[oe-commits] [openembedded-core] 11/11: meta/lib/oe/package_manager.py: Enable sha256 checksums in opkg indexer

git at git.openembedded.org git at git.openembedded.org
Thu Nov 7 22:33:21 UTC 2019 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master-next
in repository openembedded-core.

commit 9f49179a95006c1f3a44fa54ac6b12b0e0407d38
Author: Haris Okanovic <haris.okanovic at ni.com>
AuthorDate: Thu Nov 7 16:07:36 2019 -0600

    meta/lib/oe/package_manager.py: Enable sha256 checksums in opkg indexer
    
    Pass `--checksum md5` and `--checksum sha256` to opkg-make-index.
    
    Sha256 checksum enables more reliable install-time validation of IPKs.
    This is particularly useful when installing from signed feeds --
    I.e. feeds using signed Packages index files that deliver otherwise
    unsigned IPKs. Such feeds rely on hash validation of enclosed IPKs to
    thwart tampering. After download, opkg verifies IPK's checksum against
    the (signed) Packages index file. Weak hashes like md5 are prone to
    collision and therefore tampering.
    
    The md5 checksum is purely for backward compatibility. Sha256 validation
    was recently added to opkg. Newer builds of opkg will use it. Older
    builds still look for an md5 checksum. Md5 is deprecated and should be
    removed once old build are phased out.
    
    Testing: I ran `bitbake package-index` after building a few IPKs and
    verified MD5Sum and SHA256sum attributes are present in Packages.
    Using opkg-utils 0.4.0.
    
    Performance Impact: It takes about 40 seconds to cleanly re-index 8000
    IPKs on an Intel Xeon E5-1620 machine. This was previously about
    20 seconds.
    
    NOTE: It's recommended to delete all Packages* files after applying this
    patch. Otherwise, some IPKs won't have sha256.
    
    Signed-off-by: Haris Okanovic <haris.okanovic at ni.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
 meta/lib/oe/package_manager.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index c7135ce..4ff19cf 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -217,7 +217,7 @@ class OpkgIndexer(Indexer):
                 if not os.path.exists(pkgs_file):
                     open(pkgs_file, "w").close()
 
-                index_cmds.add('%s -r %s -p %s -m %s' %
+                index_cmds.add('%s --checksum md5 --checksum sha256 -r %s -p %s -m %s' %
                                   (opkg_index_cmd, pkgs_file, pkgs_file, pkgs_dir))
 
                 index_sign_files.add(pkgs_file)

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list