[pacman-dev] #10530: checksum verification does not work on BSD

older
[pacman-dev] [GIT] The official...

Sebastian Nowicki

30 May 2008 30 May '08

7:52 p.m.

I don't really like this solution, but it's the only portable solution I could think of. Instead of using md5sum, sha1sum, etc from GNU coreutils, openssl is used. Openssl has the limitation that it does not support the other sha* algorithms, so they had to be removed from makepkg. I don't like having to remove features in order to make something more portable. The patch has been tested on Mac OSX (10.5) and Archlinux. References http://bugs.archlinux.org/task/10530 doc/makepkg.conf.5.txt | 2 +- etc/makepkg.conf.in | 2 +- scripts/makepkg.sh.in | 9 ++++----- 3 files changed, 6 insertions(+), 7 deletions(-)

Show replies by date

Sebastian Nowicki

30 May 30 May

7:52 p.m.

New subject: [pacman-dev] [PATCH] Use openssl for checksum verification instead of *sum utilities

md5sum, sha1sum, etc, do not exist on BSD systems by default. Openssl is a good portable alternative, but it does not support sha256, sha384, or sha512. This also brings in a dependency for openssl. Signed-off-by: Sebastian Nowicki --- doc/makepkg.conf.5.txt | 2 +- etc/makepkg.conf.in | 2 +- scripts/makepkg.sh.in | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt index 113ad14..c662568 100644 --- a/doc/makepkg.conf.5.txt +++ b/doc/makepkg.conf.5.txt @@ -126,7 +126,7 @@ Options **INTEGRITY_CHECK=(**check1 ...**)**:: File integrity checks to use. Multiple checks may be specified; this affects both generation and checking. The current valid options are: - `md5`, `sha1`, `sha256`, `sha384`, and `sha512`. + `md5` and `sha1`. **DOC_DIRS=(**usr/{,share/}{info,doc} ...**)**:: If "!docs" is specified in the OPTIONS array, this variable will diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in index 47ed0a4..62dc496 100644 --- a/etc/makepkg.conf.in +++ b/etc/makepkg.conf.in @@ -69,7 +69,7 @@ BUILDENV=(fakeroot !distcc color !ccache !xdelta) # OPTIONS=(strip !docs libtool emptydirs zipman) -#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 +#-- File integrity checks to use. Valid: md5, sha1 INTEGRITY_CHECK=(md5) #-- Info and doc directories to remove (if option set correctly above) DOC_DIRS=(usr/{,share/}{info,doc,gtk-doc} opt/*/{info,doc,gtk-doc}) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 6e2f1ad..aaf1ad6 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -474,7 +474,7 @@ generate_checksums() { for integ in ${INTEGRITY_CHECK[@]}; do integ="$(echo $integ | tr [:upper:] [:lower:])" case "$integ" in - md5|sha1|sha256|sha384|sha512) : ;; + md5|sha1) : ;; *) error "$(gettext "Invalid integrity algorithm '%s' specified.")" "$integ" exit 1;; # $E_CONFIG_ERROR @@ -510,7 +510,7 @@ generate_checksums() { fi fi - local sum="$(${integ}sum "$file" | cut -d ' ' -f 1)" + local sum="$(openssl dgst -${integ} "$file" | awk '{print $2}')" [ $ct -gt 0 ] && echo -n "$indent" echo -n "'$sum'" ct=$(($ct+1)) @@ -526,7 +526,7 @@ check_checksums() { for integ in ${INTEGRITY_CHECK[@]}; do integ="$(echo $integ | tr [:upper:] [:lower:])" case "$integ" in - md5|sha1|sha256|sha384|sha512) : ;; + md5|sha1) : ;; *) error "$(gettext "Invalid integrity algorithm '%s' specified")" "$integ" exit 1;; # $E_CONFIG_ERROR @@ -557,7 +557,7 @@ check_checksums() { fi fi - if echo "${integrity_sums[$idx]} $file" | ${integ}sum --status -c - &>/dev/null; then + if [ "${integrity_sums[$idx]}" = "$(openssl dgst -${integ} "$file" | awk '{print $2}')" ]; then echo "$(gettext "Passed")" >&2 else echo "$(gettext "FAILED")" >&2 -- 1.5.5.1

Dan McGee

8:33 p.m.

New subject: [pacman-dev] [PATCH] Use openssl for checksum verification instead of *sum utilities

On Fri, May 30, 2008 at 2:52 PM, Sebastian Nowicki wrote:

...

md5sum, sha1sum, etc, do not exist on BSD systems by default. Openssl is a good portable alternative, but it does not support sha256, sha384, or sha512. This also brings in a dependency for openssl.

Signed-off-by: Sebastian Nowicki --- doc/makepkg.conf.5.txt | 2 +- etc/makepkg.conf.in | 2 +- scripts/makepkg.sh.in | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt index 113ad14..c662568 100644 --- a/doc/makepkg.conf.5.txt +++ b/doc/makepkg.conf.5.txt @@ -126,7 +126,7 @@ Options **INTEGRITY_CHECK=(**check1 ...**)**:: File integrity checks to use. Multiple checks may be specified; this affects both generation and checking. The current valid options are: - `md5`, `sha1`, `sha256`, `sha384`, and `sha512`. + `md5` and `sha1`.

**DOC_DIRS=(**usr/{,share/}{info,doc} ...**)**:: If "!docs" is specified in the OPTIONS array, this variable will diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in index 47ed0a4..62dc496 100644 --- a/etc/makepkg.conf.in +++ b/etc/makepkg.conf.in @@ -69,7 +69,7 @@ BUILDENV=(fakeroot !distcc color !ccache !xdelta) # OPTIONS=(strip !docs libtool emptydirs zipman)

-#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 +#-- File integrity checks to use. Valid: md5, sha1 INTEGRITY_CHECK=(md5) #-- Info and doc directories to remove (if option set correctly above) DOC_DIRS=(usr/{,share/}{info,doc,gtk-doc} opt/*/{info,doc,gtk-doc}) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 6e2f1ad..aaf1ad6 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -474,7 +474,7 @@ generate_checksums() { for integ in ${INTEGRITY_CHECK[@]}; do integ="$(echo $integ | tr [:upper:] [:lower:])" case "$integ" in - md5|sha1|sha256|sha384|sha512) : ;; + md5|sha1) : ;; *) error "$(gettext "Invalid integrity algorithm '%s' specified.")" "$integ" exit 1;; # $E_CONFIG_ERROR @@ -510,7 +510,7 @@ generate_checksums() { fi fi

- local sum="$(${integ}sum "$file" | cut -d ' ' -f 1)" + local sum="$(openssl dgst -${integ} "$file" | awk '{print $2}')" [ $ct -gt 0 ] && echo -n "$indent" echo -n "'$sum'" ct=$(($ct+1)) @@ -526,7 +526,7 @@ check_checksums() { for integ in ${INTEGRITY_CHECK[@]}; do integ="$(echo $integ | tr [:upper:] [:lower:])" case "$integ" in - md5|sha1|sha256|sha384|sha512) : ;; + md5|sha1) : ;; *) error "$(gettext "Invalid integrity algorithm '%s' specified")" "$integ" exit 1;; # $E_CONFIG_ERROR @@ -557,7 +557,7 @@ check_checksums() { fi fi

- if echo "${integrity_sums[$idx]} $file" | ${integ}sum --status -c - &>/dev/null; then + if [ "${integrity_sums[$idx]}" = "$(openssl dgst -${integ} "$file" | awk '{print $2}')" ]; then echo "$(gettext "Passed")" >&2 else echo "$(gettext "FAILED")" >&2 -- Ok, can we take a slightly different approach to this in order to not reduce functionality? How about we check for the existence of the ${integ}sum programs first (or at least the one we need), and then somehow fall back to the openssl binary if necessary? If we have an array of sha256 sums, then we would spit a big warning saying we could not verify these sums due to us not having a program to verify them.

Of course, I have no idea how easy this is, but I'm really against loosing functionality. -Dan

Roman Kyrylych

31 May 31 May

6:34 a.m.

New subject: [pacman-dev] [PATCH] Use openssl for checksum verification instead of *sum utilities

2008/5/30 Dan McGee :

...

On Fri, May 30, 2008 at 2:52 PM, Sebastian Nowicki wrote:

...
md5sum, sha1sum, etc, do not exist on BSD systems by default. Openssl is a good portable alternative, but it does not support sha256, sha384, or sha512. This also brings in a dependency for openssl.

Signed-off-by: Sebastian Nowicki --- doc/makepkg.conf.5.txt | 2 +- etc/makepkg.conf.in | 2 +- scripts/makepkg.sh.in | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt index 113ad14..c662568 100644 --- a/doc/makepkg.conf.5.txt +++ b/doc/makepkg.conf.5.txt @@ -126,7 +126,7 @@ Options **INTEGRITY_CHECK=(**check1 ...**)**:: File integrity checks to use. Multiple checks may be specified; this affects both generation and checking. The current valid options are: - `md5`, `sha1`, `sha256`, `sha384`, and `sha512`. + `md5` and `sha1`.

**DOC_DIRS=(**usr/{,share/}{info,doc} ...**)**:: If "!docs" is specified in the OPTIONS array, this variable will diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in index 47ed0a4..62dc496 100644 --- a/etc/makepkg.conf.in +++ b/etc/makepkg.conf.in @@ -69,7 +69,7 @@ BUILDENV=(fakeroot !distcc color !ccache !xdelta) # OPTIONS=(strip !docs libtool emptydirs zipman)

-#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 +#-- File integrity checks to use. Valid: md5, sha1 INTEGRITY_CHECK=(md5) #-- Info and doc directories to remove (if option set correctly above) DOC_DIRS=(usr/{,share/}{info,doc,gtk-doc} opt/*/{info,doc,gtk-doc}) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 6e2f1ad..aaf1ad6 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -474,7 +474,7 @@ generate_checksums() { for integ in ${INTEGRITY_CHECK[@]}; do integ="$(echo $integ | tr [:upper:] [:lower:])" case "$integ" in - md5|sha1|sha256|sha384|sha512) : ;; + md5|sha1) : ;; *) error "$(gettext "Invalid integrity algorithm '%s' specified.")" "$integ" exit 1;; # $E_CONFIG_ERROR @@ -510,7 +510,7 @@ generate_checksums() { fi fi

- local sum="$(${integ}sum "$file" | cut -d ' ' -f 1)" + local sum="$(openssl dgst -${integ} "$file" | awk '{print $2}')" [ $ct -gt 0 ] && echo -n "$indent" echo -n "'$sum'" ct=$(($ct+1)) @@ -526,7 +526,7 @@ check_checksums() { for integ in ${INTEGRITY_CHECK[@]}; do integ="$(echo $integ | tr [:upper:] [:lower:])" case "$integ" in - md5|sha1|sha256|sha384|sha512) : ;; + md5|sha1) : ;; *) error "$(gettext "Invalid integrity algorithm '%s' specified")" "$integ" exit 1;; # $E_CONFIG_ERROR @@ -557,7 +557,7 @@ check_checksums() { fi fi

- if echo "${integrity_sums[$idx]} $file" | ${integ}sum --status -c - &>/dev/null; then + if [ "${integrity_sums[$idx]}" = "$(openssl dgst -${integ} "$file" | awk '{print $2}')" ]; then echo "$(gettext "Passed")" >&2 else echo "$(gettext "FAILED")" >&2 -- Ok, can we take a slightly different approach to this in order to not reduce functionality? How about we check for the existence of the ${integ}sum programs first (or at least the one we need), and then somehow fall back to the openssl binary if necessary? If we have an array of sha256 sums, then we would spit a big warning saying we could not verify these sums due to us not having a program to verify them.

Of course, I have no idea how easy this is, but I'm really against loosing functionality.

Oops, sorry about my previous message. I haven't read this one first (because of gmail's way of sorting messages by threads). Falling back to openssl only when *sum are not available seems more better to me. -- Roman Kyrylych (Роман Кирилич)

Sebastian Nowicki

6:35 a.m.

New subject: [pacman-dev] [PATCH] Use openssl for checksum verification instead of *sum utilities

Good news, it turns out that openssl does support sha256, sha386 and sha512, it just wasn't documented in the man page. `openssl dgst --help` does document them, and the are available on BSD and Linux, so that's great. In the previous patch I forgot to remove the check for the existence *sum program. Makepkg now checks if openssl exists. The only downside I can see is that openssl is a ~7mb dependency, but at least it's in core.

Sebastian Nowicki

6:35 a.m.

New subject: [pacman-dev] [PATCH] Use openssl for checksum verification instead of *sum utilities

md5sum, sha1sum, etc, do not exist on BSD systems by default. Openssl is a good portable alternative. This also brings in a dependency for openssl. Closes FS#10530. Signed-off-by: Sebastian Nowicki --- scripts/makepkg.sh.in | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 6e2f1ad..cb55dea 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -480,8 +480,8 @@ generate_checksums() { exit 1;; # $E_CONFIG_ERROR esac - if [ ! $(type -p "${integ}sum") ]; then - error "$(gettext "Cannot find the '%s' program.")" "${integ}sum" + if [ ! $(type -p "openssl") ]; then + error "$(gettext "Cannot find openssl.")" exit 1 # $E_MISSING_PROGRAM fi @@ -510,7 +510,7 @@ generate_checksums() { fi fi - local sum="$(${integ}sum "$file" | cut -d ' ' -f 1)" + local sum="$(openssl dgst -${integ} "$file" | awk '{print $2}')" [ $ct -gt 0 ] && echo -n "$indent" echo -n "'$sum'" ct=$(($ct+1)) @@ -532,8 +532,8 @@ check_checksums() { exit 1;; # $E_CONFIG_ERROR esac - if [ ! $(type -p "${integ}sum") ]; then - error "$(gettext "Cannot find the '%s' program.")" "${integ}sum" + if [ ! $(type -p "openssl") ]; then + error "$(gettext "Cannot find openssl.")" exit 1 # $E_MISSING_PROGRAM fi @@ -557,7 +557,7 @@ check_checksums() { fi fi - if echo "${integrity_sums[$idx]} $file" | ${integ}sum --status -c - &>/dev/null; then + if [ "${integrity_sums[$idx]}" = "$(openssl dgst -${integ} "$file" | awk '{print $2}')" ]; then echo "$(gettext "Passed")" >&2 else echo "$(gettext "FAILED")" >&2 -- 1.5.5.1

Dan McGee

1:21 p.m.

New subject: [pacman-dev] [PATCH] Use openssl for checksum verification instead of *sum utilities

On Sat, May 31, 2008 at 1:35 AM, Sebastian Nowicki wrote:

...

md5sum, sha1sum, etc, do not exist on BSD systems by default. Openssl is a good portable alternative. This also brings in a dependency for openssl.

Closes FS#10530.

Signed-off-by: Sebastian Nowicki --- scripts/makepkg.sh.in | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 6e2f1ad..cb55dea 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -480,8 +480,8 @@ generate_checksums() { exit 1;; # $E_CONFIG_ERROR esac

- if [ ! $(type -p "${integ}sum") ]; then - error "$(gettext "Cannot find the '%s' program.")" "${integ}sum" + if [ ! $(type -p "openssl") ]; then + error "$(gettext "Cannot find openssl.")" exit 1 # $E_MISSING_PROGRAM fi

@@ -510,7 +510,7 @@ generate_checksums() { fi fi

- local sum="$(${integ}sum "$file" | cut -d ' ' -f 1)" + local sum="$(openssl dgst -${integ} "$file" | awk '{print $2}')" [ $ct -gt 0 ] && echo -n "$indent" echo -n "'$sum'" ct=$(($ct+1)) @@ -532,8 +532,8 @@ check_checksums() { exit 1;; # $E_CONFIG_ERROR esac

- if [ ! $(type -p "${integ}sum") ]; then - error "$(gettext "Cannot find the '%s' program.")" "${integ}sum" + if [ ! $(type -p "openssl") ]; then + error "$(gettext "Cannot find openssl.")" exit 1 # $E_MISSING_PROGRAM fi

@@ -557,7 +557,7 @@ check_checksums() { fi fi

- if echo "${integrity_sums[$idx]} $file" | ${integ}sum --status -c - &>/dev/null; then + if [ "${integrity_sums[$idx]}" = "$(openssl dgst -${integ} "$file" | awk '{print $2}')" ]; then echo "$(gettext "Passed")" >&2 else echo "$(gettext "FAILED")" >&2 -- Code go boom: $ openssl dgst -md5 'file with spaces' MD5(file with spaces)= d41d8cd98f00b204e9800998ecf8427e $ openssl dgst -md5 'file with spaces' | awk '{print $2}' with

Try awk '{print $NF}' (NF is number of fields, so it will always print the last field) instead and it should always work. -Dan

Roman Kyrylych

6:31 a.m.

2008/5/30 Sebastian Nowicki :

...

I don't really like this solution, but it's the only portable solution I could think of. Instead of using md5sum, sha1sum, etc from GNU coreutils, openssl is used. Openssl has the limitation that it does not support the other sha* algorithms, so they had to be removed from makepkg. I don't like having to remove features in order to make something more portable.

Can makepkg just use another tool(s) on systems where coreutils are not available? (like libfetch/libdownload) -- Roman Kyrylych (Роман Кирилич)

Xavier

2 Jun 2 Jun

9:09 a.m.

On Fri, May 30, 2008 at 9:52 PM, Sebastian Nowicki wrote:

...

I don't really like this solution, but it's the only portable solution I could think of. Instead of using md5sum, sha1sum, etc from GNU coreutils, openssl is used. Openssl has the limitation that it does not support the other sha* algorithms, so they had to be removed from makepkg. I don't like having to remove features in order to make something more portable.

The patch has been tested on Mac OSX (10.5) and Archlinux.

References http://bugs.archlinux.org/task/10530

Let me ask the same question than on the bug tracker, just in case : Why doesn't openssl support the other sha* algo, and are there any plans for a future support?

Xavier

9:14 a.m.

On Mon, Jun 2, 2008 at 11:09 AM, Xavier wrote:

...

Let me ask the same question than on the bug tracker, just in case :

Why doesn't openssl support the other sha* algo, and are there any plans for a future support?

Grr, I should finish reading all threads before answering. I found this quite surprising that openssl did not support these, because I could remember it supported a lot of things. So in the end, it does support everything, so moving to openssl is good thing for portability while preserving functionality.

Sebastian Nowicki

9:36 a.m.

On 02/06/2008, at 5:14 PM, Xavier wrote:

...

On Mon, Jun 2, 2008 at 11:09 AM, Xavier wrote:

...
Let me ask the same question than on the bug tracker, just in case :

Why doesn't openssl support the other sha* algo, and are there any plans for a future support?

Grr, I should finish reading all threads before answering. I found this quite surprising that openssl did not support these, because I could remember it supported a lot of things. So in the end, it does support everything, so moving to openssl is good thing for portability while preserving functionality.

Yes, it does seem like a good solution. I just need to test Dan's fix to the spaces problem. As I mentioned on the bug tracker I was unable to get makepkg to look for filenames with spaces when using something like source=('foo bar'), it instead looks for 'foo' and 'bar'. I have no idea why it does this, so I'll look into it, but I have two exams this week and then I'll be in the US for a week, so I don't really have time to play with it.

Xavier

3:40 p.m.

On Mon, Jun 2, 2008 at 11:36 AM, Sebastian Nowicki wrote:

...

Yes, it does seem like a good solution. I just need to test Dan's fix to the spaces problem. As I mentioned on the bug tracker I was unable to get makepkg to look for filenames with spaces when using something like source=('foo bar'), it instead looks for 'foo' and 'bar'. I have no idea why it does this, so I'll look into it, but I have two exams this week and then I'll be in the US for a week, so I don't really have time to play with it.

Sorry, I don't have time to write a patch, but you just need to add some quotes for the source array. Try replacing every line which looks like this : for netfile in ${source[@]}; do to this : for netfile in "${source[@]}"; do Just do a grep for source[ or something.

Dan McGee

6 Jun 6 Jun

4:21 a.m.

On Mon, Jun 2, 2008 at 10:40 AM, Xavier wrote:

...

On Mon, Jun 2, 2008 at 11:36 AM, Sebastian Nowicki wrote:

...
Yes, it does seem like a good solution. I just need to test Dan's fix to the spaces problem. As I mentioned on the bug tracker I was unable to get makepkg to look for filenames with spaces when using something like source=('foo bar'), it instead looks for 'foo' and 'bar'. I have no idea why it does this, so I'll look into it, but I have two exams this week and then I'll be in the US for a week, so I don't really have time to play with it.

Sorry, I don't have time to write a patch, but you just need to add some quotes for the source array. Try replacing every line which looks like this : for netfile in ${source[@]}; do to this : for netfile in "${source[@]}"; do

Just do a grep for source[ or something.

Ping, or anyone have time to put the patch(es) together for this? I think this is something we should get fixed pre-3.2. As I said above, I'm fine with switching exclusively to openssl usage. -Dan

Antonio Huete Jimeenz

2 Jun 2 Jun

9:45 a.m.

Hi As far as I know md5sum program in BSD is /sbin/md5, so maybe there's something like that in MacOS. I'll provide a makepkg during this week that would fix this md5 checksum thingy among other things, so you can take a look to it and let me know if it works. I got some other ideas for handling different OSes via CHOST variable. Let me few days to test it. Regards, Antonio Huete 2008/5/30 Sebastian Nowicki :

...

I don't really like this solution, but it's the only portable solution I could think of. Instead of using md5sum, sha1sum, etc from GNU coreutils, openssl is used. Openssl has the limitation that it does not support the other sha* algorithms, so they had to be removed from makepkg. I don't like having to remove features in order to make something more portable.

The patch has been tested on Mac OSX (10.5) and Archlinux.

References http://bugs.archlinux.org/task/10530

doc/makepkg.conf.5.txt | 2 +- etc/makepkg.conf.in | 2 +- scripts/makepkg.sh.in | 9 ++++----- 3 files changed, 6 insertions(+), 7 deletions(-)

_______________________________________________ pacman-dev mailing list pacman-dev@archlinux.org http://archlinux.org/mailman/listinfo/pacman-dev

Xavier

9:48 a.m.

On Mon, Jun 2, 2008 at 11:45 AM, Antonio Huete Jimeenz wrote:

...

As far as I know md5sum program in BSD is /sbin/md5, so maybe there's something like that in MacOS. I'll provide a makepkg during this week that would fix this md5 checksum thingy among other things, so you can take a look to it and let me know if it works.

I got some other ideas for handling different OSes via CHOST variable. Let me few days to test it.

Actually, it is better to avoid this when possible. The openssl solution is very nice and clean because it works the same on all systems. You don't need any specific checks.

Antonio Huete Jimeenz

10:32 a.m.

For the checksum verification it might be ok to use openssl since it's in base for almost all BSD system. But what about linux? You'll have to install it before using makepkg, and this means a dependency. In the case of CHOST usage, I haven't explained it fine. It's not related to this checksum issue. I'll try to explain it better in another thread :) Regards, Antonio Huete 2008/6/2 Xavier :

...

On Mon, Jun 2, 2008 at 11:45 AM, Antonio Huete Jimeenz wrote:

...
As far as I know md5sum program in BSD is /sbin/md5, so maybe there's something like that in MacOS. I'll provide a makepkg during this week that would fix this md5 checksum thingy among other things, so you can take a look to it and let me know

if

...
it works.

I got some other ideas for handling different OSes via CHOST variable. Let me few days to test it.

Actually, it is better to avoid this when possible. The openssl solution is very nice and clean because it works the same on all systems. You don't need any specific checks.

_______________________________________________ pacman-dev mailing list pacman-dev@archlinux.org http://archlinux.org/mailman/listinfo/pacman-dev

Xavier

10:58 a.m.

On Mon, Jun 2, 2008 at 12:32 PM, Antonio Huete Jimeenz wrote:

...

For the checksum verification it might be ok to use openssl since it's in base for almost all BSD system. But what about linux? You'll have to install it before using makepkg, and this means a dependency.

In the case of CHOST usage, I haven't explained it fine. It's not related to this checksum issue. I'll try to explain it better in another thread :)

openssl is in the base group of archlinux, so it is supposed to be installed on every system. But when you look at the number and the importance of the packages requiring it, it is fully justified : http://archlinux.org/packages/122/ I can even hardly imagine a linux distro without it. Or am I mistaken?

Antonio Huete Jimeenz

11:08 a.m.

I agree, openssl is a must-have in every system :-) 2008/6/2 Xavier :

...

On Mon, Jun 2, 2008 at 12:32 PM, Antonio Huete Jimeenz wrote:

...
For the checksum verification it might be ok to use openssl since it's in base for almost all BSD system. But what about linux? You'll have to install it before using makepkg, and this means a dependency.

In the case of CHOST usage, I haven't explained it fine. It's not related to this checksum issue. I'll try to explain it better in another thread :)

openssl is in the base group of archlinux, so it is supposed to be installed on every system. But when you look at the number and the importance of the packages requiring it, it is fully justified : http://archlinux.org/packages/122/ I can even hardly imagine a linux distro without it. Or am I mistaken?

_______________________________________________ pacman-dev mailing list pacman-dev@archlinux.org http://archlinux.org/mailman/listinfo/pacman-dev

Sebastian Nowicki

11:12 a.m.

On 02/06/2008, at 6:58 PM, Xavier wrote:

...

On Mon, Jun 2, 2008 at 12:32 PM, Antonio Huete Jimeenz wrote:

...
For the checksum verification it might be ok to use openssl since it's in base for almost all BSD system. But what about linux? You'll have to install it before using makepkg, and this means a dependency.

In the case of CHOST usage, I haven't explained it fine. It's not related to this checksum issue. I'll try to explain it better in another thread :)

openssl is in the base group of archlinux, so it is supposed to be installed on every system. But when you look at the number and the importance of the packages requiring it, it is fully justified : http://archlinux.org/packages/122/ I can even hardly imagine a linux distro without it. Or am I mistaken?

It is an issue, but openssl is only 7mb, which should be an issue on almost all systems, and on embedded systems where disk space may be scarce, Archlinux probably wouldn't run anyway (afaik there's a project for that purpose). As Xavier mentioned it's in core, so with a typical install (installing everything in base), it should be installed on the system.

...

As far as I know md5sum program in BSD is /sbin/md5, so maybe there's something like that in MacOS.

From what I understand the BSD tools (md5, sha1, etc) all use cksum. It uses completely different arguments than the Linux equivalent, so it would be difficult to implement. I think openssl is the best compromise.

Antonio Huete Jimenez

11:28 a.m.

2008/6/2 Sebastian Nowicki :

...

On 02/06/2008, at 6:58 PM, Xavier wrote:

...
On Mon, Jun 2, 2008 at 12:32 PM, Antonio Huete Jimeenz wrote:

...
For the checksum verification it might be ok to use openssl since it's in base for almost all BSD system. But what about linux? You'll have to install it before using makepkg, and this means a dependency.

In the case of CHOST usage, I haven't explained it fine. It's not related to this checksum issue. I'll try to explain it better in another thread :)

openssl is in the base group of archlinux, so it is supposed to be installed on every system. But when you look at the number and the importance of the packages requiring it, it is fully justified : http://archlinux.org/packages/122/ I can even hardly imagine a linux distro without it. Or am I mistaken?

It is an issue, but openssl is only 7mb, which should be an issue on almost all systems, and on embedded systems where disk space may be scarce, Archlinux probably wouldn't run anyway (afaik there's a project for that purpose). As Xavier mentioned it's in core, so with a typical install (installing everything in base), it should be installed on the system.

...
As far as I know md5sum program in BSD is /sbin/md5, so maybe there's something like that in MacOS.

From what I understand the BSD tools (md5, sha1, etc) all use cksum. It uses completely different arguments than the Linux equivalent, so it would be difficult to implement. I think openssl is the best compromise.

And there comes the idea I was talking about. I think that scripts should behave according to the operating from where they are running on. I'm doing some changes to scripts for doing so, but it will take me few days to have something useable. I also think that every portable code should be welcome whenever it doesn't break anything in ArchLinux and made scripts runnable on other OSes. What do you guys think? Regards, Antonio Huete

...

_______________________________________________ pacman-dev mailing list pacman-dev@archlinux.org http://archlinux.org/mailman/listinfo/pacman-dev

Allan McRae

11:42 a.m.

Antonio Huete Jimenez wrote:

...

And there comes the idea I was talking about. I think that scripts should behave according to the operating from where they are running on. I'm doing some changes to scripts for doing so, but it will take me few days to have something useable. I also think that every portable code should be welcome whenever it doesn't break anything in ArchLinux and made scripts runnable on other OSes.

What do you guys think?

Using openssl for this is optimal because it works the same on all systems. Having code which detects operating system and uses specific software in each case is ugly and should be avoided if at all possible.

Antonio Huete Jimenez

11:54 a.m.

...

Antonio Huete Jimenez wrote:

...
And there comes the idea I was talking about. I think that scripts should behave according to the operating from where they are running on. I'm doing some changes to scripts for doing so, but it will take me few days to have something useable. I also think that every portable code should be welcome whenever it doesn't break anything in ArchLinux and made scripts runnable on other OSes.

What do you guys think?

Using openssl for this is optimal because it works the same on all systems. Having code which detects operating system and uses specific software in each case is ugly and should be avoided if at all possible.

And how do you plan to do OS specific checks and/or configurations for

2008/6/2 Allan McRae : portability?

...

_______________________________________________ pacman-dev mailing list pacman-dev@archlinux.org http://archlinux.org/mailman/listinfo/pacman-dev

Xavier

12:03 p.m.

On Mon, Jun 2, 2008 at 1:54 PM, Antonio Huete Jimenez wrote:

...

2008/6/2 Allan McRae :

...
Using openssl for this is optimal because it works the same on all systems. Having code which detects operating system and uses specific software in each case is ugly and should be avoided if at all possible.

And how do you plan to do OS specific checks and/or configurations for portability?

And which part exactly you don't understand in "should be avoided if at all possible" ?

Dan McGee

12:07 p.m.

On Mon, Jun 2, 2008 at 6:12 AM, Sebastian Nowicki wrote:

...

On 02/06/2008, at 6:58 PM, Xavier wrote:

...
On Mon, Jun 2, 2008 at 12:32 PM, Antonio Huete Jimeenz wrote:

...
For the checksum verification it might be ok to use openssl since it's in base for almost all BSD system. But what about linux? You'll have to install it before using makepkg, and this means a dependency.

In the case of CHOST usage, I haven't explained it fine. It's not related to this checksum issue. I'll try to explain it better in another thread :)

openssl is in the base group of archlinux, so it is supposed to be installed on every system. But when you look at the number and the importance of the packages requiring it, it is fully justified : http://archlinux.org/packages/122/ I can even hardly imagine a linux distro without it. Or am I mistaken?

It is an issue, but openssl is only 7mb, which should be an issue on almost all systems, and on embedded systems where disk space may be scarce, Archlinux probably wouldn't run anyway (afaik there's a project for that purpose). As Xavier mentioned it's in core, so with a typical install (installing everything in base), it should be installed on the system.

2 points: 1. openssl as we've no found out does not have a loss in functionality, it can do all of the algorithms we need. 2. It doesn't even need to be installed on every system, just every system used *to build packages*. However, I would highly doubt you can find a system in the wild that doesn't have openssl installed. Since we have no loss in portability or functionality with openssl, I say lets go for it. Be sure to adjust the comments at the top of makepkg where it lists programs needed to run so we can keep that up to date. -Dan

5803

Age (days ago)

5810

Last active (days ago)

List overview

Download

23 comments

7 participants

participants (7)

Allan McRae
Antonio Huete Jimeenz
Antonio Huete Jimenez
Dan McGee
Roman Kyrylych
Sebastian Nowicki
Xavier