[arch-releng] [PATCH 1/1] use a stronger hashing algorithm

Christian Hesse list at eworm.de
Mon Oct 16 07:12:50 UTC 2017


From: Christian Hesse <mail at eworm.de>

Nobody wants to use md5 these days...

Signed-off-by: Christian Hesse <mail at eworm.de>
---
 archiso/initcpio/hooks/archiso          | 6 +++---
 archiso/initcpio/hooks/archiso_pxe_http | 2 +-
 archiso/mkarchiso                       | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/archiso/initcpio/hooks/archiso b/archiso/initcpio/hooks/archiso
index b78f4db..753e3da 100644
--- a/archiso/initcpio/hooks/archiso
+++ b/archiso/initcpio/hooks/archiso
@@ -99,7 +99,7 @@ _mnt_dev() {
 _verify_checksum() {
     local _status
     cd "/run/archiso/bootmnt/${archisobasedir}/${arch}"
-    md5sum -c airootfs.md5 > /tmp/checksum.log 2>&1
+    sha512sum -c airootfs.sha512 > /tmp/checksum.log 2>&1
     _status=$?
     cd "${OLDPWD}"
     return ${_status}
@@ -153,7 +153,7 @@ archiso_mount_handler() {
     fi
 
     if [[ "${checksum}" == "y" ]]; then
-        if [[ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.md5" ]]; then
+        if [[ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sha512" ]]; then
             msg -n ":: Self-test requested, please wait..."
             if _verify_checksum; then
                 msg "done. Checksum is OK, continue booting."
@@ -163,7 +163,7 @@ archiso_mount_handler() {
                 launch_interactive_shell
             fi
         else
-            echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.md5 not found"
+            echo "ERROR: checksum=y option specified but ${archisobasedir}/${arch}/airootfs.sha512 not found"
             launch_interactive_shell
         fi
     fi
diff --git a/archiso/initcpio/hooks/archiso_pxe_http b/archiso/initcpio/hooks/archiso_pxe_http
index 54af7c5..a7c03a8 100644
--- a/archiso/initcpio/hooks/archiso_pxe_http
+++ b/archiso/initcpio/hooks/archiso_pxe_http
@@ -41,7 +41,7 @@ archiso_pxe_http_mount_handler () {
     _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs" "/${arch}"
 
     if [[ "${checksum}" == "y" ]]; then
-        _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.md5" "/${arch}"
+        _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sha512" "/${arch}"
     fi
     if [[ "${verify}" == "y" ]]; then
         _curl_get "${archiso_http_srv}${archisobasedir}/${arch}/airootfs.sfs.sig" "/${arch}"
diff --git a/archiso/mkarchiso b/archiso/mkarchiso
index 0aca521..9c3a835 100755
--- a/archiso/mkarchiso
+++ b/archiso/mkarchiso
@@ -249,7 +249,7 @@ _mkairootfs_sfs () {
 _mkchecksum () {
     _msg_info "Creating checksum file for self-test..."
     cd "${work_dir}/iso/${install_dir}/${arch}"
-    md5sum airootfs.sfs > airootfs.md5
+    sha512sum airootfs.sfs > airootfs.sha512
     cd ${OLDPWD}
     _msg_info "Done!"
 }


More information about the arch-releng mailing list