MD5 has been significantly compromised for years; switching to a more secure hash function, such as SHA-1, is long overdue. Signed-off-by: Jason St. John <jstjohn@purdue.edu> --- I was tempted to switch straight to SHA-256 because SHA-1 has had some theoretical vulnerabilities for years; however, because there are effectively no practical/feasible, real-world attacks on SHA-1, plus the much larger hash size that users like to complain about, I figure that SHA-1 is good enough for now. etc/makepkg.conf.in | 2 +- proto/PKGBUILD-split.proto | 2 +- proto/PKGBUILD.proto | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in index 43a6cf2..796aea7 100644 --- a/etc/makepkg.conf.in +++ b/etc/makepkg.conf.in @@ -81,7 +81,7 @@ BUILDENV=(fakeroot !distcc color !ccache check !sign) OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !upx !debug) #-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 -INTEGRITY_CHECK=(md5) +INTEGRITY_CHECK=(sha1) #-- Options to be used when stripping binaries. See `man strip' for details. STRIP_BINARIES="@STRIP_BINARIES@" #-- Options to be used when stripping shared libraries. See `man strip' for details. diff --git a/proto/PKGBUILD-split.proto b/proto/PKGBUILD-split.proto index f1dd420..e8a3bf1 100644 --- a/proto/PKGBUILD-split.proto +++ b/proto/PKGBUILD-split.proto @@ -28,7 +28,7 @@ changelog= source=("${pkgbase}-${pkgver}.tar.gz" "${pkgname}-${pkgver}.patch") noextract=() -md5sums=() # generate with 'updpkgsums' +sha1sums=() # generate with 'updpkgsums' prepare() { cd "${pkgname}-${pkgver}" diff --git a/proto/PKGBUILD.proto b/proto/PKGBUILD.proto index 0eb1c20..de966cf 100644 --- a/proto/PKGBUILD.proto +++ b/proto/PKGBUILD.proto @@ -27,7 +27,7 @@ changelog= source=("${pkgname}-${pkgver}.tar.gz" "${pkgname}-${pkgver}.patch") noextract=() -md5sums=() # generate with 'updpkgsums' +sha1sums=() # generate with 'updpkgsums' prepare() { cd "${pkgname}-${pkgver}" -- 1.8.5.3