836954 – Upgrade CONTENTS hash algorithm

Bug 836954 - Upgrade CONTENTS hash algorithm

Summary: Upgrade CONTENTS hash algorithm

Status:	CONFIRMED

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Enhancement/Feature Requests (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Portage team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	193766
	Show dependency tree

Reported:	2022-04-06 21:40 UTC by Jonathan Davies
Modified:	2023-03-11 23:47 UTC (History)
CC List:	5 users (show)

See Also:	230818 654122 605082 134677 523706 891173
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jonathan Davies 2022-04-06 21:40:07 UTC

I'd like to use https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture on my Gentoo systems. This uses an xattr with a hash of what the file was measured to be at some point in time and I would like to pull this hash out of what portage saw when it installed the file.

MD5 is not usable with IMA, and SHA1 is also considered shattered - could we please have the hash recorded in CONTENTS to be SHA256?

Reproducible: Always

Comment 1 Fabian Groffen gentoo-dev

2022-04-07 06:07:22 UTC

See also bugs:
https://bugs.gentoo.org/654122
https://bugs.gentoo.org/605082