Bug 902371

Summary:	ROKO__: obsolete hashes used in Manifest
Product:	Gentoo Linux	Reporter:	Michał Górny <mgorny>
Component:	Overlays	Assignee:	Росен Александров <sandikata>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	902221

Description Michał Górny archtester

2023-03-20 06:22:20 UTC

The Manifest files in this repository are using obsolete hashes RMD160 or WHIRLPOOL.  Please update to newer Manifest hashes to avoid problems with newer package managers.  For more information, see the tracker blocked by this bug.

Comment 1 Росен Александров 2023-03-20 06:36:28 UTC

Hello,

I do not understand you. What do you mean by newer package managers?
Isn't it only portage ?
Also which are the newer hashes?

Regards,
Rosen Aleksandrov

Comment 2 Michał Górny archtester

2023-03-20 11:41:06 UTC

(In reply to Росен Александров from comment #1)
> Hello,
> 
> I do not understand you. What do you mean by newer package managers?
> Isn't it only portage ?

I'm sorry, I actually meant newer versions of package managers.  There are other package managers, particularly PkgCore.  Both Portage and PkgCore use Python stdlib that doesn't provide whirlpool reliably anymore.

> Also which are the newer hashes?

::gentoo uses BLAKE2B (the newer hash) and SHA512 (backwards compatibility hash).

Comment 3 Росен Александров 2023-03-23 08:58:20 UTC

Where i can set new hashes ?

Comment 4 Росен Александров 2023-03-23 09:19:28 UTC

Found only two ebuilds with WHIRLPOOL

# grep -r WHIRLPOOL .                                                                                                                                                                                                                           [±master ✓]

Now should be fixed.

https://github.com/sandikata/ROKO__/commit/3b684d2b8789e2d1acdd404f345b1be7504dcc4b