[pacman-dev] [PATCH] Use openssl for checksum verification instead of *sum utilities

Fri May 30 15:52:47 EDT 2008

md5sum, sha1sum, etc, do not exist on BSD systems by default. Openssl is
a good portable alternative, but it does not support sha256, sha384, or
sha512. This also brings in a dependency for openssl.

Signed-off-by: Sebastian Nowicki <sebnow at gmail.com>
---
 doc/makepkg.conf.5.txt |    2 +-
 etc/makepkg.conf.in    |    2 +-
 scripts/makepkg.sh.in  |    8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/makepkg.conf.5.txt b/doc/makepkg.conf.5.txt
index 113ad14..c662568 100644
--- a/doc/makepkg.conf.5.txt
+++ b/doc/makepkg.conf.5.txt
@@ -126,7 +126,7 @@ Options
 **INTEGRITY_CHECK=(**check1 ...**)**::
 	File integrity checks to use. Multiple checks may be specified; this
 	affects both generation and checking. The current valid options are:
-	`md5`, `sha1`, `sha256`, `sha384`, and `sha512`.
+	`md5` and `sha1`.
 
 **DOC_DIRS=(**usr/{,share/}{info,doc} ...**)**::
 	If "!docs" is specified in the OPTIONS array, this variable will
diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in
index 47ed0a4..62dc496 100644
--- a/etc/makepkg.conf.in
+++ b/etc/makepkg.conf.in
@@ -69,7 +69,7 @@ BUILDENV=(fakeroot !distcc color !ccache !xdelta)
 #
 OPTIONS=(strip !docs libtool emptydirs zipman)
 
-#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
+#-- File integrity checks to use. Valid: md5, sha1
 INTEGRITY_CHECK=(md5)
 #-- Info and doc directories to remove (if option set correctly above)
 DOC_DIRS=(usr/{,share/}{info,doc,gtk-doc} opt/*/{info,doc,gtk-doc})
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 6e2f1ad..aaf1ad6 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -474,7 +474,7 @@ generate_checksums() {
 	for integ in ${INTEGRITY_CHECK[@]}; do
 		integ="$(echo $integ | tr [:upper:] [:lower:])"
 		case "$integ" in
-			md5|sha1|sha256|sha384|sha512) : ;;
+			md5|sha1) : ;;
 			*)
 				error "$(gettext "Invalid integrity algorithm '%s' specified.")" "$integ"
 				exit 1;; # $E_CONFIG_ERROR
@@ -510,7 +510,7 @@ generate_checksums() {
 				fi
 			fi
 
-			local sum="$(${integ}sum "$file" | cut -d ' ' -f 1)"
+			local sum="$(openssl dgst -${integ} "$file" | awk '{print $2}')"
 			[ $ct -gt 0 ] && echo -n "$indent"
 			echo -n "'$sum'"
 			ct=$(($ct+1))
@@ -526,7 +526,7 @@ check_checksums() {
 	for integ in ${INTEGRITY_CHECK[@]}; do
 		integ="$(echo $integ | tr [:upper:] [:lower:])"
 		case "$integ" in
-			md5|sha1|sha256|sha384|sha512) : ;;
+			md5|sha1) : ;;
 			*)
 				error "$(gettext "Invalid integrity algorithm '%s' specified")" "$integ"
 				exit 1;; # $E_CONFIG_ERROR
@@ -557,7 +557,7 @@ check_checksums() {
 					fi
 				fi
 
-				if echo "${integrity_sums[$idx]}  $file" | ${integ}sum --status -c - &>/dev/null; then
+				if [ "${integrity_sums[$idx]}" = "$(openssl dgst -${integ} "$file" | awk '{print $2}')" ]; then
 					echo "$(gettext "Passed")" >&2
 				else
 					echo "$(gettext "FAILED")" >&2
-- 
1.5.5.1



