Re: Bug#932943: Missing SHA512 and gpg signature

To: debian-cloud@lists.debian.org
Subject: Re: Bug#932943: Missing SHA512 and gpg signature
From: Bastian Blank <waldi@debian.org>
Date: Tue, 6 Aug 2019 10:30:57 +0200
Message-id: <[🔎] 20190806083057.7an2eiee3wd55yl4@shell.thinkmo.de>
Mail-followup-to: debian-cloud@lists.debian.org
In-reply-to: <[🔎] af92191a-c77a-a7b0-d75a-3784a8c19aeb@debian.org>
References: <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] 944c22ae-a143-828b-8a47-9569f24bd848@debian.org> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] 20190804162930.yr4we3rgr2tp2w3x@shell.thinkmo.de> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] af92191a-c77a-a7b0-d75a-3784a8c19aeb@debian.org>

On Mon, Aug 05, 2019 at 10:07:46AM +0200, Thomas Goirand wrote:
> Unfortunately, OpenStack Glance only shows SHA512, not SHA3, so even if
> we do both, we must keep SHA2 512.

What does Glance show and how does this relate on what we use to allow
verification of the downloaded images?

My (old) Glance reports this:

| +------------------+--------------------------------------+
| | Property         | Value                                |
| +------------------+--------------------------------------+
| | architecture     | x86_64                               |
| | checksum         | 90e94dc3687292c33b931aee4b58ee8a     |
| | container_format | bare                                 |
| | created_at       | 2018-08-03T07:59:16Z                 |
| | disk_format      | qcow2                                |
| | id               | f77594ee-642e-4343-9884-9599fbc8f481 |
| | min_disk         | 0                                    |
| | min_ram          | 0                                    |
| | name             | Debian 9 -- 20180803                 |
| | owner            | f681c65dc978473c814ff7aa4fdc75cb     |
| | protected        | False                                |
| | size             | 623210496                            |
| | status           | active                               |
| | tags             | []                                   |
| | updated_at       | 2018-08-03T07:59:29Z                 |
| | virtual_size     | Not available                        |
| | visibility       | public                               |
| +------------------+--------------------------------------+

There is a "checksum" field.  However I don't see what kind of checksum
this should be or what this checksum is calculated from (I uploaded a
qcow2).

Regards,
Bastian

-- 
Yes, it is written.  Good shall always destroy evil.
		-- Sirah the Yang, "The Omega Glory", stardate unknown

Reply to:

Follow-Ups:
- Re: Bug#932943: Missing SHA512 and gpg signature
  - From: Thomas Goirand <zigo@debian.org>

References:
- Bug#932943: Missing SHA512 and gpg signature
  - From: Chris Boot <bootc@debian.org>
- Bug#932943: Missing SHA512 and gpg signature
  - From: Bastian Blank <waldi@debian.org>
- Bug#932943: Missing SHA512 and gpg signature
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Re: Regular meeting of the team
Next by Date: Re: Bug#932943: Missing SHA512 and gpg signature
Previous by thread: Bug#932943: Missing SHA512 and gpg signature
Next by thread: Re: Bug#932943: Missing SHA512 and gpg signature
Index(es):
- Date
- Thread