Smart Package Manager

SHA256 checksum for apt-deb

Bug #522513 reported by Anders F Björklund on 2010-02-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Smart Package Manager	Fix Released	Undecided	Unassigned	Smart Package Manager 1.4
	smart (Ubuntu)	New	Wishlist	Unassigned

Bug Description

Smart only validates the MD5 checksum for dpkg packages. It should check SHA and SHA256 too, when available.

Revision history for this message

Anders F Björklund (afb) wrote on 2010-02-16:

Split off from Bug #331935

Revision history for this message

Clint Byrum (clint-fewbar) wrote on 2010-07-05:

Upon inspection, the linked branch has been merged and this code is included in v1.3.

Changed in smart (Ubuntu):
status:	New → Fix Released
importance:	Undecided → Wishlist
Changed in smart:
status:	New → Fix Released

Revision history for this message

Anders F Björklund (afb) wrote on 2010-07-05:

Well, the sha256 parser has been merged but the code only checks md5 if present (if so, sha256 is skipped)

The question is whether it should change to checking sha256 first, otherwise sha1 and lastly fall back to md5.

This was suggested for 1.2, but postponed for performance reasons (I think ?).

Each checksum is about 2 times slower, so checking sha256 takes 4x of md5.

Changed in smart:
status:	Fix Released → New

Revision history for this message

Anders F Björklund (afb) wrote on 2010-07-05:

The main reason this only affects apt-deb and not yum-rpm is because the repodata deletes the older checksums, while the debian repository has all three checksums present. Otherwise the same code is shared between all backends.

Revision history for this message

Anders F Björklund (afb) wrote on 2010-08-24:

Now (r991), it will check MD5 first and then SHA too (prefer SHA256, when available)

Changed in smart:
milestone:	none → 1.4
status:	New → Fix Committed
Changed in smart (Ubuntu):
status:	Fix Released → New

Anders F Björklund (afb) on 2011-03-31

Changed in smart:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.