On Fri, May 30, 2008 at 2:52 PM, Sebastian Nowicki <[EMAIL PROTECTED]> wrote:
> md5sum, sha1sum, etc, do not exist on BSD systems by default. Openssl is
> a good portable alternative, but it does not support sha256, sha384, or
> sha512. This also brings in a dependency for openssl.
>
> Signed-off-by: Sebastian Nowicki <[EMAIL PROTECTED]>
> ---
> doc/makepkg.conf.5.txt | 2 +-
> etc/makepkg.conf.in | 2 +-
> scripts/makepkg.sh.in | 8 ++++----
> 3 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt
> index 113ad14..c662568 100644
> --- a/doc/makepkg.conf.5.txt
> +++ b/doc/makepkg.conf.5.txt
> @@ -126,7 +126,7 @@ Options
> **INTEGRITY_CHECK=(**check1 ...**)**::
> File integrity checks to use. Multiple checks may be specified; this
> affects both generation and checking. The current valid options are:
> - `md5`, `sha1`, `sha256`, `sha384`, and `sha512`.
> + `md5` and `sha1`.
>
> **DOC_DIRS=(**usr/{,share/}{info,doc} ...**)**::
> If "!docs" is specified in the OPTIONS array, this variable will
> diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in
> index 47ed0a4..62dc496 100644
> --- a/etc/makepkg.conf.in
> +++ b/etc/makepkg.conf.in
> @@ -69,7 +69,7 @@ BUILDENV=(fakeroot !distcc color !ccache !xdelta)
> #
> OPTIONS=(strip !docs libtool emptydirs zipman)
>
> -#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
> +#-- File integrity checks to use. Valid: md5, sha1
> INTEGRITY_CHECK=(md5)
> #-- Info and doc directories to remove (if option set correctly above)
> DOC_DIRS=(usr/{,share/}{info,doc,gtk-doc} opt/*/{info,doc,gtk-doc})
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index 6e2f1ad..aaf1ad6 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -474,7 +474,7 @@ generate_checksums() {
> for integ in [EMAIL PROTECTED]; do
> integ="$(echo $integ | tr [:upper:] [:lower:])"
> case "$integ" in
> - md5|sha1|sha256|sha384|sha512) : ;;
> + md5|sha1) : ;;
> *)
> error "$(gettext "Invalid integrity algorithm
> '%s' specified.")" "$integ"
> exit 1;; # $E_CONFIG_ERROR
> @@ -510,7 +510,7 @@ generate_checksums() {
> fi
> fi
>
> - local sum="$(${integ}sum "$file" | cut -d ' ' -f 1)"
> + local sum="$(openssl dgst -${integ} "$file" | awk
> '{print $2}')"
> [ $ct -gt 0 ] && echo -n "$indent"
> echo -n "'$sum'"
> ct=$(($ct+1))
> @@ -526,7 +526,7 @@ check_checksums() {
> for integ in [EMAIL PROTECTED]; do
> integ="$(echo $integ | tr [:upper:] [:lower:])"
> case "$integ" in
> - md5|sha1|sha256|sha384|sha512) : ;;
> + md5|sha1) : ;;
> *)
> error "$(gettext "Invalid integrity algorithm
> '%s' specified")" "$integ"
> exit 1;; # $E_CONFIG_ERROR
> @@ -557,7 +557,7 @@ check_checksums() {
> fi
> fi
>
> - if echo "${integrity_sums[$idx]} $file" |
> ${integ}sum --status -c - &>/dev/null; then
> + if [ "${integrity_sums[$idx]}" = "$(openssl
> dgst -${integ} "$file" | awk '{print $2}')" ]; then
> echo "$(gettext "Passed")" >&2
> else
> echo "$(gettext "FAILED")" >&2
> --
Ok, can we take a slightly different approach to this in order to not
reduce functionality? How about we check for the existence of the
${integ}sum programs first (or at least the one we need), and then
somehow fall back to the openssl binary if necessary? If we have an
array of sha256 sums, then we would spit a big warning saying we could
not verify these sums due to us not having a program to verify them.
Of course, I have no idea how easy this is, but I'm really against
loosing functionality.
-Dan
_______________________________________________
pacman-dev mailing list
[email protected]
http://archlinux.org/mailman/listinfo/pacman-dev
