rmd160 deprecated with openssl 3
Chris Jones
jonesc at hep.phy.cam.ac.uk
Tue Nov 9 19:28:57 UTC 2021
Hi,
One thing that became apparent with the recent migration to openssl 3 is that rmd160 has been declared obsolete. Openssl3 has done this, and moved this algorithm to its ‘legacy’ set of providers, such that by default it is not available.
I ‘fixed’ this in the openssl3 port with
https://github.com/macports/macports-ports/commit/df5e1c619a6d1884ccf234d4e652d2303af09e35
But I am thinking the fact this is required should be taken as an indication that we should review our use of rmd160 in macports, in preparation for some future OS where it is no longer available. I am not imagining this will likely be ‘soon’, but I think its probably better we start planing for it sooner rather than later.
We use rmd160 in a few places in macports. A possibly incomplete list is
1. Its one of the default checksums we provide in portfiles to validate source tarballs.
2. Its the checksum we provide alongside out binary tarballs
I don’t think either of those is hard to ‘fix’. I.e. for 1. We could (should?) start recommending a different checksum to replace the rmd160 one we use. For 2., we could start publishing a second more modern checksum along side the rmd160 one, and then have base use this if present and fallback to rmd160 if missing.
Thoughts ?
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20211109/2f021ff7/attachment.htm>
More information about the macports-dev
mailing list