[pacman-dev] [PATCH] makepkg: Fix whirlpoolsums support

Mon Aug 27 20:02:27 UTC 2018

From: Luke Shumaker <lukeshu at parabola.nu>

Commit 9cdfd187 introduced support for whirlpool checksums in v5.0.0.
However, it was sloppy and missed several places where the list of
checksums is used.  So fix that.  In several places, we can take advantage
of the 'known_hash_algos' variable to simplify things a bit.

Commit 57770125 switched from using OpenSSL to GNU coreutils for doing the
checksums in v5.1.0.  This broke the whirlpool support, as coreutils does
not implement a 'whirlpoolsum' program.  So go back to using openssl for
whirlpool sums only.
---
I'm not particularly attached to whirlpool support, and if your
reaction is "let's formally drop whirlpool", I wouldn't be upset by
that.

A handful (15) of Parabola's PKGBUILDs use whirlpoolsums, which makes
sense, because the author if the original whirlpoolsums commit is a
Parabola contributor.  But, if you want to drop whirlpool, I have no
problem saying that those packages need to migrate to a different
checksum algorithm at their next update.

 doc/PKGBUILD.5.asciidoc                       |  2 +-
 etc/makepkg.conf.in                           |  2 +-
 .../integrity/generate_checksum.sh.in         | 12 +++++++++--
 .../integrity/verify_checksum.sh.in           | 13 ++++++++++--
 .../libmakepkg/lint_pkgbuild/variable.sh.in   |  4 ++--
 scripts/libmakepkg/srcinfo.sh.in              |  4 ++--
 scripts/makepkg.sh.in                         | 20 +++++++++++++------
 7 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/doc/PKGBUILD.5.asciidoc b/doc/PKGBUILD.5.asciidoc
index f12effde..5715c7aa 100644
--- a/doc/PKGBUILD.5.asciidoc
+++ b/doc/PKGBUILD.5.asciidoc
@@ -154,7 +154,7 @@ contain whitespace characters.
 	be skipped. To easily generate md5sums, run ``makepkg -g >> PKGBUILD''.
 	If desired, move the md5sums line to an appropriate location.

-*sha1sums, sha224sums, sha256sums, sha384sums, sha512sums (arrays)*::
+*sha1sums, sha224sums, sha256sums, sha384sums, sha512sums, whirlpoolsums (arrays)*::
 	Alternative integrity checks that makepkg supports; these all behave
 	similar to the md5sums option described above. To enable use and generation
 	of these checksums, be sure to set up the `INTEGRITY_CHECK` option in
diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in
index b0fdea9e..22d298f7 100644
--- a/etc/makepkg.conf.in
+++ b/etc/makepkg.conf.in
@@ -87,7 +87,7 @@ BUILDENV=(!distcc color !ccache check !sign)
 #
 OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !debug)

-#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512
+#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, whirlpool
 INTEGRITY_CHECK=(md5)
 #-- Options to be used when stripping binaries. See `man strip' for details.
 STRIP_BINARIES="@STRIP_BINARIES@"
diff --git a/scripts/libmakepkg/integrity/generate_checksum.sh.in b/scripts/libmakepkg/integrity/generate_checksum.sh.in
index eb9b74fc..7480c0ee 100644
--- a/scripts/libmakepkg/integrity/generate_checksum.sh.in
+++ b/scripts/libmakepkg/integrity/generate_checksum.sh.in
@@ -59,8 +59,16 @@ generate_one_checksum() {
 				if [[ ${netfile%%::*} != *.@(sig?(n)|asc) ]]; then
 					local file
 					file="$(get_filepath "$netfile")" || missing_source_file "$netfile"
-					sum="$("${integ}sum" "$file")"
-					sum=${sum%% *}
+					case "$integ" in
+						md5|sha1|sha224|sha256|sha384|sha512)
+							sum="$("${integ}sum" "$file")"
+							sum=${sum%% *}
+							;;
+						whirlpool)
+							sum="$(openssl dgst -${integ} "$file")"
+							sum=${sum##* }
+							;;
+					esac
 				else
 					sum="SKIP"
 				fi
diff --git a/scripts/libmakepkg/integrity/verify_checksum.sh.in b/scripts/libmakepkg/integrity/verify_checksum.sh.in
index 532e0693..6cd30ab4 100644
--- a/scripts/libmakepkg/integrity/verify_checksum.sh.in
+++ b/scripts/libmakepkg/integrity/verify_checksum.sh.in
@@ -82,8 +82,17 @@ verify_integrity_one() {
 		return 1
 	fi

-	local realsum="$("${integ}sum" "$file")"
-	realsum="${realsum%% *}"
+	local realsum
+	case "$integ" in
+		md5|sha1|sha224|sha256|sha384|sha512)
+			realsum="$("${integ}sum" "$file")"
+			realsum="${realsum%% *}"
+			;;
+		whirlpool)
+			realsum="$(openssl dgst -${integ} "$file")"
+			realsum=${realsum##* }
+			;;
+	esac
 	if [[ ${expectedsum,,} = "$realsum" ]]; then
 		printf '%s\n' "$(gettext "Passed")" >&2
 	else
diff --git a/scripts/libmakepkg/lint_pkgbuild/variable.sh.in b/scripts/libmakepkg/lint_pkgbuild/variable.sh.in
index 5f783e83..63c4955b 100644
--- a/scripts/libmakepkg/lint_pkgbuild/variable.sh.in
+++ b/scripts/libmakepkg/lint_pkgbuild/variable.sh.in
@@ -33,8 +33,8 @@ lint_variable() {
 	# TODO: refactor - similar arrays are used elsewhere
 	local array=(arch backup checkdepends groups license noextract options
 	             validpgpkeys)
-	local arch_array=(conflicts depends makedepends md5sums optdepends provides
-	                  replaces sha1sums sha224sums sha256sums sha384sums sha512sums
+	local arch_array=(conflicts depends makedepends optdepends provides
+	                  replaces "${known_hash_algos[@]/%/sums}"
 			  source)
 	local string=(changelog epoch install pkgbase pkgdesc pkgrel pkgver url)

diff --git a/scripts/libmakepkg/srcinfo.sh.in b/scripts/libmakepkg/srcinfo.sh.in
index 509c4860..a97cdde5 100644
--- a/scripts/libmakepkg/srcinfo.sh.in
+++ b/scripts/libmakepkg/srcinfo.sh.in
@@ -63,7 +63,7 @@ srcinfo_write_section_details() {
 	local attr package_arch a
 	local multivalued_arch_attrs=(source provides conflicts depends replaces
 	                              optdepends makedepends checkdepends
-	                              {md5,sha{1,224,256,384,512}}sums)
+	                              "${known_hash_algos[@]/%/sums}")

 	for attr in "${singlevalued[@]}"; do
 		pkgbuild_extract_to_srcinfo "$1" "$attr" 0
@@ -89,7 +89,7 @@ srcinfo_write_global() {
 	local multivalued=(arch groups license checkdepends makedepends
 	                   depends optdepends provides conflicts replaces
 	                   noextract options backup
-	                   source validpgpkeys {md5,sha{1,224,256,384,512}}sums)
+	                   source validpgpkeys "${known_hash_algos[@]/%/sums}")

 	srcinfo_open_section 'pkgbase' "${pkgbase:-$pkgname}"
 	srcinfo_write_section_details ''
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 2ac1bbca..92a0b692 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1017,10 +1017,18 @@ check_software() {
 		local integlist
 		IFS=$'\n' read -rd '' -a integlist < <(get_integlist)

-		local integ
+		local integ binary
 		for integ in "${integlist[@]}"; do
-			if ! type -p "${integ}sum" >/dev/null; then
-				error "$(gettext "Cannot find the %s binary required for source file checksums operations.")" "${integ}sum"
+			case "$integ" in
+				md5|sha1|sha224|sha256|sha384|sha512)
+					binary="${integ}sum"
+					;;
+				whirlpool)
+					binary=openssl
+					;;
+			esac
+			if ! type -p "$binary" >/dev/null; then
+				error "$(gettext "Cannot find the %s binary required for source file checksums operations.")" "$binary"
 				ret=1
 			fi
 		done
@@ -1416,12 +1424,12 @@ else
 fi

 unset pkgname pkgbase pkgver pkgrel epoch pkgdesc url license groups provides
-unset md5sums replaces depends conflicts backup source install changelog build
-unset sha{1,224,256,384,512}sums makedepends optdepends options noextract validpgpkeys
+unset replaces depends conflicts backup source install changelog build
+unset "${known_hash_algos[@]/%/sums}" makedepends optdepends options noextract validpgpkeys
 unset "${!makedepends_@}" "${!depends_@}" "${!source_@}" "${!checkdepends_@}"
 unset "${!optdepends_@}" "${!conflicts_@}" "${!provides_@}" "${!replaces_@}"
 unset "${!md5sums_@}" "${!sha1sums_@}" "${!sha224sums_@}" "${!sha256sums_@}"
-unset "${!sha384sums_@}" "${!sha512sums_@}"
+unset "${!sha384sums_@}" "${!sha512sums_@}" "${!whirlpoolsums_@}"

 BUILDFILE=${BUILDFILE:-$BUILDSCRIPT}
 if [[ ! -f $BUILDFILE ]]; then
--
2.18.0
