From 630ec7268a6717c272e9e693f53f3f3733afcf1e Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Thu, 29 Nov 2012 11:09:47 +0100
Subject: abuild: use sha256 and sha512 sums instead of md5
ref #1484
---
abuild.in | 76 +++++++++++++++++++++++++++++++++++++++++++++++----------------
1 file changed, 57 insertions(+), 19 deletions(-)
diff --git a/abuild.in b/abuild.in
index 10cd211..ad48b6c 100755
--- a/abuild.in
+++ b/abuild.in
@@ -217,31 +217,30 @@ sanitycheck() {
default_sanitycheck
}
-md5check() {
+sumcheck() {
+ local algo="$1" sums="$2"
local dummy f endreturnval originalparams origin file
- if [ -z "$source" ] && [ -z "$md5sums" ]; then
- return 0
- fi
- if [ -z "$md5sums" ]; then
- die "Use 'abuild checksum' to generate/update the checksum(s)"
- fi
- if [ "$(echo $source | wc -l)" -ne "$(echo $md5sums | wc -l)" ]; then
- die "Number of md5sums does not correspond to number of sources"
+
+ # get number of checksums
+ set -- $sums
+ local numsums=$(( $# / 2 ))
+
+ set -- $source
+ if [ $# -ne $numsums ]; then
+ die "Number of ${algo}sums($numsums) does not correspond to number of sources($#)"
fi
fetch || return 1
- msg "Checking md5sums..."
+ msg "Checking ${algo}sums..."
cd "$srcdir" || return 1
IFS=$'\n'
endreturnval=0
- originalparams=$@
- set -- $source
- for src in $md5sums; do
+ for src in $sums; do
origin=$1; shift
- echo "$src" | md5sum -c
+ echo "$src" | ${algo}sum -c
if [ $? -ne 0 ]; then
endreturnval=1
is_remote $origin || continue
- echo "Because the remote file above failed the md5sum check it will be deleted."
+ echo "Because the remote file above failed the ${algo}sum check it will be deleted."
echo "Rebuilding will cause it to re-download which in some cases may fix the problem."
file=`echo "$src" | sed 's/.*[ \t\n]\(.*\)/\1/'`
echo "Deleting: $file"
@@ -249,10 +248,33 @@ md5check() {
fi
done
unset IFS
- set -- $originalparams
return $endreturnval
}
+# for compatibility
+md5check() {
+ warning "'md5check' is deprecated. Use 'verify' instead"
+ sumcheck md5 "$md5sums"
+}
+
+# verify checksums
+verify() {
+ local verified=false algo=
+ for algo in md5 sha1 sha256 sha512; do
+ local sums=
+ eval sums=\"\$${algo}sums\"
+ if [ -z "$sums" ] || [ -z "$source" ]; then
+ continue
+ fi
+ sumcheck "$algo" "$sums" || return 1
+ verified=true
+ done
+ if [ -n "$source" ] && ! $verified; then
+ die "Use 'abuild checksum' to generate/update the checksum(s)"
+ fi
+ return 0
+}
+
# verify upstream sources
sourcecheck() {
local uri
@@ -1475,15 +1497,31 @@ builddeps() {
# replace the md5sums in the APKBUILD
checksum() {
local s files
+ [ -z "$source" ] && [ -n "${md5sums}${sha256sums}${sha512sums}" ] \
+ && msg "Removing checksums from APKBUILD"
+ sed -i -e '/^md5sums="/,/"\$/d; /^md5sums=''/,/''\$/d' "$APKBUILD"
+ sed -i -e '/^sha512sums="/,/"\$/d; /^sha512sums=''/,/''\$/d' "$APKBUILD"
+ sed -i -e '/^sha256sums="/,/"\$/d; /^sha256sums=''/,/''\$/d' "$APKBUILD"
[ -z "$source" ] && return 0
fetch
- msg "Updating the md5sums in APKBUILD..."
for s in $source; do
files="$files ${s##*/}"
done
+
+ # for compatibility/backporting reasons we still add md5sum
+ msg "Updating the md5sums in APKBUILD..."
md5sums="$(cd "$srcdir" && md5sum $files)" || die "md5sum failed"
- sed -i -e '/^md5sums="/,/"\$/d; /^md5sums=''/,/''\$/d' "$APKBUILD"
echo "md5sums=\"$md5sums\"" >>"$APKBUILD"
+
+ msg "Updating the sha256sums in APKBUILD..."
+ sha256sums="$(cd "$srcdir" && sha256sum $files)" \
+ || die "sha256sum failed"
+ echo "sha256sums=\"$sha256sums\"" >>"$APKBUILD"
+
+ msg "Updating the sha512sums in APKBUILD..."
+ sha512sums="$(cd "$srcdir" && sha512sum $files)" \
+ || die "sha512sum failed"
+ echo "sha512sums=\"$sha512sums\"" >>"$APKBUILD"
}
stripbin() {
@@ -1633,7 +1671,7 @@ usage() {
echo " checksum Generate checksum to be included in APKBUILD"
echo " fetch Fetch sources to \$SRCDEST and verify checksums"
echo " sanitycheck Basic sanity check of APKBUILD"
- echo " md5check Check md5sums"
+ echo " verify Verify checksums"
echo " unpack Unpack sources to \$srcdir"
echo " build Compile and install package into \$pkgdir"
echo " listpkg List target packages"
--
cgit v1.2.3-70-g09d2