Hash algorithms used by APT to verify authenticity of installed files.
Hi
Release files contain MD5, SHA1, and SHA256
hashes. Same with Packages, Packages.gz and
Packages.bz2.
I would like to know what hash algo is used by APT
to verify authenticity of downloaded files when
issuing "aptitude update" or "apt-get update" and
when instaling packages and security fixes.
Does it fallback to weaker algorithm, if the hash
made with stronger one is not avaible? Is there a
way to force APT to use only selected algorithms
so APT only accepts files verified by choosen
algorithms, and rejects files when required
hashes are unavaible?
Could you point me to specific portions of
documentation that covers this issue? Man pages of
apt and apt-secure , dont mention it (at least in
case of lenny), and I didnt have luck in finding
the answer in other places.
Thanks in advance for help.
------------------------------------------------------------
Zaloguj się i zagraj w najlepsze gry!
Sprawdz >> http://linkint.pl/f2988
Reply to: