From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RAT3R-00046m-EM for garchives@archives.gentoo.org; Sun, 02 Oct 2011 20:54:33 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7CC4921C107; Sun, 2 Oct 2011 20:54:24 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 233D021C0B8 for ; Sun, 2 Oct 2011 20:54:16 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 6ED471B4010 for ; Sun, 2 Oct 2011 20:54:15 +0000 (UTC) Received: (qmail 20135 invoked by uid 10000); 2 Oct 2011 20:54:15 -0000 Date: Sun, 2 Oct 2011 20:54:15 +0000 From: "Robin H. Johnson" To: gentoo-portage-dev@lists.gentoo.org Subject: Re: [gentoo-portage-dev] [GLEP59v2 5/5] GLEP59: Change live Manifest2 hashes to SHA256, SHA512, WHIRLPOOL Message-ID: References: <1317454855-2794-1-git-send-email-robbat2@gentoo.org> <1317454855-2794-6-git-send-email-robbat2@gentoo.org> <4E87EB2D.6070809@gentoo.org> <4E88CC0D.6080702@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@lists.gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4E88CC0D.6080702@gentoo.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: X-Archives-Hash: 31de8bc3de3c9ec90d3ac0f3b63510fd On Sun, Oct 02, 2011 at 01:39:41PM -0700, Zac Medico wrote: > On 10/02/2011 05:46 AM, Robin H. Johnson wrote: > > On Sat, Oct 01, 2011 at 09:40:13PM -0700, Zac Medico wrote: > >> If we control these hashes via metadata/layout.conf, then we can toggle > >> it atomically for all commiters. Otherwise, we'll have an annoying > >> period of time where different committers are committing different sets > >> of hashes, depending on their portage version. > > How do you suggest doing it via layout.conf? I've kept SHA256 in both > > sets for now, but if you could enforce new signatures including both > > WHIRLPOOL and SHA256, that would be great. > How about if we put something like this in > gentoo-x86/metadata/layout.conf now: Did you mean profiles/layout.conf? I just want to make sure no scripts that pull from CVS and expect that dir to not exist don't break. > manifest2-sha1 = true > manifest2-whirlpool = false Bikeshedding slightly, but can we figure something like a list or dict instead? (Also gives us a chance to make the required hashes a list). manifest2-hashes = ['SHA1', 'SHA256', 'RMD160'] > Then we'll patch portage so that by default it will disable SHA1 and > enable WHIRLPOOL, and the above settings will override the defaults. > After the patched portage is marked stable in a month or so, we'll send > an announcement to gentoo-announce, and remove the above settings from > layout.conf. Sounds good to me. Hopefully I'll have more of the MetaManifest prototype code in the next few days to go live around the same time. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robbat2@gentoo.org GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85