Message ID | 20171016071250.31902-1-list@eworm.de |
---|---|
State | New |
Headers | show |
Series | [1/1] use a stronger hashing algorithm | expand |
The only purpose of this is as checksum, like an "enhanced crc", in any case I will apply it. I know you know, just for clarify for anyone who read this. Thanks. El 16/10/17 a las 04:12, Christian Hesse escribió: > From: Christian Hesse <mail@eworm.de> > > Nobody wants to use md5 these days... > > Signed-off-by: Christian Hesse <mail@eworm.de> > --- > archiso/initcpio/hooks/archiso | 6 +++--- > archiso/initcpio/hooks/archiso_pxe_http | 2 +- > archiso/mkarchiso | 2 +- > 3 files changed, 5 insertions(+), 5 deletions(-) > > diff --git a/archiso/initcpio/hooks/archiso b/archiso/initcpio/hooks/archiso > index b78f4db..753e3da 100644 > --- a/archiso/initcpio/hooks/archiso > +++ b/archiso/initcpio/hooks/archiso > @@ -99,7 +99,7 @@ _mnt_dev() { > _verify_checksum() { > local _status > cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" > - md5sum -c airootfs.md5 > /tmp/checksum.log 2>&1 > + sha512sum -c airootfs.sha512 > /tmp/checksum.log 2>&1 > _status=$? > cd "${OLDPWD}" > return ${_status} > @@ -153,7 +153,7 @@ archiso_mount_handler() { > fi > > if [[ "${checksum}" == "y" ]]; then > - if [[ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.md5" ]]; then > + if [[ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sha512" ]]; then > msg -n ":: Self-test requested, please wait..." > if _verify_checksum; then > msg "done. Checksum is OK, continue booting." > @@ -163,7 +163,7 @@ archiso_mount_handler() { > launch_interactive_shell > fi > else > - echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.md5 not found" > + echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.sha512 not found" > launch_interactive_shell > fi > fi > diff --git a/archiso/initcpio/hooks/archiso_pxe_http b/archiso/initcpio/hooks/archiso_pxe_http > index 54af7c5..a7c03a8 100644 > --- a/archiso/initcpio/hooks/archiso_pxe_http > +++ b/archiso/initcpio/hooks/archiso_pxe_http > @@ -41,7 +41,7 @@ archiso_pxe_http_mount_handler () { > _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs" "/${arch}" > > if [[ "${checksum}" == "y" ]]; then > - _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.md5" "/${arch}" > + _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sha512" "/${arch}" > fi > if [[ "${verify}" == "y" ]]; then > _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs.sig" "/${arch}" > diff --git a/archiso/mkarchiso b/archiso/mkarchiso > index 0aca521..9c3a835 100755 > --- a/archiso/mkarchiso > +++ b/archiso/mkarchiso > @@ -249,7 +249,7 @@ _mkairootfs_sfs () { > _mkchecksum () { > _msg_info "Creating checksum file for self-test..." > cd "${work_dir}/iso/${install_dir}/${arch}" > - md5sum airootfs.sfs > airootfs.md5 > + sha512sum airootfs.sfs > airootfs.sha512 > cd ${OLDPWD} > _msg_info "Done!" > } >
Gerardo Exequiel Pozzi via arch-releng <arch-releng@archlinux.org> on Mon, 2017/10/16 15:50: > The only purpose of this is as checksum, like an "enhanced crc", in any > case I will apply it. I know you know, just for clarify for anyone who > read this. Adding another note... Whoever wants to be sure should use verification with gpg signature (boot option 'verify'). Though even that is not secure - it checks for a valid signature, but not for a trusted key. Nevertheless we should drop md5 - especially if it is an easy task.
diff --git a/archiso/initcpio/hooks/archiso b/archiso/initcpio/hooks/archiso index b78f4db..753e3da 100644 --- a/archiso/initcpio/hooks/archiso +++ b/archiso/initcpio/hooks/archiso @@ -99,7 +99,7 @@ _mnt_dev() { _verify_checksum() { local _status cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" - md5sum -c airootfs.md5 > /tmp/checksum.log 2>&1 + sha512sum -c airootfs.sha512 > /tmp/checksum.log 2>&1 _status=$? cd "${OLDPWD}" return ${_status} @@ -153,7 +153,7 @@ archiso_mount_handler() { fi if [[ "${checksum}" == "y" ]]; then - if [[ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.md5" ]]; then + if [[ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sha512" ]]; then msg -n ":: Self-test requested, please wait..." if _verify_checksum; then msg "done. Checksum is OK, continue booting." @@ -163,7 +163,7 @@ archiso_mount_handler() { launch_interactive_shell fi else - echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.md5 not found" + echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.sha512 not found" launch_interactive_shell fi fi diff --git a/archiso/initcpio/hooks/archiso_pxe_http b/archiso/initcpio/hooks/archiso_pxe_http index 54af7c5..a7c03a8 100644 --- a/archiso/initcpio/hooks/archiso_pxe_http +++ b/archiso/initcpio/hooks/archiso_pxe_http @@ -41,7 +41,7 @@ archiso_pxe_http_mount_handler () { _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs" "/${arch}" if [[ "${checksum}" == "y" ]]; then - _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.md5" "/${arch}" + _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sha512" "/${arch}" fi if [[ "${verify}" == "y" ]]; then _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs.sig" "/${arch}" diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0aca521..9c3a835 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -249,7 +249,7 @@ _mkairootfs_sfs () { _mkchecksum () { _msg_info "Creating checksum file for self-test..." cd "${work_dir}/iso/${install_dir}/${arch}" - md5sum airootfs.sfs > airootfs.md5 + sha512sum airootfs.sfs > airootfs.sha512 cd ${OLDPWD} _msg_info "Done!" }