From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1R9uDI-0008F2-RA for garchives@archives.gentoo.org; Sat, 01 Oct 2011 07:42:25 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A806721C0C5; Sat, 1 Oct 2011 07:41:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 8C8BA21C0AB for ; Sat, 1 Oct 2011 07:41:01 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 95DD21B4015 for ; Sat, 1 Oct 2011 07:41:00 +0000 (UTC) Received: (qmail 5102 invoked by uid 0); 1 Oct 2011 07:40:59 -0000 From: "Robin H. Johnson" To: gentoo-portage-dev@lists.gentoo.org Subject: [gentoo-portage-dev] [GLEP59v2 5/5] GLEP59: Change live Manifest2 hashes to SHA256, SHA512, WHIRLPOOL Date: Sat, 1 Oct 2011 07:40:55 +0000 Message-Id: <1317454855-2794-6-git-send-email-robbat2@gentoo.org> X-Mailer: git-send-email 1.7.7 In-Reply-To: <1317454855-2794-1-git-send-email-robbat2@gentoo.org> References: <1317454855-2794-1-git-send-email-robbat2@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@lists.gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org X-Archives-Salt: X-Archives-Hash: 911574e7cb615f67e4c21fc75c043f65 From: "Robin H. Johnson" Change Manifest2 hashes to a more secure set as approved in GLEP59. SHA512 and WHIRLPOOL are added, SHA1 and RMD160 are dropped. SHA256 is now the lowest security hash, and must remain in Manifest files for at least 1 year, otherwise older Portage installs will complain that they do not support any of the hashes in the Manifest files. Future events: After 2012/10/01: - Change MANIFEST2_REQUIRED_HASH to WHIRLPOOL. - Remove SHA256 from MANIFEST2_HASH_FUNCTIONS. After SHA-3 is approved: - Add new hashes to MANIFEST2_HASH_FUNCTIONS. Signed-off-by: Robin H. Johnson --- pym/portage/const.py | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pym/portage/const.py b/pym/portage/const.py index 8b5f4ac..a42ebe8 100644 --- a/pym/portage/const.py +++ b/pym/portage/const.py @@ -109,10 +109,12 @@ EAPI = 4 HASHING_BLOCKSIZE = 32768 MANIFEST1_HASH_FUNCTIONS = ("MD5", "SHA256", "RMD160") -MANIFEST2_HASH_FUNCTIONS = ("SHA1", "SHA256", "RMD160") +MANIFEST2_HASH_FUNCTIONS = ("SHA256", "SHA512", "WHIRLPOOL") +# FUTURE: Add SHA-3 when available; remove SHA256 after 2012/10/01 MANIFEST1_REQUIRED_HASH = "MD5" -MANIFEST2_REQUIRED_HASH = "SHA1" +MANIFEST2_REQUIRED_HASH = "SHA256" +# FUTURE: Change to WHIRLPOOL after 2012/10/01 MANIFEST2_IDENTIFIERS = ("AUX", "MISC", "DIST", "EBUILD") # =========================================================================== -- 1.7.7