[arch-commits] Commit in pacman/trunk (PKGBUILD makepkg.conf)
Levente Polyak
anthraxx at archlinux.org
Thu May 20 19:44:20 UTC 2021
Date: Thursday, May 20, 2021 @ 19:44:19
Author: anthraxx
Revision: 415800
upgpkg: pacman 6.0.0-2: switch default integrity to sha256
The upstream makepkg.conf is a pure example and expected to be
downstream opinionated. Lets take the opportunity with pacman 6.0.0
to introduce an opinionated default integrity.
The integrity by itself is not meant to be a security property but a
pure transfer check. However in our downstream the integrity can have
some limited gain (compared to nothing) for users that properly care when
those integrity values differ. This is specifically the case in highly
distributed rebuild environments like the AUR by applying the concept of
TOFU (trust on first use) -- which by default is also applied to SSH
host verification checks and serves a good purpose when handled
appropriately. Lets aid the usage of TOFU by providing a stronger
default in our downstream and give users the opportunity to easily
detect in transit modifications of packages whose packagers just
generated default integrity values.
Modified:
pacman/trunk/PKGBUILD
pacman/trunk/makepkg.conf
--------------+
PKGBUILD | 4 ++--
makepkg.conf | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-05-20 18:49:49 UTC (rev 415799)
+++ PKGBUILD 2021-05-20 19:44:19 UTC (rev 415800)
@@ -3,7 +3,7 @@
pkgname=pacman
pkgver=6.0.0
-pkgrel=1
+pkgrel=2
pkgdesc="A library-based package manager with dependency support"
arch=('x86_64')
url="https://www.archlinux.org/pacman/"
@@ -26,7 +26,7 @@
sha256sums=('004448085a7747bdc7a0a4dd5d1fb7556c6b890111a06e029ab088f9905d4808'
'SKIP'
'606e55f06c297d2b508bc4438890b229a1abaa68b0374a2d7f94c8e7be6792d7'
- 'd46eb9341d9f02ead0dfa7583f127f3d8d5075af726c8570f6ae9a3ebf633ec7')
+ '89d1dd7e7064243754efc1993a8843a400afd5d7c15070787985376ec346d6d9')
build() {
cd "$pkgname-$pkgver"
Modified: makepkg.conf
===================================================================
--- makepkg.conf 2021-05-20 18:49:49 UTC (rev 415799)
+++ makepkg.conf 2021-05-20 19:44:19 UTC (rev 415800)
@@ -94,7 +94,7 @@
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
-INTEGRITY_CHECK=(ck)
+INTEGRITY_CHECK=(sha256)
#-- Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="--strip-all"
#-- Options to be used when stripping shared libraries. See `man strip' for details.
More information about the arch-commits
mailing list