On Fri, May 30, 2008 at 2:52 PM, Sebastian Nowicki <sebnow@gmail.com> wrote:
md5sum, sha1sum, etc, do not exist on BSD systems by default. Openssl is a good portable alternative, but it does not support sha256, sha384, or sha512. This also brings in a dependency for openssl.
Signed-off-by: Sebastian Nowicki <sebnow@gmail.com> --- doc/makepkg.conf.5.txt | 2 +- etc/makepkg.conf.in | 2 +- scripts/makepkg.sh.in | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt index 113ad14..c662568 100644 --- a/doc/makepkg.conf.5.txt +++ b/doc/makepkg.conf.5.txt @@ -126,7 +126,7 @@ Options **INTEGRITY_CHECK=(**check1 ...**)**:: File integrity checks to use. Multiple checks may be specified; this affects both generation and checking. The current valid options are: - `md5`, `sha1`, `sha256`, `sha384`, and `sha512`. + `md5` and `sha1`.
**DOC_DIRS=(**usr/{,share/}{info,doc} ...**)**:: If "!docs" is specified in the OPTIONS array, this variable will diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in index 47ed0a4..62dc496 100644 --- a/etc/makepkg.conf.in +++ b/etc/makepkg.conf.in @@ -69,7 +69,7 @@ BUILDENV=(fakeroot !distcc color !ccache !xdelta) # OPTIONS=(strip !docs libtool emptydirs zipman)
-#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 +#-- File integrity checks to use. Valid: md5, sha1 INTEGRITY_CHECK=(md5) #-- Info and doc directories to remove (if option set correctly above) DOC_DIRS=(usr/{,share/}{info,doc,gtk-doc} opt/*/{info,doc,gtk-doc}) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 6e2f1ad..aaf1ad6 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -474,7 +474,7 @@ generate_checksums() { for integ in ${INTEGRITY_CHECK[@]}; do integ="$(echo $integ | tr [:upper:] [:lower:])" case "$integ" in - md5|sha1|sha256|sha384|sha512) : ;; + md5|sha1) : ;; *) error "$(gettext "Invalid integrity algorithm '%s' specified.")" "$integ" exit 1;; # $E_CONFIG_ERROR @@ -510,7 +510,7 @@ generate_checksums() { fi fi
- local sum="$(${integ}sum "$file" | cut -d ' ' -f 1)" + local sum="$(openssl dgst -${integ} "$file" | awk '{print $2}')" [ $ct -gt 0 ] && echo -n "$indent" echo -n "'$sum'" ct=$(($ct+1)) @@ -526,7 +526,7 @@ check_checksums() { for integ in ${INTEGRITY_CHECK[@]}; do integ="$(echo $integ | tr [:upper:] [:lower:])" case "$integ" in - md5|sha1|sha256|sha384|sha512) : ;; + md5|sha1) : ;; *) error "$(gettext "Invalid integrity algorithm '%s' specified")" "$integ" exit 1;; # $E_CONFIG_ERROR @@ -557,7 +557,7 @@ check_checksums() { fi fi
- if echo "${integrity_sums[$idx]} $file" | ${integ}sum --status -c - &>/dev/null; then + if [ "${integrity_sums[$idx]}" = "$(openssl dgst -${integ} "$file" | awk '{print $2}')" ]; then echo "$(gettext "Passed")" >&2 else echo "$(gettext "FAILED")" >&2 -- Ok, can we take a slightly different approach to this in order to not reduce functionality? How about we check for the existence of the ${integ}sum programs first (or at least the one we need), and then somehow fall back to the openssl binary if necessary? If we have an array of sha256 sums, then we would spit a big warning saying we could not verify these sums due to us not having a program to verify them.
Of course, I have no idea how easy this is, but I'm really against loosing functionality. -Dan