Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev <gentoo-dev@l.g.o>
Cc: infra <infra@g.o>, dev-portage@g.o
Subject: [gentoo-dev] [RFC] New Manifest hashes and how to enable them
Date: Mon, 03 Apr 2017 17:09:40
Message-Id: 1491239350.1978.1.camel@gentoo.org
1 Hi, everyone.
2
3 I'd like to open an early discussion and start planning transition to
4 an updated set of Manifest hashes.
5
6
7 Current state
8 =============
9
10 The current hash set includes the three following hashes:
11 - SHA256 (SHA2),
12 - SHA512 (SHA2),
13 - Whirlpool.
14
15 Of these three hashes, SHA256 is considered 'required' by Portage. All
16 current Manifests in Gentoo include it.
17
18 SHA512 and Whirlpool are included in the majority of Manifest.
19 The packages missing them are tracked in [1].
20
21 There are still some stale hashes present in some Manifests (e.g.
22 RMD160).
23
24
25 Supported hash algorithms in package managers
26 =============================================
27
28 The following hashes are supported by the stable version of Portage,
29 pkgcore and Paludis: MD5, SHA1, SHA256, SHA512, RMD160, WHIRLPOOL.
30
31 Support for MD5, SHA1, SHA256 and SHA512 in Portage and pkgcore is
32 provided unconditionally by all supported Python versions. For
33 WHIRLPOOL, a fallback implementation is always provided.
34
35 The following hashes are supported by the current git version of Portage
36 and are on the way of being integrated into pkgcore: BLAKE2B, BLAKE2S,
37 SHA3-256, SHA3-512. They are not currently supported by Paludis.
38
39 Support for those algorithms is guaranteed in Python 3.6+. Fallbacks for
40 older Python versions are supported -- using pygcrypt, pycryptodome
41 and pysha3 (the last one doesn't include BLAKE2) in Portage; and using
42 pycryptodome in pkgcore.
43
44 Additionally, the current git version of Portage supports
45 the STREEBOG256 and STREEBOG512 (GOST R 34.11-2012) algorithms. They can
46 be provided either using pygcrypt or pygost modules.
47
48 Of the listed fallbacks, the following limitations need to be noted:
49
50 A. pygcrypt requires old cffi, and therefore is not in ::gentoo. I have
51 contacted upstream and they are working on updating it.
52
53 B. pycryptodome blocks pycrypto, and some packages explicitly require
54 pycrypto (see tracker at [2]).
55
56 C. pygost is just horrible code-wise, and I've only added it so that we
57 can run tests without any special dependencies.
58
59
60 SHA256 deprecation
61 ==================
62
63 I think the first reasonable change would be to deprecate SHA256. It is
64 pretty much the same algorithm as SHA512, except for different
65 parameters. It is weaker than SHA512, and SHA512 is supported on all
66 existing platforms anyway.
67
68 Therefore, I think the following procedure would apply (please correct
69 me if I'm wrong):
70
71 1. wait till all remaining blockers of [1] are fixed,
72
73 2. update the required hash from SHA256 to SHA512 in Portage,
74
75 3. wait till stable Portage carries the above change + (possibly some
76 upgrade time?),
77
78 4. remove SHA256 from list of hashes included in Manifests.
79
80
81 New hash set
82 ============
83
84 After deprecating SHA256, the hash list would include only SHA512
85 and WHIRLPOOL. I think the first one should be kept as a portable
86 required hash, and I'm indifferent to keeping the second one.
87
88 Of the new hashes, I think it would be the most reasonable to add SHA3-
89 512. It is built-in since Python 3.6+, and multiple implementations are
90 available for older Python versions (cryptography [though I think it
91 doesn't work with current openssl], pycryptodome, pygcrypt, pysha3).
92
93 The alternative would be to use BLAKE2B hash (which provides similar
94 strength to SHA3-512). However, it provides less fallbacks (no support
95 in libgcypt nor cryptography).
96
97 For diversity, we could also consider including the Streebog hash
98 (a user has requested it already). However, it seems to be at SHA2 level
99 and does not have any reasonable implementation except for libgcrypt.
100
101 Therefore, my proposal would be to use the following set once their
102 support reaches the stable version of Portage:
103
104 manifest-hashes = SHA512 SHA3-512 WHIRLPOOL
105
106
107 Your thoughts?
108
109
110
111 [1]:https://bugs.gentoo.org/612716
112 [2]:https://bugs.gentoo.org/611568
113
114 --
115 Best regards,
116 Michał Górny

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies