-
-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get rid of md5 support for fixed-output derivations #4491
Comments
This is not as trivial as i thought because nix-prefetch-url does not check if the downloaded archive is a valid archive. e.g. my update for cups is invalid because nix-prefetch-url just downloaded a HTML file instead of an tar.bz2. i will prepare a fix. At least for cups. Or should we revert commit ? |
Fixing cups is OK. |
👍 |
Can we broaden this to also deprecate sha1 for similar reasons? It's not as broken as md5, but it's also not considered particularly good when used for security purposes. |
Perhaps |
Unfortunately, some projects still publish signed lists of SHA1s and Another problem is that we don't seem to support SHA512: Firefox has |
Perhaps we could then include both, making the sha256 attribute mandatory? The sha1/md5 can be used to check against upstream lists, whereas the sha256 serves to give you certainty that what you're deploying is what you think it is. |
For firefox-bin the whole feasibility of including all the languages |
I think forbidding sha1 is a huge overkill ATM. In most packages there's even no way of securely retrieving the hash/tarball (no signature or https at least). If I wanted to attack nixpkgs, I'd become a contributor, so I'd get commit access relatively easily, and then I could sneak in whatever forged hashes I needed (unlikely to be noticed if done well). |
ATM the largest amount of md5 usage is from the new texlive, as its list of tarball hashes is taken from upstream and they only provide md5. However, the transformed fixed-output derivations use sha1 already, so md5 isn't really used by regular users. |
We also have LibreOffice dependency list which is MD5-from-upstream. |
It sounds like TeXLive is getting with the times: https://www.preining.info/blog/2016/01/tex-live-security-improvements/ |
@7c6f434c LibreOffice's main download page took me here: http://download.documentfoundation.org/libreoffice/stable/5.1.0/mac/x86_64/LibreOffice_5.1.0_MacOS_x86-64.dmg.mirrorlist which seems to provide a fine sha256. |
Yeah, LibreOffice provides those now; note that they also serve the hashes over https URL. |
It has around a metric ton of inner dependencies that are built in some |
Has anyone raised the issue upstream to see if they can just switch that
|
FWIW: I submitted a (long-merged) PR reducing the # of md5s down from 273 to 13, and sha1s from ?? to 0. I implemented it by taking the current URLs, fetching them, comparing md5s, then updating to sha256 only if they updated. |
The situation of non-python packages actually got worse (compared the the initial values):
Edit: It seems that is mainly because of |
We still need to implement deprecation (reverting 2ca8833) |
Well, technically you want to revert the removal of warnings. I think 2ca8833 has been effectively reverted in e3a8734 Is the plan now to apply 717ff85 once more? @domenkozar do you have better ideas? |
What if we just deleted support for specifying |
I think deprecation is supposed to annoy people with out-of-tree Nix packages to finally update with some time window, instead of abrupt disappearance of functionality? (I do not have any personal interest in NixPkgs fetch* MD5 support, though) |
We're going to need a new one of these for sha1... |
So signing git commits is useless now? EDIT: I just started doing so a couple months ago... |
Not fully useless (it's collision not preimage), and the attack is still pretty expensive, but I expect cost to go down significantly soon given how much relies on SHA1 nowadays. |
Well, actually when we sign git commits, we certify rather just the changes and not the whole history. (Noone's verifying signatures on ancestors AFAIK.) |
On 3fdd726 Total count of "md5 =" in nixpkgs is huge.
Libreoffice is top 1 project using md5.
Projects without libreoffice
None of them is a md5 hash. Good ! |
Should an issue for sha1 be opened ?
Node-packages are top 1 on sha1 ( svanderburg/node2nix#39 )
|
Libreoffice uses sha256 to check the download:
Example entry:
I don't see any remaining packages using md5 so I'd propose removing the support in the fetchers on master, fixing this in projects outside of nixpkgs is easy and shouldn't be used anyway. |
This typo was likely introduced by copy-pasting the error message from elsewhere and forgetting to change the text, during the MD5 deprecation process (NixOS#4491).
This bit me with Curseforge, where I'm generating nix code by scraping their download pages. They only provide MD5, and I don't want to download the files themselves; it'd take far too much bandwidth, and might get me banned. Could you reconsider disabling md5, or maybe gate it behind a __YES_I_REALLY_WANT_THIS type flag? The only alternatives I can see are to fork fetchurl, or to disable hash checking entirely, and I'd prefer to do neither. I've tried asking them to provide a better hash, but it doesn't seem like that will happen anytime soon, especially as the service has no official API. |
@Baughn Nix's builtin fetchurl still supports md5, so you may be able to do:
|
This typo was likely introduced by copy-pasting the error message from elsewhere and forgetting to change the text, during the MD5 deprecation process (NixOS#4491).
fixes NixOS#4491 (cherry picked from commit f57185d)
We're in 2014 and even universities have a course where students forge md5 hashes of files.
Biggest usage of md5 hashes in nixpkgs is python, followed by libreoffice (scripted install).
Observations:
nix-prefetch- should print out multiple hashes together with fetch functions supporting and verifying all of specified hashes
Q/A:
it is considered best practice to use it when that's what upstream provides
That's a very bad security practice. It trades user security for few seconds of maintainer time.
TODO
pkgs/games/steam/runtime-generated.nix
uses md5 during generationThe text was updated successfully, but these errors were encountered: