Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 902371 - ROKO__: obsolete hashes used in Manifest
Summary: ROKO__: obsolete hashes used in Manifest
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Overlays (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Росен Александров
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 902221
  Show dependency tree
 
Reported: 2023-03-20 06:22 UTC by Michał Górny
Modified: 2023-03-23 09:19 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-03-20 06:22:20 UTC 
The Manifest files in this repository are using obsolete hashes RMD160 or WHIRLPOOL.  Please update to newer Manifest hashes to avoid problems with newer package managers.  For more information, see the tracker blocked by this bug.
Comment 1 Росен Александров 2023-03-20 06:36:28 UTC 
Hello,

I do not understand you. What do you mean by newer package managers?
Isn't it only portage ?
Also which are the newer hashes?

Regards,
Rosen Aleksandrov
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-03-20 11:41:06 UTC 
(In reply to Росен Александров from comment #1)
> Hello,
> 
> I do not understand you. What do you mean by newer package managers?
> Isn't it only portage ?

I'm sorry, I actually meant newer versions of package managers.  There are other package managers, particularly PkgCore.  Both Portage and PkgCore use Python stdlib that doesn't provide whirlpool reliably anymore.

> Also which are the newer hashes?

::gentoo uses BLAKE2B (the newer hash) and SHA512 (backwards compatibility hash).
Comment 3 Росен Александров 2023-03-23 08:58:20 UTC 
Where i can set new hashes ?
Comment 4 Росен Александров 2023-03-23 09:19:28 UTC 
Found only two ebuilds with WHIRLPOOL

# grep -r WHIRLPOOL .                                                                                                                                                                                                                           [±master ✓]

Now should be fixed.

https://github.com/sandikata/ROKO__/commit/3b684d2b8789e2d1acdd404f345b1be7504dcc4b