update to remain compatible with https://lists.archlinux.org/pipermail/arch-releng/2017-October/003796.html
This commit is contained in:
parent
80d5d127ca
commit
614c1b3e6f
@ -32,7 +32,7 @@ def http(conf):
|
||||
datetime.datetime.now(),
|
||||
httpdir))
|
||||
for a in arch:
|
||||
for i in ('md5', 'sfs', 'sha256'):
|
||||
for i in ('md5', 'sfs', 'sha256', 'sha512'):
|
||||
httpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
|
||||
httpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
|
||||
if 'x86_64' in arch:
|
||||
@ -81,7 +81,7 @@ def tftp(conf):
|
||||
datetime.datetime.now(),
|
||||
tftpdir))
|
||||
for a in arch:
|
||||
for i in ('md5', 'sfs', 'sha256'):
|
||||
for i in ('md5', 'sfs', 'sha256', 'sha512'):
|
||||
tftpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
|
||||
tftpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
|
||||
if 'x86_64' in arch:
|
||||
|
@ -21,6 +21,7 @@ def genImg(conf):
|
||||
basedir = build['basedir']
|
||||
prepdir = build['prepdir']
|
||||
hashes = {}
|
||||
hashes['sha512'] = {}
|
||||
hashes['sha256'] = {}
|
||||
hashes['md5'] = {}
|
||||
squashfses = []
|
||||
@ -52,9 +53,10 @@ def genImg(conf):
|
||||
humanize.naturalsize(
|
||||
os.path.getsize(squashimg))))
|
||||
# Generate the checksum files
|
||||
print("{0}: [BUILD] Generating SHA256, MD5 checksums ({1})...".format(
|
||||
datetime.datetime.now(),
|
||||
print("{0}: [BUILD] Generating SHA512 SHA256, MD5 checksums ({1})...".format(
|
||||
datetime.datetime.now(),
|
||||
squashimg))
|
||||
hashes['sha512'][a] = hashlib.sha512()
|
||||
hashes['sha256'][a] = hashlib.sha256()
|
||||
hashes['md5'][a] = hashlib.md5()
|
||||
with open(squashimg, 'rb') as f:
|
||||
@ -63,8 +65,11 @@ def genImg(conf):
|
||||
if not stream:
|
||||
break
|
||||
# NOTE: these items are hashlib objects, NOT strings!
|
||||
hashes['sha512'][a].update(stream)
|
||||
hashes['sha256'][a].update(stream)
|
||||
hashes['md5'][a].update(stream)
|
||||
with open(airoot + 'airootfs.sha512', 'w+') as f:
|
||||
f.write("{0} airootfs.sfs\n".format(hashes['sha512'][a].hexdigest()))
|
||||
with open(airoot + 'airootfs.sha256', 'w+') as f:
|
||||
f.write("{0} airootfs.sfs\n".format(hashes['sha256'][a].hexdigest()))
|
||||
with open(airoot + 'airootfs.md5', 'w+') as f:
|
||||
|
@ -17,7 +17,7 @@ First, create a file: `<basedir>/overlay/etc/ssh/sshd_config` using the followin
|
||||
Subsystem sftp /usr/lib/ssh/sftp-server
|
||||
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
||||
|
||||
We'll also want to implement a more secure `ssh_config` file to avoid possible leaks. The following is `<basedir>/overlay/etc/ssh/ssh_config`:
|
||||
|
||||
@ -28,7 +28,7 @@ We'll also want to implement a more secure `ssh_config` file to avoid possible l
|
||||
PubkeyAuthentication yes
|
||||
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
||||
|
||||
We'll want to create our own moduli. This can take a long time, but only needs to be done once -- it doesn't need to be done for every build. The following commands should be run in `<basedir>/overlay/etc/ssh/`:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user