[PATCH] use SHA256 for image checksums - Development

14 Sep 2018

SHA1 is legacy crypto and known to be weak (collision attacks). Thereof,
SHA256 is used instead to provide strong checksums for verifying our
release images.
Partially fixes: #11345
Signed-off-by: Peter Müller peter.mueller@link38.eu
---
 webapp/backend/releases.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/webapp/backend/releases.py b/webapp/backend/releases.py
index 79e3468..fa63a44 100644
--- a/webapp/backend/releases.py
+++ b/webapp/backend/releases.py
@@ -279,16 +279,16 @@ class Release(Object):
    			return file
def __file_hash(self, filename):
-		sha1 = hashlib.sha1()
+		sha256 = hashlib.sha256()
with open(filename) as f:
    		buf_size = 1024
    		buf = f.read(buf_size)
    		while buf:
-				sha1.update(buf)
+				sha256.update(buf)
    			buf = f.read(buf_size)
-		return sha1.hexdigest()
+		return sha256.hexdigest()
def scan_files(self, basepath="/srv/mirror0"):
    	if not self.path:
-- 
2.16.4


    