From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RATIs-0006Ln-9W for garchives@archives.gentoo.org; Sun, 02 Oct 2011 21:10:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6D1E621C0BE; Sun, 2 Oct 2011 21:10:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 90CE821C084 for ; Sun, 2 Oct 2011 21:10:12 +0000 (UTC) Received: from [192.168.26.4] (ip98-164-193-252.oc.oc.cox.net [98.164.193.252]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: zmedico) by smtp.gentoo.org (Postfix) with ESMTPSA id F14431B4008 for ; Sun, 2 Oct 2011 21:10:11 +0000 (UTC) Message-ID: <4E88D331.8060700@gentoo.org> Date: Sun, 02 Oct 2011 14:10:09 -0700 From: Zac Medico User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:7.0.1) Gecko/20111001 Thunderbird/7.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@lists.gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-portage-dev@lists.gentoo.org Subject: Re: [gentoo-portage-dev] [GLEP59v2 5/5] GLEP59: Change live Manifest2 hashes to SHA256, SHA512, WHIRLPOOL References: <1317454855-2794-1-git-send-email-robbat2@gentoo.org> <1317454855-2794-6-git-send-email-robbat2@gentoo.org> <4E87EB2D.6070809@gentoo.org> <4E88CC0D.6080702@gentoo.org> In-Reply-To: X-Enigmail-Version: 1.4a1pre Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 0a5d38a7cd35df5ce4bebaf7bc2aca7d On 10/02/2011 01:54 PM, Robin H. Johnson wrote: > On Sun, Oct 02, 2011 at 01:39:41PM -0700, Zac Medico wrote: >> On 10/02/2011 05:46 AM, Robin H. Johnson wrote: >>> On Sat, Oct 01, 2011 at 09:40:13PM -0700, Zac Medico wrote: >>>> If we control these hashes via metadata/layout.conf, then we can toggle >>>> it atomically for all commiters. Otherwise, we'll have an annoying >>>> period of time where different committers are committing different sets >>>> of hashes, depending on their portage version. >>> How do you suggest doing it via layout.conf? I've kept SHA256 in both >>> sets for now, but if you could enforce new signatures including both >>> WHIRLPOOL and SHA256, that would be great. >> How about if we put something like this in >> gentoo-x86/metadata/layout.conf now: > Did you mean profiles/layout.conf? I just want to make sure no scripts > that pull from CVS and expect that dir to not exist don't break. No, it's metadata/layout.conf. I didn't choose the location. We actually inherited it from paludis about 1.5 years ago: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=f16aee82cefa95e9903fa46f448d30f6d4350f64 We're also using it to control thin-manifest support, among other things now: https://bugs.gentoo.org/show_bug.cgi?id=333691 >> manifest2-sha1 = true >> manifest2-whirlpool = false > Bikeshedding slightly, but can we figure something like a list or dict > instead? (Also gives us a chance to make the required hashes a list). > manifest2-hashes = ['SHA1', 'SHA256', 'RMD160'] Well, booleans are simpler. Also, note that I designed them to be removed from layout.conf eventually, which means that we will accumulate less bloat in layout.conf over time. >> Then we'll patch portage so that by default it will disable SHA1 and >> enable WHIRLPOOL, and the above settings will override the defaults. >> After the patched portage is marked stable in a month or so, we'll send >> an announcement to gentoo-announce, and remove the above settings from >> layout.conf. > Sounds good to me. Hopefully I'll have more of the MetaManifest > prototype code in the next few days to go live around the same time. I'll see if I can get a layout.conf patch done today. -- Thanks, Zac