Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 134677 - more hashes on installed binaries
Summary: more hashes on installed binaries
Status: RESOLVED LATER
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Enhancement/Feature Requests (show other bugs)
Hardware: All Linux
: Lowest enhancement
Assignee: Portage team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 193766
  Show dependency tree
 
Reported: 2006-05-28 12:25 UTC by James
Modified: 2022-11-16 18:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description James 2006-05-28 12:25:28 UTC 
Is it possible to get emerge to do a SHA256 hash on each binary, just before it installs them, and then store the in a user defined location. One could then use this hash table to check later if the binary has been modified in any way. e.g. virus.
Using emerge to do this, would also have the benefit of the hash table being updated with each install.
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-05-28 12:28:46 UTC 
Portage stored MD5 hashes, I don't see any benefit from using SHA256 for this, TBH...
Comment 2 James 2006-05-28 12:32:31 UTC 
Where are the md5 hashes?

It is my understanding that md5 hashes are insecure. SHA256 is considerably better.
Comment 3 Marius Mauch (RETIRED) gentoo-dev 2006-05-28 13:55:19 UTC 
Needs a new vdb format => not anytime soon.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2006-05-28 14:01:59 UTC 
(In reply to comment #2)
> Where are the md5 hashes?

See CONTENTS files in /var/db/pkg/<category>/<ebuild>. You can use 'equery check <pkgspec> from gentoolkit to verify the MD5 checksums for ebuilds.
Comment 5 SpanKY gentoo-dev 2006-06-11 12:31:56 UTC 
i thought portage already supported SHA1 in CONTENTS ?  or am i just imagining ?
Comment 6 Marius Mauch (RETIRED) gentoo-dev 2006-06-11 16:39:57 UTC 
(In reply to comment #5)
> i thought portage already supported SHA1 in CONTENTS ?  or am i just imagining
> ?

The second. The CONTENTS format is nothing you can change that easily.