Pacman

Welcome to the Pacman bug tracker. Please search the current bugs and feature requests before filing a new one! Use advanced search and select "Search in Comments".

* Please select the correct category and version.
* Write a descriptive summary, background info, and provide a reproducible test case whenever possible.
Tasklist

FS#23103 - [pacman] Add SHA256 sum to db

Attached to Project: Pacman
Opened by IgnorantGuru (IgnorantGuru) - Wednesday, 02 March 2011, 15:34 GMT
Last edited by Dan McGee (toofishes) - Wednesday, 23 March 2011, 15:33 GMT
Task Type Feature Request
Category Scripts & Tools
Status Closed
Assigned To Dan McGee (toofishes)
Architecture All
Severity High
Priority Normal
Reported Version 3.4.2
Due in Version 4.0.0
Due Date Undecided
Percent Complete 100%
Votes 5
Private No

Details

Please add a SHA256 sum to the desc files of packages in the sync database, in addition to MD5. This simple addition will allow for more security in scripts that compare mirrors (eg paccheck). It will also allow for a higher level of security when the databases are signed (as an interim solution to full package signing implementation).

By adding SHA256 in addition to MD5, no other changes to pacman should be required - pacman doesn't need to check the SHA256 sum at this point (that would not add much security given the current lack of mirror security).

MD5 is a compromised hash...
http://cryptography.hyperlink.cz/2004/otherformats.html

Patch for repo-add:

# get md5sum and sha256sum and compressed size of package
md5sum="$(openssl dgst -md5 "$pkgfile")"
md5sum="${md5sum##* }"
sha256sum="$(openssl dgst -sha256 "$pkgfile")"
sha256sum="${sha256sum##* }"
csize=$(stat -L -c %s "$pkgfile")

...

echo -e "%SHA256SUM%\n$sha256sum\n" >>desc
This task depends upon

Closed by  Dan McGee (toofishes)
Wednesday, 23 March 2011, 15:33 GMT
Reason for closing:  Implemented
Additional comments about closing:  Commit a31d091fb3bd
Comment by Pierre Schmitz (Pierre) - Wednesday, 02 March 2011, 17:59 GMT
The md5sums are only used for a simple and quick integrity check to see if the file was downloaded correctly (e.g. if there were no network error). There is no need to add better hash sums as they wont improve security. You'll need signed packages for this. (see pacman-dev list for more details)
Comment by IgnorantGuru (IgnorantGuru) - Wednesday, 02 March 2011, 18:12 GMT
@Pierre
The MD5 sums are only used for that *by pacman*. My script paccheck uses the MD5 sums to try to verify packages more comprehensively using several mirrors, but the MD5 hash is a weakness. Users need to (and do) download full packages from multiple mirrors as a result. Having the SHA256 sum would thus help many users and reduce load on the mirrors, regardless of pacman's lack of use for it. Also, I have submitted a feature request to devtools for them to sign the database with a server key. Adding SHA256 sums is an integral part of that request as well, since if the database is signed, the SHA256 sum can be used to authenicate the packages reliably. It is very simple to do and doesn't hurt anything, so please add SHA256 sums to repo-add. Thank you.
Comment by Leonid Isaev (lisaev) - Wednesday, 02 March 2011, 18:30 GMT
> My script paccheck uses the MD5 sums to try to verify packages more comprehensively using several mirrors, but the MD5 > hash is a weakness. Users need to (and do) download full packages from multiple mirrors as a result.

I was playing with a similar idea about 4 months ago. The point is that several mirrors are unlikely to get hacked simultaneously, right? Although I added my vote for this ticket, I have to say that for paccheck (is it available, btw?) sha256 is irrelevant, since you are using statistical unlikeness of a compromise, not trustability of any particular .db.tar.gz package...
Comment by IgnorantGuru (IgnorantGuru) - Wednesday, 02 March 2011, 18:50 GMT
@Leonid Isaev
Yes paccheck is available:
http://igurublog.wordpress.com/downloads/script-paccheck/
https://bbs.archlinux.org/viewtopic.php?id=113917&p=1

> The point is that several mirrors are unlikely to get hacked simultaneously, right?

Yes, and paccheck can test an unlimited number of mirrors, so it improves the situation considerably through polling. Pretty much to the user's desired level vs time and bandwidth.

> sha256 is irrelevant, since you are using statistical unlikeness of a compromise, not trustability of any particular .db.tar.gz package...

With the MD5 sums, paccheck can download the database file from multiple mirrors. The MD5 sum provides some degree of authentication, aside from an MD5 collision attack. If a user is concerned about this vulnerability (which is reasonable), then the user must use paccheck's 'compare' function to download full packages from multiple mirrors and do a byte-for-byte comparison. Having the SHA256 hash would change this requirement - comparing the relatively small database files from multiple mirrors would assure that an MD5 collision is not present. Then the only vulnerability is multiple compromised mirrors, which is relatively unlikely if enough tier 1 mirrors are polled.

So in short, I would find the SHA256 sums very valuable in making paccheck more efficient and secure, and of course they are a component of the server signature scheme in the devtools request.
Comment by Dan McGee (toofishes) - Thursday, 03 March 2011, 18:07 GMT
  • Field changed: Attached to Project (Arch Linux → Pacman)
  • Field changed: Severity (Critical → High)
I find it hilarious you call md5 a compromised hash, but then try to throw percentages out saying it is unlikely someone would hack multiple mirrors. The chance of someone owning all our mirrors is a hell of a lot higher than someone falsifying a package with a clashing md5sum.

Either way, I see no actual patch here. We take git format-patch style patches for pacman, on the ML, inline, as is documented here: http://www.archlinux.org/pacman/submitting-patches.html. The rules are quite easy to follow.
Comment by IgnorantGuru (IgnorantGuru) - Thursday, 03 March 2011, 18:47 GMT
Are you willing to add it if I take the time to submit a patch, or are you just wasting my time? I ask because thus far I have met nothing but unwillingness, so please don't waste my time. I don't really see why a patch is necessary as it is a trivial addition, but if you want one I will be happy to provide it. Thank you.

Loading...