summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Wilcox <AWilcox@Wilcox-Tech.com>2016-01-24 02:03:21 -0600
committerAndrew Wilcox <AWilcox@Wilcox-Tech.com>2016-01-24 02:03:21 -0600
commitce08c4a8bed21dd61229556b105dc1d4c779d607 (patch)
treecaa4f6e5b66af186f15db5bb1dfb7e5fe2fbc259
parenta7614714fbd6e7fc9b87636d0ec02dc84815e12c (diff)
downloadpackages-ce08c4a8bed21dd61229556b105dc1d4c779d607.tar.gz
packages-ce08c4a8bed21dd61229556b105dc1d4c779d607.tar.bz2
packages-ce08c4a8bed21dd61229556b105dc1d4c779d607.tar.xz
packages-ce08c4a8bed21dd61229556b105dc1d4c779d607.zip
sys-apps/apk-tools: patch: force SHA256 instead of SHA1 for signing
-rw-r--r--sys-apps/apk-tools/Manifest3
-rw-r--r--sys-apps/apk-tools/apk-tools-2.6.4.ebuild9
-rw-r--r--sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch52
3 files changed, 58 insertions, 6 deletions
diff --git a/sys-apps/apk-tools/Manifest b/sys-apps/apk-tools/Manifest
index 2bcfdda7c..2ebf99a31 100644
--- a/sys-apps/apk-tools/Manifest
+++ b/sys-apps/apk-tools/Manifest
@@ -1,4 +1 @@
-AUX apk-tools-2.6.4-glibc-add-missing-headers.patch 250 SHA256 568eecdf3d4e7fb7e7dff6e0ca6c4c56b7ed1939fc159228805e964b268e55ca SHA512 b0172ece44815a4b89075f95b2b83ce47200536592d7a863732388de8b73b151d15d99a9875a9c74a3ea975e2bfde020e0bcf15c6103586d40569d9b7525c042 WHIRLPOOL a24ee803522aedd5bbab7ef696740a1d4f9bf9d3b7ddd3130cbc128ba688a30f4e5251044c3806af7fdba229ea75bba3dfd918597a518db576720927c085ab7f
DIST apk-tools-2.6.4.tar.bz2 81902 SHA256 0f52b96c5b8b5ad6f710610d8f21dcfb275795e1f282418a6f9953c02f41312e SHA512 efff745ae625aae7bec0c4f45c877e9f1e12860324a492d950358ba0ecb07ca13c8c963a078118692e7edc3a19053fee307bcfd0a730f7ed6e497c2dc7df16d6 WHIRLPOOL 5a879dd63f7da34c5ed687d20fba7e3873d7bed51a5c27f4144becc5b6ba8c7f15edc189b55ddec7449f075203043ef6b10e5293573918e9bc938d4fd4b0fa1c
-EBUILD apk-tools-2.6.4.ebuild 1101 SHA256 864ec9eaaafb135ad9696a772cbd6d797094434be2679d9a813b370f5a5b78f2 SHA512 332f8754006a90602e0bf4b9b176c063b0729c56fb2873e9ab1ec5cc83cd32ebc7819745758d1ff9d67ea2a9985b1f94618bb8c62801e8c334b0008be76beba8 WHIRLPOOL bb5fb68a50da6ca651bc5b44b7e42ed0e4c3d1ba95461287fb2a17203f768df54ae99490c9e09eeffade609c66e663bcdd22628ed14fb4cdf4f6c94608e8f03b
-MISC metadata.xml 279 SHA256 39f4ad67c5455abfea7aa3bd906e40b688d5203f9dacd375c1a146d0a1fece2d SHA512 790fd7853b501b8076829d15b88ef130416252732db389109c1497266699f3224d394b1c91d90cd76481e36ee79d8444571878cc76ccef4c82328d54b5dd0c26 WHIRLPOOL 9474d591fde0aeba07b3011fe6241bc13b5c5d67a2f142ffdf9823dc12d47e7144e1e3b297e4d0baa2710a33a7ccddfa666f563c8f35c9053db83ae84140847a
diff --git a/sys-apps/apk-tools/apk-tools-2.6.4.ebuild b/sys-apps/apk-tools/apk-tools-2.6.4.ebuild
index 4c9249c76..cae86e458 100644
--- a/sys-apps/apk-tools/apk-tools-2.6.4.ebuild
+++ b/sys-apps/apk-tools/apk-tools-2.6.4.ebuild
@@ -23,7 +23,10 @@ RDEPEND="${DEPEND}
"
# lua? ( dev-lang/lua:5.2 )
-EPATCH_SOURCE=( "${FILESDIR}"/${P}-glibc-add-missing-headers.patch )
+EPATCH_SOURCE=(
+ "${FILESDIR}"/${P}-glibc-add-missing-headers.patch
+ "${FILESDIR}"/${P}-use-sha256-signature.patch
+ )
src_prepare() {
epatch
@@ -31,10 +34,10 @@ src_prepare() {
}
src_configure() {
- if ! use lua; then
+ #if ! use lua; then
echo 'LUAAPK=' >> "${S}"/config.mk
echo 'export LUAAPK' >> "${S}"/config.mk
- fi
+ #fi
}
src_compile () {
diff --git a/sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch b/sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch
new file mode 100644
index 000000000..e13f8b563
--- /dev/null
+++ b/sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch
@@ -0,0 +1,52 @@
+From 0984ca854ce4b9fddbf1dc7503058406ded6e2cc Mon Sep 17 00:00:00 2001
+From: Andrew Wilcox <AWilcox@Wilcox-Tech.com>
+Date: Sun, 18 Oct 2015 11:19:36 -0500
+Subject: [PATCH] package: use SHA256 for signature instead of SHA1
+
+---
+ src/apk_blob.h | 2 +-
+ src/package.c | 8 ++------
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/apk_blob.h b/src/apk_blob.h
+index 2d2e30e..a879d27 100644
+--- a/src/apk_blob.h
++++ b/src/apk_blob.h
+@@ -41,7 +41,7 @@ extern apk_blob_t apk_null_blob;
+
+ /* Internal cointainer for MD5 or SHA1 */
+ struct apk_checksum {
+- unsigned char data[20];
++ unsigned char data[40];
+ unsigned char type;
+ };
+
+diff --git a/src/package.c b/src/package.c
+index 24a4f94..14993b3 100644
+--- a/src/package.c
++++ b/src/package.c
+@@ -570,8 +570,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
+ if (ctx->keys_fd < 0)
+ return 0;
+
+- if (strncmp(&fi->name[6], "RSA.", 4) == 0 ||
+- strncmp(&fi->name[6], "DSA.", 4) == 0) {
++ if (strncmp(&fi->name[6], "RSA.", 4) == 0) {
+ int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC);
+ BIO *bio;
+
+@@ -581,10 +580,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
+ bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE);
+ ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+ if (ctx->signature.pkey != NULL) {
+- if (fi->name[6] == 'R')
+- ctx->md = EVP_sha1();
+- else
+- ctx->md = EVP_dss1();
++ ctx->md = EVP_sha256();
+ }
+ BIO_free(bio);
+ } else
+--
+2.7.0
+