Bug 231072

Summary: Mtree calculates checksum wrong when verifying a specification against a directory.
Product: Base System Reporter: Kimmo Paasiala <kpaasial>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Many People CC: cem, kevans, lwhsu, ygy, yklaxds
Priority: ---    
Version: 11.2-RELEASE   
Hardware: amd64   
OS: Any   
Description Flags
git(1) diff against base none

Description Kimmo Paasiala 2018-09-01 13:18:39 UTC
https://www.freebsd.org/doc/handbook/security-intro.html the mtree(8) example at section 13.2.6 Binary Verification is not working correctly. The output from the verification step is empty as expected but the checksum printed differs from the one calculated at the specification creation step.

# mtree -s 3483151339707503 -c -K cksum,sha256digest -p /bin > /root/.bin_chksum_mtree
mtree: /bin checksum: 1817933408

# mtree -s 3483151339707503 -p /bin < /root/.bin_chksum_mtree >> /root/.bin_chksum_output    
mtree: /bin checksum: 1510745247

# file .bin_chksum_output 
.bin_chksum_output: empty

The system I'm using is:

# uname -a
FreeBSD firewall 11.2-RELEASE-p2 FreeBSD 11.2-RELEASE-p2 #3 r338073: Mon Aug 20 16:44:39 EEST 2018     root@firewall:/usr/obj/usr/src/sys/GENERIC  amd64

Filesystems used are ZFS all around except tmpfs /tmp and /var/run.
Comment 1 ykla 2020-11-03 11:47:23 UTC
This issue still in FreeBSD 13.0-CURRENT.
root@generic:~ # uname -a
FreeBSD generic 13.0-CURRENT FreeBSD 13.0-CURRENT #0 b9403d7aae8-c254071(main): Thu Oct 29 10:38:29 UTC 2020     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/arm64.aarch64/sys/GENERIC  arm64
root@generic:~ # mtree -s 3483151339707503 -c -K cksum,sha256digest -p /bin > /root/.bin_chksum_mtree
mtree: /bin checksum: 1900574451
root@generic:~ #
root@generic:~ # mtree -s 3483151339707503 -p /bin < /root/.bin_chksum_mtree >> /root/.bin_chksum_output
mtree: /bin checksum: 113906091
Comment 2 Kyle Evans freebsd_committer 2020-12-26 21:45:27 UTC
Created attachment 220962 [details]
git(1) diff against base

This seems to improve the situation