summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2016-10-11 23:04:25 +1000
committerAllan McRae <allan@archlinux.org>2016-10-22 20:50:55 +1000
commit577701250d645d1fc1a505cde34aedbeb3208ea5 (patch)
tree779183b41b3a84fd012a4dbb38337aed00ad0025 /scripts
parent603f087cd73aff0d39bf0ebfb23aaae5626cb814 (diff)
downloadpacman-577701250d645d1fc1a505cde34aedbeb3208ea5.tar.xz
Use coreutils binaries for checking/generating checksums
If pacman is build against a crypto library other than openssl, it makes no sense to require makepkg to use it. The only currently considered alternative to openssl is nettle, which has no binary for base64 encode/decode. This means that we could replace the hashing cacluations with nettle-hash, but would require base64 from coreutils. Given makepkg already relies heavily on coreutils, we might as well use all the coreutils hashing binaries too. This patch also improves the checking of required binaries for hashing operations. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r--scripts/libmakepkg/integrity/generate_checksum.sh.in9
-rw-r--r--scripts/libmakepkg/integrity/verify_checksum.sh.in4
-rw-r--r--scripts/makepkg.sh.in24
-rw-r--r--scripts/repo-add.sh.in16
4 files changed, 27 insertions, 26 deletions
diff --git a/scripts/libmakepkg/integrity/generate_checksum.sh.in b/scripts/libmakepkg/integrity/generate_checksum.sh.in
index 7a567100..b61f2281 100644
--- a/scripts/libmakepkg/integrity/generate_checksum.sh.in
+++ b/scripts/libmakepkg/integrity/generate_checksum.sh.in
@@ -59,8 +59,8 @@ generate_one_checksum() {
if [[ $netfile != *.@(sig?(n)|asc) ]]; then
local file
file="$(get_filepath "$netfile")" || missing_source_file "$netfile"
- sum="$(openssl dgst -${integ} "$file")"
- sum=${sum##* }
+ sum="$("${integ}sum" "$file")"
+ sum=${sum%% *}
else
sum="SKIP"
fi
@@ -80,11 +80,6 @@ generate_one_checksum() {
generate_checksums() {
msg "$(gettext "Generating checksums for source files...")"
- if ! type -p openssl >/dev/null; then
- error "$(gettext "Cannot find the %s binary required for generating sourcefile checksums.")" "openssl"
- exit 1 # $E_MISSING_PROGRAM
- fi
-
local integlist
if (( $# == 0 )); then
IFS=$'\n' read -rd '' -a integlist < <(get_integlist)
diff --git a/scripts/libmakepkg/integrity/verify_checksum.sh.in b/scripts/libmakepkg/integrity/verify_checksum.sh.in
index 44a2b2e1..5830aff3 100644
--- a/scripts/libmakepkg/integrity/verify_checksum.sh.in
+++ b/scripts/libmakepkg/integrity/verify_checksum.sh.in
@@ -82,8 +82,8 @@ verify_integrity_one() {
return 1
fi
- local realsum="$(openssl dgst -${integ} "$file")"
- realsum="${realsum##* }"
+ local realsum="$("${integ}sum" "$file")"
+ realsum="${realsum%% *}"
if [[ ${expectedsum,,} = "$realsum" ]]; then
printf '%s\n' "$(gettext "Passed")" >&2
else
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index fd5c2f5b..02398cf8 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -28,7 +28,7 @@
# makepkg uses quite a few external programs during its execution. You
# need to have at least the following installed for makepkg to function:
# awk, bsdtar (libarchive), bzip2, coreutils, fakeroot, file, find (findutils),
-# gettext, gpg, grep, gzip, openssl, sed, tput (ncurses), xz
+# gettext, gpg, grep, gzip, sed, tput (ncurses), xz
# gettext initialization
export TEXTDOMAIN='pacman-scripts'
@@ -658,8 +658,8 @@ write_buildinfo() {
printf "builddir = %s\n" "${BUILDDIR}"
- local sum="$(openssl dgst -sha256 "${BUILDFILE}")"
- sum=${sum##* }
+ local sum="$(sha256sum "${BUILDFILE}")"
+ sum=${sum%% *}
printf "pkgbuild_sha256sum = %s\n" $sum
@@ -1022,12 +1022,18 @@ check_software() {
fi
fi
- # openssl - checksum operations
- if (( ! SKIPCHECKSUMS )); then
- if ! type -p openssl >/dev/null; then
- error "$(gettext "Cannot find the %s binary required for validating source file checksums.")" "openssl"
- ret=1
- fi
+ # checksum operations
+ if (( GENINTEG || ! SKIPCHECKSUMS )); then
+ local integlist
+ IFS=$'\n' read -rd '' -a integlist < <(get_integlist)
+
+ local integ
+ for integ in "${integlist[@]}"; do
+ if ! type -p "${integ}sum" >/dev/null; then
+ error "$(gettext "Cannot find the %s binary required for source file checksums operations.")" "${integ}sum"
+ ret=1
+ fi
+ done
fi
# distcc - compilation with distcc
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 4da2c317..a543611c 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -151,8 +151,8 @@ db_write_delta() {
echo -e "%DELTAS%" >"$deltas"
fi
# get md5sum and compressed size of package
- md5sum=$(openssl dgst -md5 "$deltafile")
- md5sum=${md5sum##* }
+ md5sum=$(md5sum "$deltafile")
+ md5sum=${md5sum%% *}
csize=$(@SIZECMD@ -L "$deltafile")
oldfile=$(xdelta3 printhdr "$deltafile" | grep "XDELTA filename (source)" | sed 's/.*: *//')
@@ -374,17 +374,17 @@ db_write_entry() {
return 1
fi
msg2 "$(gettext "Adding package signature...")"
- pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n')
+ pgpsig=$(base64 "$pkgfile.sig" | tr -d '\n')
fi
csize=$(@SIZECMD@ -L "$pkgfile")
# compute checksums
msg2 "$(gettext "Computing checksums...")"
- md5sum=$(openssl dgst -md5 "$pkgfile")
- md5sum=${md5sum##* }
- sha256sum=$(openssl dgst -sha256 "$pkgfile")
- sha256sum=${sha256sum##* }
+ md5sum=$(md5sum "$pkgfile")
+ md5sum=${md5sum%% *}
+ sha256sum=$(sha256sum "$pkgfile")
+ sha256sum=${sha256sum%% *}
# remove an existing entry if it exists, ignore failures
db_remove_entry "$pkgname"
@@ -501,7 +501,7 @@ elephant() {
"ZL9JFFZeAa0a2+lKjL2anpYfV+0Zx9LJ+/MC8nRayuDlSNy2rfAPibOzsiWHL0jL" \
"SsjFAQAA"
;;
- esac | openssl base64 -d | gzip -d
+ esac | base64 -d | gzip -d
}
prepare_repo_db() {