moparisthebest
/
pacman
mirror of https://github.com/moparisthebest/pacman
1
0
Fork 0
Code Issues Releases Wiki Activity

Use coreutils binaries for checking/generating checksums 

If pacman is build against a crypto library other than openssl, it makes no
sense to require makepkg to use it.

The only currently considered alternative to openssl is nettle, which has no
binary for base64 encode/decode. This means that we could replace the hashing
cacluations with nettle-hash, but would require base64 from coreutils.

Given makepkg already relies heavily on coreutils, we might as well use all
the coreutils hashing binaries too.

This patch also improves the checking of required binaries for hashing
operations.

Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Allan McRae 2016-10-11 23:04:25 +10:00
parent 603f087cd7
commit 577701250d
4 changed files with 27 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/libmakepkg/integrity/generate_checksum.sh.in
View File

@ -59,8 +59,8 @@ generate_one_checksum() {
if [[ $netfile != *.@(sig?(n)|asc) ]]; then if [[ $netfile != *.@(sig?(n)|asc) ]]; then
local file local file
file="$(get_filepath "$netfile")" || missing_source_file "$netfile" file="$(get_filepath "$netfile")" || missing_source_file "$netfile"
sum="$(openssl dgst -${integ} "$file")" sum="$("${integ}sum" "$file")"
sum=${sum##* } sum=${sum%% *}
else else
sum="SKIP" sum="SKIP"
fi fi
@ -80,11 +80,6 @@ generate_one_checksum() {
generate_checksums() { generate_checksums() {
msg "$(gettext "Generating checksums for source files...")" msg "$(gettext "Generating checksums for source files...")"
if ! type -p openssl >/dev/null; then
error "$(gettext "Cannot find the %s binary required for generating sourcefile checksums.")" "openssl"
exit 1 # $E_MISSING_PROGRAM
fi
local integlist local integlist
if (( $# == 0 )); then if (( $# == 0 )); then
IFS=$'\n' read -rd '' -a integlist < <(get_integlist) IFS=$'\n' read -rd '' -a integlist < <(get_integlist)

4
scripts/libmakepkg/integrity/verify_checksum.sh.in
View File

@ -82,8 +82,8 @@ verify_integrity_one() {
return 1 return 1
fi fi
local realsum="$(openssl dgst -${integ} "$file")" local realsum="$("${integ}sum" "$file")"
realsum="${realsum##* }" realsum="${realsum%% *}"
if [[ ${expectedsum,,} = "$realsum" ]]; then if [[ ${expectedsum,,} = "$realsum" ]]; then
printf '%s\n' "$(gettext "Passed")" >&2 printf '%s\n' "$(gettext "Passed")" >&2
else else

24
scripts/makepkg.sh.in
View File

@ -28,7 +28,7 @@
# makepkg uses quite a few external programs during its execution. You # makepkg uses quite a few external programs during its execution. You
# need to have at least the following installed for makepkg to function: # need to have at least the following installed for makepkg to function:
# awk, bsdtar (libarchive), bzip2, coreutils, fakeroot, file, find (findutils), # awk, bsdtar (libarchive), bzip2, coreutils, fakeroot, file, find (findutils),
# gettext, gpg, grep, gzip, openssl, sed, tput (ncurses), xz # gettext, gpg, grep, gzip, sed, tput (ncurses), xz
# gettext initialization # gettext initialization
export TEXTDOMAIN='pacman-scripts' export TEXTDOMAIN='pacman-scripts'
@ -658,8 +658,8 @@ write_buildinfo() {
printf "builddir = %s\n" "${BUILDDIR}" printf "builddir = %s\n" "${BUILDDIR}"
local sum="$(openssl dgst -sha256 "${BUILDFILE}")" local sum="$(sha256sum "${BUILDFILE}")"
sum=${sum##* } sum=${sum%% *}
printf "pkgbuild_sha256sum = %s\n" $sum printf "pkgbuild_sha256sum = %s\n" $sum
@ -1022,12 +1022,18 @@ check_software() {
fi fi
fi fi
# openssl - checksum operations # checksum operations
if (( ! SKIPCHECKSUMS )); then if (( GENINTEG || ! SKIPCHECKSUMS )); then
if ! type -p openssl >/dev/null; then local integlist
error "$(gettext "Cannot find the %s binary required for validating source file checksums.")" "openssl" IFS=$'\n' read -rd '' -a integlist < <(get_integlist)
ret=1
fi local integ
for integ in "${integlist[@]}"; do
if ! type -p "${integ}sum" >/dev/null; then
error "$(gettext "Cannot find the %s binary required for source file checksums operations.")" "${integ}sum"
ret=1
fi
done
fi fi
# distcc - compilation with distcc # distcc - compilation with distcc

16
scripts/repo-add.sh.in
View File

@ -151,8 +151,8 @@ db_write_delta() {
echo -e "%DELTAS%" >"$deltas" echo -e "%DELTAS%" >"$deltas"
fi fi
# get md5sum and compressed size of package # get md5sum and compressed size of package
md5sum=$(openssl dgst -md5 "$deltafile") md5sum=$(md5sum "$deltafile")
md5sum=${md5sum##* } md5sum=${md5sum%% *}
csize=$(@SIZECMD@ -L "$deltafile") csize=$(@SIZECMD@ -L "$deltafile")
oldfile=$(xdelta3 printhdr "$deltafile" | grep "XDELTA filename (source)" | sed 's/.*: *//') oldfile=$(xdelta3 printhdr "$deltafile" | grep "XDELTA filename (source)" | sed 's/.*: *//')
@ -374,17 +374,17 @@ db_write_entry() {
return 1 return 1
fi fi
msg2 "$(gettext "Adding package signature...")" msg2 "$(gettext "Adding package signature...")"
pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n') pgpsig=$(base64 "$pkgfile.sig" | tr -d '\n')
fi fi
csize=$(@SIZECMD@ -L "$pkgfile") csize=$(@SIZECMD@ -L "$pkgfile")
# compute checksums # compute checksums
msg2 "$(gettext "Computing checksums...")" msg2 "$(gettext "Computing checksums...")"
md5sum=$(openssl dgst -md5 "$pkgfile") md5sum=$(md5sum "$pkgfile")
md5sum=${md5sum##* } md5sum=${md5sum%% *}
sha256sum=$(openssl dgst -sha256 "$pkgfile") sha256sum=$(sha256sum "$pkgfile")
sha256sum=${sha256sum##* } sha256sum=${sha256sum%% *}
# remove an existing entry if it exists, ignore failures # remove an existing entry if it exists, ignore failures
db_remove_entry "$pkgname" db_remove_entry "$pkgname"
@ -501,7 +501,7 @@ elephant() {
"ZL9JFFZeAa0a2+lKjL2anpYfV+0Zx9LJ+/MC8nRayuDlSNy2rfAPibOzsiWHL0jL" \ "ZL9JFFZeAa0a2+lKjL2anpYfV+0Zx9LJ+/MC8nRayuDlSNy2rfAPibOzsiWHL0jL" \
"SsjFAQAA" "SsjFAQAA"
;; ;;
esac | openssl base64 -d | gzip -d esac | base64 -d | gzip -d
} }
prepare_repo_db() { prepare_repo_db() {