Skip to main content

[pkg-discuss] Re: Updated sha-2 webrev

  • From: Tim Foster < >
  • To: Shawn Walker < >
  • Cc:
  • Subject: [pkg-discuss] Re: Updated sha-2 webrev
  • Date: Thu, 03 Oct 2013 12:56:48 +1300

On 10/ 3/13 12:41 PM, Shawn Walker wrote:
This also means that we can't start adding 'pkg.filetype' attributes
until we stop supporting SHA-1 hashes, which sucks.  I'm going to file a

Did you test the 'pkg.filetype' thing?  Because I'm pretty sure we *can*
add attributes, we can't just take expected ones away.  I think extra
attributes will be passed through silently.

The problem is the reverse: where we take a signed s11 package, then pkgrecv it with the SHA-2 wad - since we're adding a pkg.filetype attribute during republication, that is enough to invalidate the signature.

[which makes sense: someone has tampered with the manifest since the package was signed - that someone was us though! ]

Also, by "we stop supporting SHA-1 hashes", you really just mean as long
as we are generating sha-1 hashes by default, right?

Yes.

1. pkgrecv chokes on manifests that are signed with just the manifest
hash, not the payload

How can you sign with just the manifest hash?  I wasn't aware we
supported that.  If the problem is that we don't recognise the payload,
we should fail gracefully with an unsupported package exception.

Yep, we support it and document it in the man page:  pkgsign -s repo '*'

        cheers,
                        tim


[pkg-discuss] Re: Updated sha-2 webrev

Danek Duvall 10/01/2013

[pkg-discuss] Re: Updated sha-2 webrev

Tim Foster 10/01/2013

[pkg-discuss] Re: Updated sha-2 webrev

Tim Foster 10/02/2013

[pkg-discuss] Re: Updated sha-2 webrev

Danek Duvall 10/02/2013

[pkg-discuss] Re: Updated sha-2 webrev

Tim Foster 10/02/2013

[pkg-discuss] Re: Updated sha-2 webrev

Shawn Walker 10/02/2013

[pkg-discuss] Re: Updated sha-2 webrev

Tim Foster 10/02/2013

[pkg-discuss] Re: Updated sha-2 webrev

Shawn Walker 10/02/2013

[pkg-discuss] Re: Updated sha-2 webrev

Tim Foster 10/02/2013

[pkg-discuss] Re: Updated sha-2 webrev

Shawn Walker 10/02/2013

[pkg-discuss] Re: Updated sha-2 webrev

Tim Foster 10/02/2013

[pkg-discuss] Re: Updated sha-2 webrev

Shawn Walker 10/03/2013

[pkg-discuss] Re: Updated sha-2 webrev

Tim Foster 10/03/2013

[pkg-discuss] Re: Updated sha-2 webrev

Danek Duvall 10/03/2013

[pkg-discuss] Re: Updated sha-2 webrev

Tim Foster 10/03/2013

[pkg-discuss] Re: Updated sha-2 webrev

Danek Duvall 10/03/2013

[pkg-discuss] Re: Updated sha-2 webrev

Tim Foster 10/03/2013

[pkg-discuss] Re: Updated sha-2 webrev

Danek Duvall 10/03/2013
 
 
Close
loading
Please Confirm
Close