Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 134677

Summary: more hashes on installed binaries
Product: Portage Development Reporter: James <James>
Component: Enhancement/Feature RequestsAssignee: Portage team <dev-portage>
Status: RESOLVED LATER    
Severity: enhancement CC: preed
Priority: Lowest    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=605082
https://bugs.gentoo.org/show_bug.cgi?id=836954
https://bugs.gentoo.org/show_bug.cgi?id=654122
https://bugs.gentoo.org/show_bug.cgi?id=523706
https://bugs.gentoo.org/show_bug.cgi?id=230818
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 193766    

Description James 2006-05-28 12:25:28 UTC 
Is it possible to get emerge to do a SHA256 hash on each binary, just before it installs them, and then store the in a user defined location. One could then use this hash table to check later if the binary has been modified in any way. e.g. virus.
Using emerge to do this, would also have the benefit of the hash table being updated with each install.
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-05-28 12:28:46 UTC 
Portage stored MD5 hashes, I don't see any benefit from using SHA256 for this, TBH...
Comment 2 James 2006-05-28 12:32:31 UTC 
Where are the md5 hashes?

It is my understanding that md5 hashes are insecure. SHA256 is considerably better.
Comment 3 Marius Mauch (RETIRED) gentoo-dev 2006-05-28 13:55:19 UTC 
Needs a new vdb format => not anytime soon.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2006-05-28 14:01:59 UTC 
(In reply to comment #2)
> Where are the md5 hashes?

See CONTENTS files in /var/db/pkg/<category>/<ebuild>. You can use 'equery check <pkgspec> from gentoolkit to verify the MD5 checksums for ebuilds.
Comment 5 SpanKY gentoo-dev 2006-06-11 12:31:56 UTC 
i thought portage already supported SHA1 in CONTENTS ?  or am i just imagining ?
Comment 6 Marius Mauch (RETIRED) gentoo-dev 2006-06-11 16:39:57 UTC 
(In reply to comment #5)
> i thought portage already supported SHA1 in CONTENTS ?  or am i just imagining
> ?

The second. The CONTENTS format is nothing you can change that easily.