Re: pkg_info -X: Add FILE_CKSUM (sha256)

To: Benny Siegert <bsiegert%netbsd.org@localhost>
Subject: Re: pkg_info -X: Add FILE_CKSUM (sha256)
From: Taylor R Campbell <campbell%mumble.net@localhost>
Date: Sat, 17 Jan 2026 20:45:26 +0000

> Date: Sat, 17 Jan 2026 09:44:11 +0000 (UTC)
> From: Benny Siegert <bsiegert%netbsd.org@localhost>
> 
> On Sat, 17 Jan 2026, Jonathan Perkin wrote:
> 
> > Not yet.  Taylor has an open PR for this, but I owe him a review (I don't 
> > like making it an error for pkg_summary not to have checksums).
> 
> Makes sense. The behavior I would like to see (I think) is:
> 
> If there is a checksum line in the summary, check the sum and refuse to 
> install the package if it does not match.
> 
> If there is no checksum line for the package in the summary, skip 
> checking.

Here is what I proposed for pkgin:

https://github.com/NetBSDfr/pkgin/pull/141

> Refuse to download packages without hashes, unless the environment
> variable PKGIN_ALLOW_UNHASHED is set.
> 
> This is important for detecting version rollback attacks --
> verifying a signature on the package itself doesn't help, because
> the old one also has a valid signature.
> 
> Relies on patch proposed for pkg_install to make pkg_info -X
> generate the FILE_CKSUM lines:
> https://mail-index.NetBSD.org/tech-pkg/2026/01/06/msg031853.html
> 
> (Based on #140 to make schema changes easier and more reliable.)

Note that these hashes don't _avoid_ problems with nonatomic upload.
But they do _detect_ problems with nonatomic upload.

Follow-Ups:
- Re: pkg_info -X: Add FILE_CKSUM (sha256)
  - From: Taylor R Campbell

References:
- Re: pkg_info -X: Add FILE_CKSUM (sha256)
  - From: Benny Siegert

Prev by Date: Re: pkg_info -X: Add FILE_CKSUM (sha256)
Next by Date: Re: pkg_info -X: Add FILE_CKSUM (sha256)
Previous by Thread: Re: pkg_info -X: Add FILE_CKSUM (sha256)
Next by Thread: Re: pkg_info -X: Add FILE_CKSUM (sha256)
Indexes:

Home | Main Index | Thread Index | Old Index