[pacman-dev] [PATCH] makepkg: Fix whirlpoolsums support
From: Luke Shumaker
On 8/27/18 4:02 PM, Luke Shumaker wrote:
From: Luke Shumaker
Commit 9cdfd187 introduced support for whirlpool checksums in v5.0.0. However, it was sloppy and missed several places where the list of checksums is used. So fix that. In several places, we can take advantage of the 'known_hash_algos' variable to simplify things a bit.
Commit 57770125 switched from using OpenSSL to GNU coreutils for doing the checksums in v5.1.0. This broke the whirlpool support, as coreutils does not implement a 'whirlpoolsum' program. So go back to using openssl for whirlpool sums only. --- I'm not particularly attached to whirlpool support, and if your reaction is "let's formally drop whirlpool", I wouldn't be upset by that.
A handful (15) of Parabola's PKGBUILDs use whirlpoolsums, which makes sense, because the author if the original whirlpoolsums commit is a Parabola contributor. But, if you want to drop whirlpool, I have no problem saying that those packages need to migrate to a different checksum algorithm at their next update. Huh, and we never documented that we supported it in the first place. :/
No wonder we didn't notice that this would break, and, equally, no wonder users didn't hit this in the 2.5 years since 5.0.0 was tagged... But, if we're going to support whirlpool then that means, going against the original intent of the patch which broke this, that we now need the openssl command-line tool even if built --with-crypto=nettle, because it doesn't look like nettle supports whirlpool any more than base64. -- Eli Schwartz Bug Wrangler and Trusted User
On Mon, 27 Aug 2018 16:17:31 -0400, Eli Schwartz wrote:
Huh, and we never documented that we supported it in the first place. :/
It did show up in the NEWS file, but no where else.
No wonder we didn't notice that this would break, and, equally, no wonder users didn't hit this in the 2.5 years since 5.0.0 was tagged...
But, if we're going to support whirlpool then that means, going against the original intent of the patch which broke this, that we now need the openssl command-line tool even if built --with-crypto=nettle, because it doesn't look like nettle supports whirlpool any more than base64.
It should only need the openssl command-line tool if it's actually going to use whirlpool for a given PKGBUILD (i.e., and optdepend at best). -- Happy hacking, ~ Luke Shumaker
On 28/08/18 06:02, Luke Shumaker wrote:
I'm not particularly attached to whirlpool support, and if your reaction is "let's formally drop whirlpool", I wouldn't be upset by that.
That is my reaction. A
This reverts commit 9cdfd18739cc4b0e2b2efeb9a92a3ea612c8505f.
We've never documented whirlpoolsums support in the manpage and no one
really seems to have realized we support it, let alone use it -- except
for a few parabola packages, being the contributor's motivation for
adding support.
The problem is that for two years the code has been broken. In commit
577701250d645d1fc1a505cde34aedbeb3208ea5 we moved to coreutils to
provide checksum commands, rather than openssl, but there is no
whirlpoolsums binary.
Properly fixing this would require re-adding a dependency on openssl,
independent of the libalpm crypto backend -- which defeats the purpose
of moving to coreutils in the general case. nettle-hash does not provide
a whirlpool algorithm any more than it does base64 (the original reason
for moving to coreutils).
Therefore, we should just drop support for this again.
Signed-off-by: Eli Schwartz
participants (3)
-
Allan McRae
-
Eli Schwartz
-
Luke Shumaker