[pacman-dev] [PATCH] Use openssl for checksum verification instead of *sum utilities

Dan McGee dpmcgee at gmail.com
Sat May 31 09:21:29 EDT 2008


On Sat, May 31, 2008 at 1:35 AM, Sebastian Nowicki <sebnow at gmail.com> wrote:
> md5sum, sha1sum, etc, do not exist on BSD systems by default. Openssl is
> a good portable alternative. This also brings in a dependency for
> openssl.
>
> Closes FS#10530.
>
> Signed-off-by: Sebastian Nowicki <sebnow at gmail.com>
> ---
>  scripts/makepkg.sh.in |   12 ++++++------
>  1 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index 6e2f1ad..cb55dea 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -480,8 +480,8 @@ generate_checksums() {
>                                exit 1;; # $E_CONFIG_ERROR
>                esac
>
> -               if [ ! $(type -p "${integ}sum") ]; then
> -                       error "$(gettext "Cannot find the '%s' program.")" "${integ}sum"
> +               if [ ! $(type -p "openssl") ]; then
> +                       error "$(gettext "Cannot find openssl.")"
>                        exit 1 # $E_MISSING_PROGRAM
>                fi
>
> @@ -510,7 +510,7 @@ generate_checksums() {
>                                fi
>                        fi
>
> -                       local sum="$(${integ}sum "$file" | cut -d ' ' -f 1)"
> +                       local sum="$(openssl dgst -${integ} "$file" | awk '{print $2}')"
>                        [ $ct -gt 0 ] && echo -n "$indent"
>                        echo -n "'$sum'"
>                        ct=$(($ct+1))
> @@ -532,8 +532,8 @@ check_checksums() {
>                                exit 1;; # $E_CONFIG_ERROR
>                esac
>
> -               if [ ! $(type -p "${integ}sum") ]; then
> -                       error "$(gettext "Cannot find the '%s' program.")" "${integ}sum"
> +               if [ ! $(type -p "openssl") ]; then
> +                       error "$(gettext "Cannot find openssl.")"
>                        exit 1 # $E_MISSING_PROGRAM
>                fi
>
> @@ -557,7 +557,7 @@ check_checksums() {
>                                        fi
>                                fi
>
> -                               if echo "${integrity_sums[$idx]}  $file" | ${integ}sum --status -c - &>/dev/null; then
> +                               if [ "${integrity_sums[$idx]}" = "$(openssl dgst -${integ} "$file" | awk '{print $2}')" ]; then
>                                        echo "$(gettext "Passed")" >&2
>                                else
>                                        echo "$(gettext "FAILED")" >&2
> --
Code go boom:
$ openssl dgst -md5 'file with spaces'
MD5(file with spaces)= d41d8cd98f00b204e9800998ecf8427e
$ openssl dgst -md5 'file with spaces' | awk '{print $2}'
with

Try awk '{print $NF}' (NF is number of fields, so it will always print
the last field) instead and it should always work.

-Dan




More information about the pacman-dev mailing list