>From fa26959e403f5f66c9f8da00d4111145c7c0cac2 Mon Sep 17 00:00:00 2001 From: Artur Juraszek <[email protected]> Date: Thu, 23 Jan 2020 02:13:05 +0100 Subject: [PATCH] Replace MD5 with SHA-256 as a default file integrity check in PKGBUILDs
---
doc/PKGBUILD-example.txt | 4 ++--
doc/PKGBUILD.5.asciidoc | 12 ++++++------
doc/makepkg-template.1.asciidoc | 2 +-
etc/makepkg.conf.in | 2 +-
proto/PKGBUILD-split.proto | 2 +-
proto/PKGBUILD-vcs.proto | 2 +-
proto/PKGBUILD.proto | 2 +-
7 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/doc/PKGBUILD-example.txt b/doc/PKGBUILD-example.txt
index 910fd068..d4e1c9c1 100644
--- a/doc/PKGBUILD-example.txt
+++ b/doc/PKGBUILD-example.txt
@@ -12,8 +12,8 @@ depends=('glibc')
makedepends=('ed')
optdepends=('ed: for "patch -e" functionality')
source=("ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig})
-md5sums=('e9ae5393426d3ad783a300a338c09b72'
- 'SKIP')
+sha256sums=('9124ba46db0abd873d0995c2ca880e81252676bb6c03e0a37dfc5f608a9b0ceb'
+ 'SKIP')
build() {
cd "$srcdir/$pkgname-$pkgver"
diff --git a/doc/PKGBUILD.5.asciidoc b/doc/PKGBUILD.5.asciidoc
index ef53c0ee..7b5d6d2b 100644
--- a/doc/PKGBUILD.5.asciidoc
+++ b/doc/PKGBUILD.5.asciidoc
@@ -146,17 +146,17 @@ contain whitespace characters.
listed here will not be extracted with the rest of the source files. This
is useful for packages that use compressed data directly.
-*md5sums (array)*::
- This array contains an MD5 hash for every source file specified in the
+*sha256sums (array)*::
+ This array contains a SHA-256 hash for every source file specified in the
source array (in the same order). makepkg will use this to verify source
file integrity during subsequent builds. If 'SKIP' is put in the array
in place of a normal hash, the integrity check for that source file will
- be skipped. To easily generate md5sums, run ``makepkg -g >> PKGBUILD''.
- If desired, move the md5sums line to an appropriate location.
+ be skipped. To easily generate sha256sums, run ``makepkg -g >> PKGBUILD''.
+ If desired, move the sha256sums line to an appropriate location.
-*sha1sums, sha224sums, sha256sums, sha384sums, sha512sums, b2sums (arrays)*::
+*md5sums, sha1sums, sha224sums, sha384sums, sha512sums, b2sums (arrays)*::
Alternative integrity checks that makepkg supports; these all behave
- similar to the md5sums option described above. To enable use and generation
+ similar to the sha256sums option described above. To enable use and generation
of these checksums, be sure to set up the `INTEGRITY_CHECK` option in
linkman:makepkg.conf[5].
diff --git a/doc/makepkg-template.1.asciidoc b/doc/makepkg-template.1.asciidoc
index 1cf39fb2..1b7476c2 100644
--- a/doc/makepkg-template.1.asciidoc
+++ b/doc/makepkg-template.1.asciidoc
@@ -85,7 +85,7 @@ Example PKGBUILD
license=('PerlArtistic' 'GPL')
depends=('perl')
source=("http://search.cpan.org/CPAN/authors/id/S/SH/SHERZODR/Config-Simple-${pkgver}.tar.gz";)
- md5sums=('f014aec54f0a1e2e880d317180fce502')
+ sha256sums=('dd9995706f0f9384a15ccffe116c3b6e22f42ba2e58d8f24ed03c4a0e386edb4')
_distname="Config-Simple"
# template start; name=perl-module; version=1.0;
diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in
index caf5114b..6ca49366 100644
--- a/etc/makepkg.conf.in
+++ b/etc/makepkg.conf.in
@@ -90,7 +90,7 @@ BUILDENV=(!distcc color !ccache check !sign)
OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !debug)
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
-INTEGRITY_CHECK=(md5)
+INTEGRITY_CHECK=(sha256)
#-- Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="@STRIP_BINARIES@"
#-- Options to be used when stripping shared libraries. See `man strip' for details.
diff --git a/proto/PKGBUILD-split.proto b/proto/PKGBUILD-split.proto
index 9898ef81..eea97e56 100644
--- a/proto/PKGBUILD-split.proto
+++ b/proto/PKGBUILD-split.proto
@@ -28,7 +28,7 @@ changelog=
source=("$pkgbase-$pkgver.tar.gz"
"$pkgname-$pkgver.patch")
noextract=()
-md5sums=()
+sha256sums=()
validpgpkeys=()
prepare() {
diff --git a/proto/PKGBUILD-vcs.proto b/proto/PKGBUILD-vcs.proto
index ae9956a9..49c6759f 100644
--- a/proto/PKGBUILD-vcs.proto
+++ b/proto/PKGBUILD-vcs.proto
@@ -25,7 +25,7 @@ options=()
install=
source=('FOLDER::VCS+URL#FRAGMENT')
noextract=()
-md5sums=('SKIP')
+sha256sums=('SKIP')
# Please refer to the 'USING VCS SOURCES' section of the PKGBUILD man page for
# a description of each element in the source array.
diff --git a/proto/PKGBUILD.proto b/proto/PKGBUILD.proto
index a2c600d5..9aff797c 100644
--- a/proto/PKGBUILD.proto
+++ b/proto/PKGBUILD.proto
@@ -27,7 +27,7 @@ changelog=
source=("$pkgname-$pkgver.tar.gz"
"$pkgname-$pkgver.patch")
noextract=()
-md5sums=()
+sha256sums=()
validpgpkeys=()
prepare() {
--
2.25.0
Hi all, While poking through Arch's package system, I noticed that despite its bad reputation, MD5 remains a default, and even some kind of a "recommendation", due to its presence in the example PKBUILDs, hashing algorithm for file integrity verification. Is there a reason to not have it changed to a more future-proof one? I mean, at least for now, it seems good enough to protect before a so-called "2nd preimage attack", which is the primary concern in the classic file verification scenario, BUT: a) given the huge size of AUR and its rather chaotic nature, it is not that hard to imagine _a_ malicious upstream which could try to sneak some nasty changes in its own files, with AUR maintainer not noticing anything - leveraging flaws which do exist and are quite well-explored even today. b) it's already shown its weaknesses and it is not going to be any better - the only research direction is to found more (practical) attacks against MD5, so faster the change, fewer the people possibly affected in the future Attaching a patch which, I think, replaces MD5 with SHA256 as a default completely - it's my first change in ABS-related code, though, so please do not hesitate to criticize if something's wrong ;] -- Artur Juraszek
signature.asc
Description: PGP signature
