update to remain compatible with https://lists.archlinux.org/pipermail/arch-releng/2017-October/003796.html
This commit is contained in:
parent
80d5d127ca
commit
614c1b3e6f
@ -32,7 +32,7 @@ def http(conf):
|
|||||||
datetime.datetime.now(),
|
datetime.datetime.now(),
|
||||||
httpdir))
|
httpdir))
|
||||||
for a in arch:
|
for a in arch:
|
||||||
for i in ('md5', 'sfs', 'sha256'):
|
for i in ('md5', 'sfs', 'sha256', 'sha512'):
|
||||||
httpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
|
httpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
|
||||||
httpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
|
httpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
|
||||||
if 'x86_64' in arch:
|
if 'x86_64' in arch:
|
||||||
@ -81,7 +81,7 @@ def tftp(conf):
|
|||||||
datetime.datetime.now(),
|
datetime.datetime.now(),
|
||||||
tftpdir))
|
tftpdir))
|
||||||
for a in arch:
|
for a in arch:
|
||||||
for i in ('md5', 'sfs', 'sha256'):
|
for i in ('md5', 'sfs', 'sha256', 'sha512'):
|
||||||
tftpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
|
tftpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
|
||||||
tftpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
|
tftpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
|
||||||
if 'x86_64' in arch:
|
if 'x86_64' in arch:
|
||||||
|
@ -21,6 +21,7 @@ def genImg(conf):
|
|||||||
basedir = build['basedir']
|
basedir = build['basedir']
|
||||||
prepdir = build['prepdir']
|
prepdir = build['prepdir']
|
||||||
hashes = {}
|
hashes = {}
|
||||||
|
hashes['sha512'] = {}
|
||||||
hashes['sha256'] = {}
|
hashes['sha256'] = {}
|
||||||
hashes['md5'] = {}
|
hashes['md5'] = {}
|
||||||
squashfses = []
|
squashfses = []
|
||||||
@ -52,9 +53,10 @@ def genImg(conf):
|
|||||||
humanize.naturalsize(
|
humanize.naturalsize(
|
||||||
os.path.getsize(squashimg))))
|
os.path.getsize(squashimg))))
|
||||||
# Generate the checksum files
|
# Generate the checksum files
|
||||||
print("{0}: [BUILD] Generating SHA256, MD5 checksums ({1})...".format(
|
print("{0}: [BUILD] Generating SHA512 SHA256, MD5 checksums ({1})...".format(
|
||||||
datetime.datetime.now(),
|
datetime.datetime.now(),
|
||||||
squashimg))
|
squashimg))
|
||||||
|
hashes['sha512'][a] = hashlib.sha512()
|
||||||
hashes['sha256'][a] = hashlib.sha256()
|
hashes['sha256'][a] = hashlib.sha256()
|
||||||
hashes['md5'][a] = hashlib.md5()
|
hashes['md5'][a] = hashlib.md5()
|
||||||
with open(squashimg, 'rb') as f:
|
with open(squashimg, 'rb') as f:
|
||||||
@ -63,8 +65,11 @@ def genImg(conf):
|
|||||||
if not stream:
|
if not stream:
|
||||||
break
|
break
|
||||||
# NOTE: these items are hashlib objects, NOT strings!
|
# NOTE: these items are hashlib objects, NOT strings!
|
||||||
|
hashes['sha512'][a].update(stream)
|
||||||
hashes['sha256'][a].update(stream)
|
hashes['sha256'][a].update(stream)
|
||||||
hashes['md5'][a].update(stream)
|
hashes['md5'][a].update(stream)
|
||||||
|
with open(airoot + 'airootfs.sha512', 'w+') as f:
|
||||||
|
f.write("{0} airootfs.sfs\n".format(hashes['sha512'][a].hexdigest()))
|
||||||
with open(airoot + 'airootfs.sha256', 'w+') as f:
|
with open(airoot + 'airootfs.sha256', 'w+') as f:
|
||||||
f.write("{0} airootfs.sfs\n".format(hashes['sha256'][a].hexdigest()))
|
f.write("{0} airootfs.sfs\n".format(hashes['sha256'][a].hexdigest()))
|
||||||
with open(airoot + 'airootfs.md5', 'w+') as f:
|
with open(airoot + 'airootfs.md5', 'w+') as f:
|
||||||
|
@ -17,7 +17,7 @@ First, create a file: `<basedir>/overlay/etc/ssh/sshd_config` using the followin
|
|||||||
Subsystem sftp /usr/lib/ssh/sftp-server
|
Subsystem sftp /usr/lib/ssh/sftp-server
|
||||||
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
|
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
|
||||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
||||||
|
|
||||||
We'll also want to implement a more secure `ssh_config` file to avoid possible leaks. The following is `<basedir>/overlay/etc/ssh/ssh_config`:
|
We'll also want to implement a more secure `ssh_config` file to avoid possible leaks. The following is `<basedir>/overlay/etc/ssh/ssh_config`:
|
||||||
|
|
||||||
@ -28,7 +28,7 @@ We'll also want to implement a more secure `ssh_config` file to avoid possible l
|
|||||||
PubkeyAuthentication yes
|
PubkeyAuthentication yes
|
||||||
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
|
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
|
||||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
||||||
|
|
||||||
We'll want to create our own moduli. This can take a long time, but only needs to be done once -- it doesn't need to be done for every build. The following commands should be run in `<basedir>/overlay/etc/ssh/`:
|
We'll want to create our own moduli. This can take a long time, but only needs to be done once -- it doesn't need to be done for every build. The following commands should be run in `<basedir>/overlay/etc/ssh/`:
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user