Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 642074

Summary: sys-apps/portage: ${PKGDIR}/Packages hashes should be configurable (beyond MD5 and SHA1)
Product: Portage Development Reporter: Zac Medico <zmedico>
Component: Binary packages supportAssignee: Portage team <dev-portage>
Status: CONFIRMED ---    
Severity: normal CC: gentoo
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: All   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=383725
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 193766    

Description Zac Medico gentoo-dev 2017-12-22 22:16:25 UTC 
There are better hashes than MD5 and SHA1 available these days. We use BLAKE2B and SHA512 for ebuild Manifests these days.
Comment 1 Zac Medico gentoo-dev 2020-01-20 21:07:52 UTC 
The list of hashes needs to be configurable, like layout.conf manifest-hashes and manifest-required-hashes settings.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-12-20 17:39:42 UTC 
We can still do this, but I feel like it matters a lot less now we have signing.