Bug 836954

Summary:	Upgrade CONTENTS hash algorithm
Product:	Portage Development	Reporter:	Jonathan Davies <jpds>
Component:	Enhancement/Feature Requests	Assignee:	Portage team <dev-portage>
Status:	CONFIRMED ---
Severity:	normal	CC:	chutzpah, gentoo, hardened, preed, sam
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=230818 https://bugs.gentoo.org/show_bug.cgi?id=654122 https://bugs.gentoo.org/show_bug.cgi?id=605082 https://bugs.gentoo.org/show_bug.cgi?id=134677 https://bugs.gentoo.org/show_bug.cgi?id=523706 https://bugs.gentoo.org/show_bug.cgi?id=891173
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	193766

Description Jonathan Davies 2022-04-06 21:40:07 UTC

I'd like to use https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture on my Gentoo systems. This uses an xattr with a hash of what the file was measured to be at some point in time and I would like to pull this hash out of what portage saw when it installed the file.

MD5 is not usable with IMA, and SHA1 is also considered shattered - could we please have the hash recorded in CONTENTS to be SHA256?

Reproducible: Always

Comment 1 Fabian Groffen gentoo-dev

2022-04-07 06:07:22 UTC

See also bugs:
https://bugs.gentoo.org/654122
https://bugs.gentoo.org/605082