This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[maintainer-scripts] gcc_release: replace MD5 hashing
- From: Gerald Pfeifer <gerald at pfeifer dot com>
- To: gcc-patches at gcc dot gnu dot org
- Date: Fri, 3 Mar 2017 19:49:28 +0100 (CET)
- Subject: [maintainer-scripts] gcc_release: replace MD5 hashing
- Authentication-results: sourceware.org; auth=none
Looking how our snapshots are secured in terms of checksums, I
noticed we're still using MD5 and SHA-1 hashes.
Which is unfortunate, given that MD5 has been considered weak for
what, a decade?, and SHA-1 has been considered weak for years as
well and now been demonstrated broken for real.
So I went ahead and added SHA-256 as new primary hash, demoting
SHA-1 to secondary, and removing MD5.
I also updated the copy of this script on gcc.gnu.org and will
have a closer look at coming snapshots.
Gerald
2017-03-03 Gerald Pfeifer <gerald@pfeifer.com>
* gcc_release (snapshot_print): Replace md5 checksum by sha256.
Index: gcc_release
===================================================================
--- gcc_release (revision 245874)
+++ gcc_release (revision 245875)
@@ -356,7 +356,7 @@
# Print description if snapshot exists.
snapshot_print() {
if [ -e ${RELEASE}/$1 ]; then
- hash=`openssl md5 ${RELEASE}/$1 | sed -e 's#(.*)##' -e 's# *= *#=#'`
+ hash=`openssl sha256 ${RELEASE}/$1 | sed -e 's#(.*)##' -e 's# *= *#=#'`
hash2=`openssl sha1 ${RELEASE}/$1 | sed -e 's#(.*)##' -e 's# *= *#=#'`
printf " %-37s%s\n\n %s\n %s\n\n" "$1" "$2" "$hash" "$hash2" \