use SHA256 for image checksums
Commit Message
SHA1 is legacy crypto and known to be weak (collision attacks). Thereof,
SHA256 is used instead to provide strong checksums for verifying our
release images.
Partially fixes: #11345
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
webapp/backend/releases.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
@@ -279,16 +279,16 @@ class Release(Object):
return file
def __file_hash(self, filename):
- sha1 = hashlib.sha1()
+ sha256 = hashlib.sha256()
with open(filename) as f:
buf_size = 1024
buf = f.read(buf_size)
while buf:
- sha1.update(buf)
+ sha256.update(buf)
buf = f.read(buf_size)
- return sha1.hexdigest()
+ return sha256.hexdigest()
def scan_files(self, basepath="/srv/mirror0"):
if not self.path: