Change Manifest2 hashes to a more secure set as approved in GLEP59.
SHA512 and WHIRLPOOL are added, SHA1 and RMD160 are dropped.
SHA256 is now the lowest security hash, and must remain in Manifest
files for at least 1 year, otherwise older Portage installs will
complain that they do not support any of the hashes in the Manifest
files.
Future events:
After 2012/10/01:
- Change MANIFEST2_REQUIRED_HASH to WHIRLPOOL.
- Remove SHA256 from MANIFEST2_HASH_FUNCTIONS.
After SHA-3 is approved:
- Add new hashes to MANIFEST2_HASH_FUNCTIONS.
Signed-off-by: Robin H. Johnson <robb...@gentoo.org>
---
pym/portage/const.py | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/pym/portage/const.py b/pym/portage/const.py
index 8b5f4ac..a42ebe8 100644
--- a/pym/portage/const.py
+++ b/pym/portage/const.py
@@ -109,10 +109,12 @@ EAPI = 4
HASHING_BLOCKSIZE = 32768
MANIFEST1_HASH_FUNCTIONS = ("MD5", "SHA256", "RMD160")
-MANIFEST2_HASH_FUNCTIONS = ("SHA1", "SHA256", "RMD160")
+MANIFEST2_HASH_FUNCTIONS = ("SHA256", "SHA512", "WHIRLPOOL")
+# FUTURE: Add SHA-3 when available; remove SHA256 after 2012/10/01
MANIFEST1_REQUIRED_HASH = "MD5"
-MANIFEST2_REQUIRED_HASH = "SHA1"
+MANIFEST2_REQUIRED_HASH = "SHA256"
+# FUTURE: Change to WHIRLPOOL after 2012/10/01
MANIFEST2_IDENTIFIERS = ("AUX", "MISC", "DIST", "EBUILD")
# ===========================================================================
--
1.7.6
