summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorr00t <bts@square-r00t.net>2017-10-16 03:25:47 -0400
committerr00t <bts@square-r00t.net>2017-10-16 03:25:47 -0400
commit614c1b3e6fcec0a66a42e1900330f67de4c7ff65 (patch)
tree6ef8b29772e372f1387914426d4aca4c14759b82
parent80d5d127cae3688822e82e9023a24d57874dcace (diff)
downloadBDisk-614c1b3e6fcec0a66a42e1900330f67de4c7ff65.tar.xz
update to remain compatible with https://lists.archlinux.org/pipermail/arch-releng/2017-October/003796.htmlv3.09
-rwxr-xr-xbdisk/bsync.py4
-rwxr-xr-xbdisk/build.py9
-rw-r--r--docs/manual/user/advanced/SSH.adoc4
3 files changed, 11 insertions, 6 deletions
diff --git a/bdisk/bsync.py b/bdisk/bsync.py
index 1f6573b..42e62a5 100755
--- a/bdisk/bsync.py
+++ b/bdisk/bsync.py
@@ -32,7 +32,7 @@ def http(conf):
datetime.datetime.now(),
httpdir))
for a in arch:
- for i in ('md5', 'sfs', 'sha256'):
+ for i in ('md5', 'sfs', 'sha256', 'sha512'):
httpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
httpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
if 'x86_64' in arch:
@@ -81,7 +81,7 @@ def tftp(conf):
datetime.datetime.now(),
tftpdir))
for a in arch:
- for i in ('md5', 'sfs', 'sha256'):
+ for i in ('md5', 'sfs', 'sha256', 'sha512'):
tftpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
tftpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
if 'x86_64' in arch:
diff --git a/bdisk/build.py b/bdisk/build.py
index 72c8b93..17d50e5 100755
--- a/bdisk/build.py
+++ b/bdisk/build.py
@@ -21,6 +21,7 @@ def genImg(conf):
basedir = build['basedir']
prepdir = build['prepdir']
hashes = {}
+ hashes['sha512'] = {}
hashes['sha256'] = {}
hashes['md5'] = {}
squashfses = []
@@ -52,9 +53,10 @@ def genImg(conf):
humanize.naturalsize(
os.path.getsize(squashimg))))
# Generate the checksum files
- print("{0}: [BUILD] Generating SHA256, MD5 checksums ({1})...".format(
- datetime.datetime.now(),
+ print("{0}: [BUILD] Generating SHA512 SHA256, MD5 checksums ({1})...".format(
+ datetime.datetime.now(),
squashimg))
+ hashes['sha512'][a] = hashlib.sha512()
hashes['sha256'][a] = hashlib.sha256()
hashes['md5'][a] = hashlib.md5()
with open(squashimg, 'rb') as f:
@@ -63,8 +65,11 @@ def genImg(conf):
if not stream:
break
# NOTE: these items are hashlib objects, NOT strings!
+ hashes['sha512'][a].update(stream)
hashes['sha256'][a].update(stream)
hashes['md5'][a].update(stream)
+ with open(airoot + 'airootfs.sha512', 'w+') as f:
+ f.write("{0} airootfs.sfs\n".format(hashes['sha512'][a].hexdigest()))
with open(airoot + 'airootfs.sha256', 'w+') as f:
f.write("{0} airootfs.sfs\n".format(hashes['sha256'][a].hexdigest()))
with open(airoot + 'airootfs.md5', 'w+') as f:
diff --git a/docs/manual/user/advanced/SSH.adoc b/docs/manual/user/advanced/SSH.adoc
index a599be0..57b0e01 100644
--- a/docs/manual/user/advanced/SSH.adoc
+++ b/docs/manual/user/advanced/SSH.adoc
@@ -17,7 +17,7 @@ First, create a file: `<basedir>/overlay/etc/ssh/sshd_config` using the followin
Subsystem sftp /usr/lib/ssh/sftp-server
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
- MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
+ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
We'll also want to implement a more secure `ssh_config` file to avoid possible leaks. The following is `<basedir>/overlay/etc/ssh/ssh_config`:
@@ -28,7 +28,7 @@ We'll also want to implement a more secure `ssh_config` file to avoid possible l
PubkeyAuthentication yes
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
- MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
+ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
We'll want to create our own moduli. This can take a long time, but only needs to be done once -- it doesn't need to be done for every build. The following commands should be run in `<basedir>/overlay/etc/ssh/`: