From patchwork Mon Oct 16 07:12:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Hesse X-Patchwork-Id: 270 Return-Path: Delivered-To: patchwork@archlinux.org Received: from apollo.archlinux.org (localhost.localdomain [127.0.0.1]) by apollo.archlinux.org (Postfix) with ESMTP id D52221669F37 for ; Mon, 16 Oct 2017 07:13:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on apollo.archlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=2.5 tests=DKIM_SIGNED,RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham autolearn_force=no version=3.4.1 Received: from orion.archlinux.org (orion.archlinux.org [IPv6:2a01:4f8:160:6087::1]) by apollo.archlinux.org (Postfix) with ESMTPS for ; Mon, 16 Oct 2017 07:13:05 +0000 (UTC) Received: from orion.archlinux.org (localhost.localdomain [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id 3D3ED6CDAA6C6; Mon, 16 Oct 2017 07:13:04 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [5.9.250.164]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by orion.archlinux.org (Postfix) with ESMTPS; Mon, 16 Oct 2017 07:13:04 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 27512213C5; Mon, 16 Oct 2017 07:13:04 +0000 (UTC) Authentication-Results: luna.archlinux.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=eworm.de header.i=@eworm.de header.b=QJn428uQ Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 1064820796 for ; Mon, 16 Oct 2017 07:13:02 +0000 (UTC) Received: from orion.archlinux.org (orion.archlinux.org [IPv6:2a01:4f8:160:6087::1]) by luna.archlinux.org (Postfix) with ESMTPS for ; Mon, 16 Oct 2017 07:13:01 +0000 (UTC) Received: from orion.archlinux.org (localhost.localdomain [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id 102B06CDAA6C3 for ; Mon, 16 Oct 2017 07:13:01 +0000 (UTC) Received: from mx.mylinuxtime.de (mx.mylinuxtime.de [IPv6:2a01:4f8:202:62a9:5054:ff:fe05:a137]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by orion.archlinux.org (Postfix) with ESMTPS for ; Mon, 16 Oct 2017 07:13:01 +0000 (UTC) Received: from leda.eworm.de (unknown [10.10.1.4]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.mylinuxtime.de (Postfix) with ESMTPSA id C107525E00; Mon, 16 Oct 2017 09:13:00 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.10.3 mx.mylinuxtime.de C107525E00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=eworm.de; s=mail; t=1508137980; bh=DzcfxKeztK3SQ9qY9G0i8/8ol2wDtaZLK+fXYQcqrlg=; h=From:To:Cc:Subject:Date; b=QJn428uQnxXq/vjjFrDvw01zBFO9xBgRfno//8inqa5pQmHQFWd90CTmZAQR6LWTP mzMZjIE4p1s3dv6oHZGiIPsfel3TeSjnVNBecHvIcSjgC2SPDNo+X25PHgo4g/neOO LG/LFmiuZSFYl5qKVvF4z6TlZBoMTGaZu7TniyIY= Received: by leda.eworm.de (Postfix, from userid 1000) id 8B1C810201F; Mon, 16 Oct 2017 09:12:55 +0200 (CEST) From: Christian Hesse To: arch-releng@archlinux.org Date: Mon, 16 Oct 2017 09:12:50 +0200 Message-Id: <20171016071250.31902-1-list@eworm.de> X-Mailer: git-send-email 2.14.2 Subject: [arch-releng] [PATCH 1/1] use a stronger hashing algorithm X-BeenThere: arch-releng@archlinux.org X-Mailman-Version: 2.1.24 Precedence: list List-Id: Arch Linux Release Engineering List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Arch Linux Release Engineering Cc: Christian Hesse Errors-To: arch-releng-bounces@archlinux.org Sender: "arch-releng" From: Christian Hesse Nobody wants to use md5 these days... Signed-off-by: Christian Hesse --- archiso/initcpio/hooks/archiso | 6 +++--- archiso/initcpio/hooks/archiso_pxe_http | 2 +- archiso/mkarchiso | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/archiso/initcpio/hooks/archiso b/archiso/initcpio/hooks/archiso index b78f4db..753e3da 100644 --- a/archiso/initcpio/hooks/archiso +++ b/archiso/initcpio/hooks/archiso @@ -99,7 +99,7 @@ _mnt_dev() { _verify_checksum() { local _status cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" - md5sum -c airootfs.md5 > /tmp/checksum.log 2>&1 + sha512sum -c airootfs.sha512 > /tmp/checksum.log 2>&1 _status=$? cd "${OLDPWD}" return ${_status} @@ -153,7 +153,7 @@ archiso_mount_handler() { fi if [[ "${checksum}" == "y" ]]; then - if [[ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.md5" ]]; then + if [[ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sha512" ]]; then msg -n ":: Self-test requested, please wait..." if _verify_checksum; then msg "done. Checksum is OK, continue booting." @@ -163,7 +163,7 @@ archiso_mount_handler() { launch_interactive_shell fi else - echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.md5 not found" + echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.sha512 not found" launch_interactive_shell fi fi diff --git a/archiso/initcpio/hooks/archiso_pxe_http b/archiso/initcpio/hooks/archiso_pxe_http index 54af7c5..a7c03a8 100644 --- a/archiso/initcpio/hooks/archiso_pxe_http +++ b/archiso/initcpio/hooks/archiso_pxe_http @@ -41,7 +41,7 @@ archiso_pxe_http_mount_handler () { _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs" "/${arch}" if [[ "${checksum}" == "y" ]]; then - _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.md5" "/${arch}" + _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sha512" "/${arch}" fi if [[ "${verify}" == "y" ]]; then _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs.sig" "/${arch}" diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 0aca521..9c3a835 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -249,7 +249,7 @@ _mkairootfs_sfs () { _mkchecksum () { _msg_info "Creating checksum file for self-test..." cd "${work_dir}/iso/${install_dir}/${arch}" - md5sum airootfs.sfs > airootfs.md5 + sha512sum airootfs.sfs > airootfs.sha512 cd ${OLDPWD} _msg_info "Done!" }