[pacman-dev] [PATCH] Replace MD5 with SHA-256 as a default file integrity check in PKGBUILDs

[Allan McRae]

On 23/1/20 11:25 am, Artur Juraszek wrote:
> Hi all,
> 
> While poking through Arch's package system, I noticed that despite its
> bad reputation, MD5 remains a default, and even some kind of a "recommendation", due
> to its presence in the example PKBUILDs, hashing algorithm for file integrity verification.
> 
> Is there a reason to not have it changed to a more future-proof one? I mean, at least for now,
> it seems good enough to protect before a so-called "2nd preimage attack", which is the primary
> concern in the classic file verification scenario, BUT:
> 
> a) given the huge size of AUR and its rather chaotic nature, it is not that hard to imagine
> _a_ malicious upstream which could try to sneak some nasty changes in its own files,
> with AUR maintainer not noticing anything - leveraging flaws which do exist and are quite
> well-explored even today.
> 
> b) it's already shown its weaknesses and it is not going to be any better - the only research direction
> is to found more (practical) attacks against MD5, so faster the change, fewer the people possibly
> affected in the future
> 
> Attaching a patch which, I think, replaces MD5 with SHA256 as a default completely - it's my first
> change in ABS-related code, though, so please do not hesitate to criticize if something's wrong ;]
> 

This change is not happening.   Any checksum is insecure when added to a
PKGBUILD using "makepkg -g", which is all the default value does.  The
person writing a PKGBUILD needs to use what is provided upstream (or
even a PGP signature), in which case the default in makepkg does not
make a difference.

Allan