[pacman-dev] [PATCH][WIP] Use coreutils binaries for checking/generating checksums

Allan McRae allan at archlinux.org
Tue Oct 11 13:11:50 UTC 2016 

If pacman is build against a crypto library other than openssl, it makes no
sense to require makepkg to use it.

The only currently considered alternative to openssl is nettle, which has no
binary for base64 encode/decode. This means that we could replace the hashing
cacluations with nettle-hash, but would require base64 from coreutils.

Given makepkg already relies heavily on coreutils, we might as well use all
the coreutils hashing binaries too.

This patch also improves the checking of required binaries for hashing
operations.

Signed-off-by: Allan McRae <allan at archlinux.org>
---

This joins the previous patch to enable building pacman against different
crypto libraries.

 .../libmakepkg/integrity/generate_checksum.sh.in   |  9 ++------
 scripts/libmakepkg/integrity/verify_checksum.sh.in |  4 ++--
 scripts/makepkg.sh.in                              | 24 ++++++++++++++--------
 scripts/repo-add.sh.in                             | 16 +++++++--------
 4 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/scripts/libmakepkg/integrity/generate_checksum.sh.in b/scripts/libmakepkg/integrity/generate_checksum.sh.in
index 7a56710..6209ec2 100644
--- a/scripts/libmakepkg/integrity/generate_checksum.sh.in
+++ b/scripts/libmakepkg/integrity/generate_checksum.sh.in
@@ -59,8 +59,8 @@ generate_one_checksum() {
 				if [[ $netfile != *.@(sig?(n)|asc) ]]; then
 					local file
 					file="$(get_filepath "$netfile")" || missing_source_file "$netfile"
-					sum="$(openssl dgst -${integ} "$file")"
-					sum=${sum##* }
+					sum="$("${integ}sum" "$file")"
+					sum=${sum% *}
 				else
 					sum="SKIP"
 				fi
@@ -80,11 +80,6 @@ generate_one_checksum() {
 generate_checksums() {
 	msg "$(gettext "Generating checksums for source files...")"
 
-	if ! type -p openssl >/dev/null; then
-		error "$(gettext "Cannot find the %s binary required for generating sourcefile checksums.")" "openssl"
-		exit 1 # $E_MISSING_PROGRAM
-	fi
-
 	local integlist
 	if (( $# == 0 )); then
 		IFS=$'\n' read -rd '' -a integlist < <(get_integlist)
diff --git a/scripts/libmakepkg/integrity/verify_checksum.sh.in b/scripts/libmakepkg/integrity/verify_checksum.sh.in
index 44a2b2e..2d62455 100644
--- a/scripts/libmakepkg/integrity/verify_checksum.sh.in
+++ b/scripts/libmakepkg/integrity/verify_checksum.sh.in
@@ -82,8 +82,8 @@ verify_integrity_one() {
 		return 1
 	fi
 
-	local realsum="$(openssl dgst -${integ} "$file")"
-	realsum="${realsum##* }"
+	local realsum="$("${integ}sum" "$file")"
+	realsum="${realsum% *}"
 	if [[ ${expectedsum,,} = "$realsum" ]]; then
 		printf '%s\n' "$(gettext "Passed")" >&2
 	else
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 82c9367..69a99a5 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -28,7 +28,7 @@
 # makepkg uses quite a few external programs during its execution. You
 # need to have at least the following installed for makepkg to function:
 #   awk, bsdtar (libarchive), bzip2, coreutils, fakeroot, file, find (findutils),
-#   gettext, gpg, grep, gzip, openssl, sed, tput (ncurses), xz
+#   gettext, gpg, grep, gzip, sed, tput (ncurses), xz
 
 # gettext initialization
 export TEXTDOMAIN='pacman-scripts'
@@ -658,8 +658,8 @@ write_buildinfo() {
 
 	printf "builddir = %s\n"  "${BUILDDIR}"
 
-	local sum="$(openssl dgst -sha256 "${BUILDFILE}")"
-	sum=${sum##* }
+	local sum="$(sha256sum "${BUILDFILE}")"
+	sum=${sum% *}
 
 	printf "pkgbuild_sha256sum = %s\n" $sum
 
@@ -1022,12 +1022,18 @@ check_software() {
 		fi
 	fi
 
-	# openssl - checksum operations
-	if (( ! SKIPCHECKSUMS )); then
-		if ! type -p openssl >/dev/null; then
-			error "$(gettext "Cannot find the %s binary required for validating source file checksums.")" "openssl"
-			ret=1
-		fi
+	# checksum operations
+	if (( GENINTEG || ! SKIPCHECKSUMS )); then
+		local integlist
+		IFS=$'\n' read -rd '' -a integlist < <(get_integlist)
+
+		local integ
+		for integ in "${integlist[@]}"; do
+			if ! type -p "${integ}sum" >/dev/null; then
+				error "$(gettext "Cannot find the %s binary required for source file checksums operations.")" "${integ}sum"
+				ret=1
+			fi
+		done
 	fi
 
 	# distcc - compilation with distcc
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 4da2c31..b1464e9 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -151,8 +151,8 @@ db_write_delta() {
 		echo -e "%DELTAS%" >"$deltas"
 	fi
 	# get md5sum and compressed size of package
-	md5sum=$(openssl dgst -md5 "$deltafile")
-	md5sum=${md5sum##* }
+	md5sum=$(md5sum "$deltafile")
+	md5sum=${md5sum% *}
 	csize=$(@SIZECMD@ -L "$deltafile")
 
 	oldfile=$(xdelta3 printhdr "$deltafile" | grep "XDELTA filename (source)" | sed 's/.*: *//')
@@ -374,17 +374,17 @@ db_write_entry() {
 			return 1
 		fi
 		msg2 "$(gettext "Adding package signature...")"
-		pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n')
+		pgpsig=$(base64 "$pkgfile.sig" | tr -d '\n')
 	fi
 
 	csize=$(@SIZECMD@ -L "$pkgfile")
 
 	# compute checksums
 	msg2 "$(gettext "Computing checksums...")"
-	md5sum=$(openssl dgst -md5 "$pkgfile")
-	md5sum=${md5sum##* }
-	sha256sum=$(openssl dgst -sha256 "$pkgfile")
-	sha256sum=${sha256sum##* }
+	md5sum=$(md5sum "$pkgfile")
+	md5sum=${md5sum% *}
+	sha256sum=$(sha256sum "$pkgfile")
+	sha256sum=${sha256sum% *}
 
 	# remove an existing entry if it exists, ignore failures
 	db_remove_entry "$pkgname"
@@ -501,7 +501,7 @@ elephant() {
 		                 "ZL9JFFZeAa0a2+lKjL2anpYfV+0Zx9LJ+/MC8nRayuDlSNy2rfAPibOzsiWHL0jL" \
 		                 "SsjFAQAA"
 		;;
-	esac | openssl base64 -d | gzip -d
+	esac | base64 -d | gzip -d
 }
 
 prepare_repo_db() {
-- 
2.10.0

More information about the pacman-dev mailing list