了与SHA-224和SHA-256相对应的长度与SHA-512/224和SHA-512/256“共享”，因此它默认为前者，对于后者，您必须使用> -a，该>> $ alg 。在人页面上注明了这一点：（

 When verifying SHA-512/224 or SHA-512/256 checksums, indicate the
 algorithm explicitly using the -a option, e.g.

   shasum -a 512224 -c checksumfile

尽管没有说这仅是GNU格式所需的，而不是BSD格式需要的），除了您don'的那两个，它暗示着验证哈希 other t需要-a。

*实际上，perl通常调用@x =（1,2,3）一个数组和％y =（1 =＆gt; 9，2 =＆gt; 8，3 =＆gt; 7） a hash，但是我们在这里使用了哈希的另一个含义，我想避免增加混乱。

YES. It's actually a perl script, so you can easily see for yourself. In sub verify, after some setup, for each line it starts by doing:

                if (/^[ \t]*\\?SHA/) {
                        $modesym = '*';
                        ($bslash, $alg, $fname, $sum) =
                        /^[ \t]*(\\?)SHA(\S+) \((.+)\) = ([\da-fA-F]+)/;
                        $alg =~ tr{/}{}d if defined $alg;
                }
                else {
                        ($bslash, $sum, $modesym, $fname) =
                        /^[ \t]*(\\?)([\da-fA-F]+)[ \t]([ *^U])(.+)/;
                        $alg = defined $sum ? $len2alg{length($sum)} : undef;
                }

In case you don't know perl, variable names usually begin with $ but in certain cases @ or %, and /.../ contains a regexp which when used in if( ) simply returns true if the current data item (here a line from the checksum file) matches, and when used in an assignment like ($a,$b,$c,$d) = /.../ it parses said data item and returns the 'capture groups' marked in the regexp by unbackslashed parentheses, for assignment to the respective variables.

The first branch handles the format used by BSD cksum/md5/sha1/etc which states the algorithm name, then the filename in parentheses (in a regexp, backslashed parentheses are data characters), a spaced equal sign, and the hash value. The second branch handles GNU format, which is your case, and it determines the hash algorithm based on the length of the value using the map* len2alg which was defined as:

my %len2alg = (40 => 1, 56 => 224, 64 => 256, 96 => 384, 128 => 512);
$len2alg{56} = 512224 if $alg == 512224;
$len2alg{64} = 512256 if $alg == 512256;

i.e. it determines the algorithm from the length of the hash value, except that the lengths corresponding to SHA-224 and SHA-256 are 'shared' with SHA-512/224 and SHA-512/256 so it defaults to the former and for the latter you must use -a which was processed earlier to set $alg. This is noted on the man page:

 When verifying SHA-512/224 or SHA-512/256 checksums, indicate the
 algorithm explicitly using the -a option, e.g.

   shasum -a 512224 -c checksumfile

(although it doesn't say this is only needed for GNU format, not BSD format) which by exceptio probat implies that to verify hashes other than those two you don't need -a.

* Actually perl usually calls @x = (1,2,3) an array and %y = (1=>9, 2=>8, 3=>7) a hash, but we're using the other meaning of hash here and I wanted to avoid adding to the confusion.

回复收藏 0 原文

~没有更多了~