diff options
author | Andrew Wilcox <AWilcox@Wilcox-Tech.com> | 2016-01-24 02:03:21 -0600 |
---|---|---|
committer | Andrew Wilcox <AWilcox@Wilcox-Tech.com> | 2016-01-24 02:03:21 -0600 |
commit | ce08c4a8bed21dd61229556b105dc1d4c779d607 (patch) | |
tree | caa4f6e5b66af186f15db5bb1dfb7e5fe2fbc259 | |
parent | a7614714fbd6e7fc9b87636d0ec02dc84815e12c (diff) | |
download | packages-ce08c4a8bed21dd61229556b105dc1d4c779d607.tar.gz packages-ce08c4a8bed21dd61229556b105dc1d4c779d607.tar.bz2 packages-ce08c4a8bed21dd61229556b105dc1d4c779d607.tar.xz packages-ce08c4a8bed21dd61229556b105dc1d4c779d607.zip |
sys-apps/apk-tools: patch: force SHA256 instead of SHA1 for signing
-rw-r--r-- | sys-apps/apk-tools/Manifest | 3 | ||||
-rw-r--r-- | sys-apps/apk-tools/apk-tools-2.6.4.ebuild | 9 | ||||
-rw-r--r-- | sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch | 52 |
3 files changed, 58 insertions, 6 deletions
diff --git a/sys-apps/apk-tools/Manifest b/sys-apps/apk-tools/Manifest index 2bcfdda7c..2ebf99a31 100644 --- a/sys-apps/apk-tools/Manifest +++ b/sys-apps/apk-tools/Manifest @@ -1,4 +1 @@ -AUX apk-tools-2.6.4-glibc-add-missing-headers.patch 250 SHA256 568eecdf3d4e7fb7e7dff6e0ca6c4c56b7ed1939fc159228805e964b268e55ca SHA512 b0172ece44815a4b89075f95b2b83ce47200536592d7a863732388de8b73b151d15d99a9875a9c74a3ea975e2bfde020e0bcf15c6103586d40569d9b7525c042 WHIRLPOOL a24ee803522aedd5bbab7ef696740a1d4f9bf9d3b7ddd3130cbc128ba688a30f4e5251044c3806af7fdba229ea75bba3dfd918597a518db576720927c085ab7f DIST apk-tools-2.6.4.tar.bz2 81902 SHA256 0f52b96c5b8b5ad6f710610d8f21dcfb275795e1f282418a6f9953c02f41312e SHA512 efff745ae625aae7bec0c4f45c877e9f1e12860324a492d950358ba0ecb07ca13c8c963a078118692e7edc3a19053fee307bcfd0a730f7ed6e497c2dc7df16d6 WHIRLPOOL 5a879dd63f7da34c5ed687d20fba7e3873d7bed51a5c27f4144becc5b6ba8c7f15edc189b55ddec7449f075203043ef6b10e5293573918e9bc938d4fd4b0fa1c -EBUILD apk-tools-2.6.4.ebuild 1101 SHA256 864ec9eaaafb135ad9696a772cbd6d797094434be2679d9a813b370f5a5b78f2 SHA512 332f8754006a90602e0bf4b9b176c063b0729c56fb2873e9ab1ec5cc83cd32ebc7819745758d1ff9d67ea2a9985b1f94618bb8c62801e8c334b0008be76beba8 WHIRLPOOL bb5fb68a50da6ca651bc5b44b7e42ed0e4c3d1ba95461287fb2a17203f768df54ae99490c9e09eeffade609c66e663bcdd22628ed14fb4cdf4f6c94608e8f03b -MISC metadata.xml 279 SHA256 39f4ad67c5455abfea7aa3bd906e40b688d5203f9dacd375c1a146d0a1fece2d SHA512 790fd7853b501b8076829d15b88ef130416252732db389109c1497266699f3224d394b1c91d90cd76481e36ee79d8444571878cc76ccef4c82328d54b5dd0c26 WHIRLPOOL 9474d591fde0aeba07b3011fe6241bc13b5c5d67a2f142ffdf9823dc12d47e7144e1e3b297e4d0baa2710a33a7ccddfa666f563c8f35c9053db83ae84140847a diff --git a/sys-apps/apk-tools/apk-tools-2.6.4.ebuild b/sys-apps/apk-tools/apk-tools-2.6.4.ebuild index 4c9249c76..cae86e458 100644 --- a/sys-apps/apk-tools/apk-tools-2.6.4.ebuild +++ b/sys-apps/apk-tools/apk-tools-2.6.4.ebuild @@ -23,7 +23,10 @@ RDEPEND="${DEPEND} " # lua? ( dev-lang/lua:5.2 ) -EPATCH_SOURCE=( "${FILESDIR}"/${P}-glibc-add-missing-headers.patch ) +EPATCH_SOURCE=( + "${FILESDIR}"/${P}-glibc-add-missing-headers.patch + "${FILESDIR}"/${P}-use-sha256-signature.patch + ) src_prepare() { epatch @@ -31,10 +34,10 @@ src_prepare() { } src_configure() { - if ! use lua; then + #if ! use lua; then echo 'LUAAPK=' >> "${S}"/config.mk echo 'export LUAAPK' >> "${S}"/config.mk - fi + #fi } src_compile () { diff --git a/sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch b/sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch new file mode 100644 index 000000000..e13f8b563 --- /dev/null +++ b/sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch @@ -0,0 +1,52 @@ +From 0984ca854ce4b9fddbf1dc7503058406ded6e2cc Mon Sep 17 00:00:00 2001 +From: Andrew Wilcox <AWilcox@Wilcox-Tech.com> +Date: Sun, 18 Oct 2015 11:19:36 -0500 +Subject: [PATCH] package: use SHA256 for signature instead of SHA1 + +--- + src/apk_blob.h | 2 +- + src/package.c | 8 ++------ + 2 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/src/apk_blob.h b/src/apk_blob.h +index 2d2e30e..a879d27 100644 +--- a/src/apk_blob.h ++++ b/src/apk_blob.h +@@ -41,7 +41,7 @@ extern apk_blob_t apk_null_blob; + + /* Internal cointainer for MD5 or SHA1 */ + struct apk_checksum { +- unsigned char data[20]; ++ unsigned char data[40]; + unsigned char type; + }; + +diff --git a/src/package.c b/src/package.c +index 24a4f94..14993b3 100644 +--- a/src/package.c ++++ b/src/package.c +@@ -570,8 +570,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, + if (ctx->keys_fd < 0) + return 0; + +- if (strncmp(&fi->name[6], "RSA.", 4) == 0 || +- strncmp(&fi->name[6], "DSA.", 4) == 0) { ++ if (strncmp(&fi->name[6], "RSA.", 4) == 0) { + int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC); + BIO *bio; + +@@ -581,10 +580,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, + bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE); + ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + if (ctx->signature.pkey != NULL) { +- if (fi->name[6] == 'R') +- ctx->md = EVP_sha1(); +- else +- ctx->md = EVP_dss1(); ++ ctx->md = EVP_sha256(); + } + BIO_free(bio); + } else +-- +2.7.0 + |