[pacman-dev] [PATCH] Change the default makepkg checksum from MD5 to SHA-1
MD5 has been significantly compromised for years; switching to a more secure hash function, such as SHA-1, is long overdue. Signed-off-by: Jason St. John <jstjohn@purdue.edu> --- I was tempted to switch straight to SHA-256 because SHA-1 has had some theoretical vulnerabilities for years; however, because there are effectively no practical/feasible, real-world attacks on SHA-1, plus the much larger hash size that users like to complain about, I figure that SHA-1 is good enough for now. etc/makepkg.conf.in | 2 +- proto/PKGBUILD-split.proto | 2 +- proto/PKGBUILD.proto | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in index 43a6cf2..796aea7 100644 --- a/etc/makepkg.conf.in +++ b/etc/makepkg.conf.in @@ -81,7 +81,7 @@ BUILDENV=(fakeroot !distcc color !ccache check !sign) OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !upx !debug) #-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 -INTEGRITY_CHECK=(md5) +INTEGRITY_CHECK=(sha1) #-- Options to be used when stripping binaries. See `man strip' for details. STRIP_BINARIES="@STRIP_BINARIES@" #-- Options to be used when stripping shared libraries. See `man strip' for details. diff --git a/proto/PKGBUILD-split.proto b/proto/PKGBUILD-split.proto index f1dd420..e8a3bf1 100644 --- a/proto/PKGBUILD-split.proto +++ b/proto/PKGBUILD-split.proto @@ -28,7 +28,7 @@ changelog= source=("${pkgbase}-${pkgver}.tar.gz" "${pkgname}-${pkgver}.patch") noextract=() -md5sums=() # generate with 'updpkgsums' +sha1sums=() # generate with 'updpkgsums' prepare() { cd "${pkgname}-${pkgver}" diff --git a/proto/PKGBUILD.proto b/proto/PKGBUILD.proto index 0eb1c20..de966cf 100644 --- a/proto/PKGBUILD.proto +++ b/proto/PKGBUILD.proto @@ -27,7 +27,7 @@ changelog= source=("${pkgname}-${pkgver}.tar.gz" "${pkgname}-${pkgver}.patch") noextract=() -md5sums=() # generate with 'updpkgsums' +sha1sums=() # generate with 'updpkgsums' prepare() { cd "${pkgname}-${pkgver}" -- 1.8.5.3
On 17/01/14 08:41, Jason St. John wrote:
MD5 has been significantly compromised for years; switching to a more secure hash function, such as SHA-1, is long overdue.
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
No. It is up to the packager to fill out the checksums with what is provided upstream. Because if upstream do not provide the checksums, they are pointless. Even better if upstream provides signatures. Allan
On Thu, Jan 16, 2014 at 5:50 PM, Allan McRae <allan@archlinux.org> wrote:
On 17/01/14 08:41, Jason St. John wrote:
MD5 has been significantly compromised for years; switching to a more secure hash function, such as SHA-1, is long overdue.
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
No. It is up to the packager to fill out the checksums with what is provided upstream. Because if upstream do not provide the checksums, they are pointless. Even better if upstream provides signatures.
Allan
There are still two benefits to changing the default checksum: 1) The AUR uses HTTPS by default, which ensures that the source tarball has not been tampered with in transit. Using a better hash function reduces the chances of an attacker man-in-the-middle'ing end-users when they download the sources from upstream, even over unsecure connections (e.g. unencrypted Wi-Fi, regular HTTP). 2) Most packagers just leave the default option simply because it's the default, and I would argue that it is rare for packagers, especially AUR maintainers, to use the same checksum algorithm as upstream. To be honest, I didn't know that the purpose of the checksum was so it could be compared to upstream; I assumed it was a security mechanism for point 1, above. Jason
On 17/01/14 09:56, Jason St. John wrote:
On Thu, Jan 16, 2014 at 5:50 PM, Allan McRae <allan@archlinux.org> wrote:
On 17/01/14 08:41, Jason St. John wrote:
MD5 has been significantly compromised for years; switching to a more secure hash function, such as SHA-1, is long overdue.
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
No. It is up to the packager to fill out the checksums with what is provided upstream. Because if upstream do not provide the checksums, they are pointless. Even better if upstream provides signatures.
Allan
There are still two benefits to changing the default checksum: 1) The AUR uses HTTPS by default, which ensures that the source tarball has not been tampered with in transit. Using a better hash function reduces the chances of an attacker man-in-the-middle'ing end-users when they download the sources from upstream, even over unsecure connections (e.g. unencrypted Wi-Fi, regular HTTP). 2) Most packagers just leave the default option simply because it's the default, and I would argue that it is rare for packagers, especially AUR maintainers, to use the same checksum algorithm as upstream. To be honest, I didn't know that the purpose of the checksum was so it could be compared to upstream; I assumed it was a security mechanism for point 1, above.
If packagers are just using the default, then it is unlikely they have checked if upstream actually provided checksums and the relatively useless anyway. Allan
participants (2)
-
Allan McRae
-
Jason St. John