[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Hash algorithms used by APT to verify authenticity of installed files.


Release files contain MD5, SHA1, and SHA256 

hashes. Same with Packages, Packages.gz and 


I would like to know what hash algo is used by APT 

to verify authenticity of downloaded files when 

issuing "aptitude update" or "apt-get update" and 

when instaling packages and security fixes.

Does it fallback to weaker algorithm, if the hash 

made with stronger one is not avaible? Is there a 

way to force APT to use only selected algorithms 

so APT only accepts files verified by choosen 

algorithms, and  rejects files when required 

hashes are unavaible?

Could you point me to specific portions of 

documentation that covers this issue? Man pages of 

apt and apt-secure , dont mention it (at least in 

case of lenny), and I didnt have luck in finding 

the answer in other places.

Thanks in advance for help.

Zaloguj się i zagraj w najlepsze gry!
Sprawdz >> http://linkint.pl/f2988

Reply to: