X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-lf0-f49.google.com (mail-lf0-f49.google.com [209.85.215.49]) by lists.alpinelinux.org (Postfix) with ESMTP id 31F415C4EAA for ; Fri, 9 Mar 2018 13:21:12 +0000 (GMT) Received: by mail-lf0-f49.google.com with SMTP id h127-v6so13134502lfg.12 for ; Fri, 09 Mar 2018 05:21:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NcyWfuGCWNk/aAD7K4qen0ztiDSsBNLvE/nqmT9fNqw=; b=XcC6TBehInDlptFT/1Qkkw+U1Y9QGSKW6CW5gkLZM88LDjBB+m6jzGSHieVJ6f5S7d s2s1sZlvz+JnB1KHjw/bFVRYgyq9bxeKLwMbk3oxg78d9TbnerohYS6Epyft7htZdxjD cjWnvvLJs2TiNlkV6vIaEleApeVvDoYapPvLFdSSEydH0pjE/NtsBBZJZVhRbHLF3F+D PW89hIsRirhhsgL/o0VEJ57kEuop7JLyE21f+NDtqUnBG7KB21jCFpfkwn3RnPeeXRo/ khMbLINkd+zYTpmzQ710tE6nlguf27DIbM7zwELmmKdSAKwbWrCIs82fHF+lA39pN791 Xa8g== X-Gm-Message-State: AElRT7GQJ9t52XfInUWjhmlTXc5sNHUlFCcea7Zrm1MaXA5TYht53jSl LaTWzPCk6Yqgkf3qVXMtLkhCF5SS X-Google-Smtp-Source: AG47ELuj1qM364I0hsl5epVZ/zx9BF4vqIgcWbl8xhRL3fjZtzVnM23MpNVIXdXT+vXO2HRG1OVVNg== X-Received: by 10.25.195.216 with SMTP id t207mr21722578lff.60.1520601671231; Fri, 09 Mar 2018 05:21:11 -0800 (PST) Received: from vostro.util.wtbts.net ([2001:1bc8:101:f402:e66f:13ff:fef3:8cd0]) by smtp.gmail.com with ESMTPSA id e1sm287214ljf.44.2018.03.09.05.21.10 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 09 Mar 2018 05:21:10 -0800 (PST) Date: Fri, 9 Mar 2018 15:21:07 +0200 From: Timo Teras To: Ferris Ellis Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] Upgrading package signatures from SHA1 to SHA2 digest. Message-ID: <20180309152107.472e4144@vostro.util.wtbts.net> In-Reply-To: References: <257B6969-21FD-4D51-A8EC-95CB95CEF365@ferrisellis.com> <20180308145356.6355eafe@vostro.util.wtbts.net> X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, 9 Mar 2018 08:02:50 -0500 Ferris Ellis wrote: > Timo, thanks for sharing! I=E2=80=99m a little confused by your message. = Can > you clarify what each of the hashes are? Including the =E2=80=98identity > hash=E2=80=99 and =E2=80=98individual file checksums=E2=80=99? I=E2=80=99= m still new to the internals > of apk packaging and am only aware of two hashes: >=20 > 1. The RSA signature hash uses SHA1 as the hash for control.tar.gz. Yes. The SHA1 hash for control.tar.gz is also the "identity hash" which is stored in index files. If .apk installed from repository, the signature itself is not currently verified, instead the following happens: 1. Index file's signature is verified 2. .apk files 'identity hash' or control.tar.gz hash is verified to match against the index file's given SHA1 hash of the package > 2. Inside control.tar.gz is the .PKGINFO file which contains a > SHA2-256 hash of data.tar.gz Correct. Additionally the PAX tar header contains SHA1 hash for each individual file. It is not verified during extraction, but it is stored in the installed database, and used for 'apk audit' which determines the integrity of current system. > Also, as I mentioned in my last reply to A. Wilcox, I think since the > RSA signature is ASN1 encoded. If so you shouldn=E2=80=99t need a new pre= fix > type, as the ASN1 blob states the hash that it contains. But please > correct me if I=E2=80=99m wrong on this! Just trying to be of help :) Yeah, that would probably work nicely. So again, doing sha256 signatures is probably simple as the above. But changing the index file's hash of package's control.tar.gz would be non-trivial due to backwards compatibility issues. It will also increase the index size considerably; this would increase apk runtime memory requirements and have performance side-effects. This is one of the main issues I want to resolve in the new file formats. Timo --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---