个人工具
登录
查看“UbuntuWiki:apt-sha256”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuWiki:apt-sha256”的源代码
来自Ubuntu中文
←
UbuntuWiki:apt-sha256
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
{{From|https://wiki.ubuntu.com/apt-sha256}} {{Languages|php5}} ''Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.'' * '''Launchpad entry''': https://blueprints.launchpad.net/distros/ubuntu/+spec/apt-sha256 * '''Packages affected''': apt, soyuz * '''Contributors''': MichaelVogt === Summary === The current hash method in apt to do authentication checking is md5. To improve security we want to switch this to sha256. === Rationale === MD5 has serveral flaws that makes it not the best option to base our authentication on. SHA256 is a much stronger authentication hash algorithm. === Scope === APT needs to be modified to support sha256 for all verifications. No changes to the apt frontends are required. Soyuz needs to write sha256 checksums for the Release file. === Design === The changes in apt should be done in a way that makes future changes to the used algorithm a lot easier than it is currently. Some files lack a tag what hash algorithm is used (e.g. the "Files" tag in a .dsc file). A new tag "Files-SHA256" is added there. === Implementation === The code in apt-pkg/acquire-item.cc should be changed so that it does not hardcode the use of md5 but uses a abstraction class instead. If the authentication hash is changed again, we just need to change this abstraction class. There is currently such a abstraction in the class Hashes from apt-pkg/contrib/hashes.h that is used in the fetcher but not in the authentication checking code for the indexfiles. This should be changed. The Launchpad feature request is here https://launchpad.net/products/soyuz/+bug/71845 ==== Code ==== A working implementation can be found in http://people.ubuntu.com/~mvo/bzr/apt/sha256/ === Outstanding issues === For source index files (.dsc files and Sources.gz) md5 is still used by default because the "File" tag does not carry the information what hash is used. This needs to be added to dpkg. === Comments === DanielHolbach: It'd be great to see a benchmark comparing `MD5` and `SHA256` in `apt`'s use. ---- CategorySpec [[category:UbuntuWiki]]
该页面使用的模板:
模板:From
(
查看源代码
)
模板:Languages
(
查看源代码
)(受保护)
模板:Languages/Lang
(
查看源代码
)(受保护)
返回至
UbuntuWiki:apt-sha256
。