suspicious ntpleapfetch checksum error

Steven Dodd ntpsec at gant-dodd.uk
Wed May 6 10:18:12 UTC 2020 

Hi Martin,


On 05/05/2020 20:14, Martin Boissonneault via users wrote:
> Hi!
> 
> It's time for a new leap-second update (no new leap second), and I get this error in my cron job (reproduced here out of CRON):
> 
>> root at rPi:~#  CRONJOB=1 /usr/local/bin/ntpleapfetch -e "60 days"
>> /usr/local/bin/ntpleapfetch: 1: printf: a1c168ae: expected numeric value
>> <27>May  5 14:57:05 ntpleapfetch[19554]: Checksum of /tmp/leap-seconds.19554.tmp is invalid:
>> <27>May  5 14:57:05 ntpleapfetch[19554]: EXPECTED: 0000000027c79a7d9dddcfc3bcfe616b2e2c44ea
>> <27>May  5 14:57:05 ntpleapfetch[19554]: COMPUTED: a1c168ae27c79a7d9dddcfc3bcfe616b2e2c44ea
>> <28>May  5 14:57:05 ntpleapfetch[19554]: Downloaded file /tmp/leap-seconds.19554.tmp rejected -- saved for diagnosis
>> --2020-05-05 14:57:04--  https://www.ietf.org/timezones/data/leap-seconds.list
>> Resolving www.ietf.org (www.ietf.org)... 104.20.0.85, 104.20.1.85, 2606:4700:10::6814:155, ...
>> Connecting to www.ietf.org (www.ietf.org)|104.20.0.85|:443... connected.
>> HTTP request sent, awaiting response... 200 OK
>> Length: unspecified [text/plain]
>> Saving to: ‘/tmp/leap-seconds.19554.tmp’
>>       0K ..........                                             2.70M=0.004s
>> 2020-05-05 14:57:05 (2.70 MB/s) - ‘/tmp/leap-seconds.19554.tmp’ saved [10665]
>>

I get the same (even with the script from master).

This line in the ntpleapfetch script:

local FSHA1="`grep '^#h' $1 | tr -d '[:cntrl:]' | sed -e's/^#h//' -e's/ / 0x/g'`"

Doesn't prepend the first segment of the provided hash with 0x hence the error:


> The odd part is the //usr/local/bin/ntpleapfetch: 1: printf: a1c168ae: expected numeric value/ part, and the /a1c168ae/ part is the part later shown as zeroes in the expected checksum part. The checksum, with that part substituted, is what is computed.
> 
> Any idea? I'm using NTPsec 1.1.8 compiled from the release tarball on the current Raspbian Buster for the Raspberry Pi 3B+.
> 

Putting:

local FSHA1="`grep '^#h' $1 | tr -d '[:cntrl:]' | sed -e's/^#h/0x/' -e's/ / 0x/g'`"

(so substituting the #h with 0x instead of just removing it) fixes it for me.

This may or may not be the right answer.

I opened a gitlab issue with this information.

-Steve.

More information about the users mailing list