From 630ec7268a6717c272e9e693f53f3f3733afcf1e Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 29 Nov 2012 11:09:47 +0100 Subject: abuild: use sha256 and sha512 sums instead of md5 ref #1484 --- abuild.in | 76 +++++++++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 19 deletions(-) (limited to 'abuild.in') diff --git a/abuild.in b/abuild.in index 10cd211..ad48b6c 100755 --- a/abuild.in +++ b/abuild.in @@ -217,31 +217,30 @@ sanitycheck() { default_sanitycheck } -md5check() { +sumcheck() { + local algo="$1" sums="$2" local dummy f endreturnval originalparams origin file - if [ -z "$source" ] && [ -z "$md5sums" ]; then - return 0 - fi - if [ -z "$md5sums" ]; then - die "Use 'abuild checksum' to generate/update the checksum(s)" - fi - if [ "$(echo $source | wc -l)" -ne "$(echo $md5sums | wc -l)" ]; then - die "Number of md5sums does not correspond to number of sources" + + # get number of checksums + set -- $sums + local numsums=$(( $# / 2 )) + + set -- $source + if [ $# -ne $numsums ]; then + die "Number of ${algo}sums($numsums) does not correspond to number of sources($#)" fi fetch || return 1 - msg "Checking md5sums..." + msg "Checking ${algo}sums..." cd "$srcdir" || return 1 IFS=$'\n' endreturnval=0 - originalparams=$@ - set -- $source - for src in $md5sums; do + for src in $sums; do origin=$1; shift - echo "$src" | md5sum -c + echo "$src" | ${algo}sum -c if [ $? -ne 0 ]; then endreturnval=1 is_remote $origin || continue - echo "Because the remote file above failed the md5sum check it will be deleted." + echo "Because the remote file above failed the ${algo}sum check it will be deleted." echo "Rebuilding will cause it to re-download which in some cases may fix the problem." file=`echo "$src" | sed 's/.*[ \t\n]\(.*\)/\1/'` echo "Deleting: $file" @@ -249,10 +248,33 @@ md5check() { fi done unset IFS - set -- $originalparams return $endreturnval } +# for compatibility +md5check() { + warning "'md5check' is deprecated. Use 'verify' instead" + sumcheck md5 "$md5sums" +} + +# verify checksums +verify() { + local verified=false algo= + for algo in md5 sha1 sha256 sha512; do + local sums= + eval sums=\"\$${algo}sums\" + if [ -z "$sums" ] || [ -z "$source" ]; then + continue + fi + sumcheck "$algo" "$sums" || return 1 + verified=true + done + if [ -n "$source" ] && ! $verified; then + die "Use 'abuild checksum' to generate/update the checksum(s)" + fi + return 0 +} + # verify upstream sources sourcecheck() { local uri @@ -1475,15 +1497,31 @@ builddeps() { # replace the md5sums in the APKBUILD checksum() { local s files + [ -z "$source" ] && [ -n "${md5sums}${sha256sums}${sha512sums}" ] \ + && msg "Removing checksums from APKBUILD" + sed -i -e '/^md5sums="/,/"\$/d; /^md5sums=''/,/''\$/d' "$APKBUILD" + sed -i -e '/^sha512sums="/,/"\$/d; /^sha512sums=''/,/''\$/d' "$APKBUILD" + sed -i -e '/^sha256sums="/,/"\$/d; /^sha256sums=''/,/''\$/d' "$APKBUILD" [ -z "$source" ] && return 0 fetch - msg "Updating the md5sums in APKBUILD..." for s in $source; do files="$files ${s##*/}" done + + # for compatibility/backporting reasons we still add md5sum + msg "Updating the md5sums in APKBUILD..." md5sums="$(cd "$srcdir" && md5sum $files)" || die "md5sum failed" - sed -i -e '/^md5sums="/,/"\$/d; /^md5sums=''/,/''\$/d' "$APKBUILD" echo "md5sums=\"$md5sums\"" >>"$APKBUILD" + + msg "Updating the sha256sums in APKBUILD..." + sha256sums="$(cd "$srcdir" && sha256sum $files)" \ + || die "sha256sum failed" + echo "sha256sums=\"$sha256sums\"" >>"$APKBUILD" + + msg "Updating the sha512sums in APKBUILD..." + sha512sums="$(cd "$srcdir" && sha512sum $files)" \ + || die "sha512sum failed" + echo "sha512sums=\"$sha512sums\"" >>"$APKBUILD" } stripbin() { @@ -1633,7 +1671,7 @@ usage() { echo " checksum Generate checksum to be included in APKBUILD" echo " fetch Fetch sources to \$SRCDEST and verify checksums" echo " sanitycheck Basic sanity check of APKBUILD" - echo " md5check Check md5sums" + echo " verify Verify checksums" echo " unpack Unpack sources to \$srcdir" echo " build Compile and install package into \$pkgdir" echo " listpkg List target packages" -- cgit v1.2.3-60-g2f50