pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mk As seen on tech-pkg - allow multiple digest algorit...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ec4545e50a6d
branches:  trunk
changeset: 489525:ec4545e50a6d
user:      agc <agc%pkgsrc.org@localhost>
date:      Tue Feb 22 21:01:10 2005 +0000

description:
As seen on tech-pkg - allow multiple digest algorithms to be used to
ensure the integrity of distfiles and dist patches.  For now, the
default algorithms are SHA1 and RMD160, set as a whitespace-separated
list in the DIGEST_ALGORITHMS definition.  The DIGEST_ALGORITHM
definition is deprecated.

Patchfiles will still use simply SHA1, since we are trying to detect a
binary "has this file changed", rather than proect against tampering.
In short, if someone can modify the patch file, they can modify the
distinfo file holding its digest information. This value is set in the
new PATCH_DIGEST_ALGORITHM definition.

Triggered by the breaking of SHA1, as reported in

        http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

diffstat:

 mk/bsd.pkg.mk |  49 +++++++++++++++++++++++++++++--------------------
 1 files changed, 29 insertions(+), 20 deletions(-)

diffs (105 lines):

diff -r 67dac0322b53 -r ec4545e50a6d mk/bsd.pkg.mk
--- a/mk/bsd.pkg.mk     Tue Feb 22 20:16:50 2005 +0000
+++ b/mk/bsd.pkg.mk     Tue Feb 22 21:01:10 2005 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: bsd.pkg.mk,v 1.1593 2005/02/21 20:12:01 veego Exp $
+#      $NetBSD: bsd.pkg.mk,v 1.1594 2005/02/22 21:01:10 agc Exp $
 #
 # This file is in the public domain.
 #
@@ -129,7 +129,7 @@
 CONFIGURE_SCRIPT?=     ./configure
 DEPENDS?=              # empty
 DESCR_SRC?=            ${PKGDIR}/DESCR
-DIGEST_ALGORITHM?=     SHA1
+DIGEST_ALGORITHMS?=    SHA1 RMD160
 DISTFILES?=            ${DISTNAME}${EXTRACT_SUFX}
 DISTINFO_FILE?=                ${PKGDIR}/distinfo
 EXTRACT_ONLY?=         ${DISTFILES}
@@ -141,6 +141,7 @@
 MAINTAINER?=           tech-pkg%NetBSD.org@localhost
 MAKE_FLAGS?=           # empty
 MAKEFILE?=             Makefile
+PATCH_DIGEST_ALGORITHM?=SHA1
 PKG_SUFX?=             .tgz
 PKGFILE?=              ${PKGREPOSITORY}/${PKGNAME}${PKG_SUFX}
 PKGREPOSITORY?=                ${PACKAGES}/${PKGREPOSITORYSUBDIR}
@@ -1275,7 +1276,7 @@
                                if [ -n "${FAILOVER_FETCH}" -a -f ${DISTINFO_FILE} -a -f ${_DISTDIR}/$$bfile ]; then \
                                        alg=`${AWK} 'NF == 4 && $$2 == "('$$file')" && $$3 == "=" {print $$1;}' ${DISTINFO_FILE}`; \
                                        if [ -z "$$alg" ]; then         \
-                                               alg=${DIGEST_ALGORITHM};\
+                                               alg=${PATCH_DIGEST_ALGORITHM};\
                                        fi;                             \
                                        CKSUM=`${DIGEST} $$alg < ${_DISTDIR}/$$bfile`; \
                                        CKSUM2=`${AWK} '$$1 == "'$$alg'" && $$2 == "('$$file')" {print $$4;}' <${DISTINFO_FILE}`; \
@@ -3691,12 +3692,18 @@
        cd ${DISTDIR};                                                  \
        for sumfile in "" ${_CKSUMFILES}; do                            \
                if [ "X$$sumfile" = "X" ]; then continue; fi;           \
-               ${DIGEST} ${DIGEST_ALGORITHM} $$sumfile >> $$newfile;   \
+               for a in "" ${DIGEST_ALGORITHMS}; do                    \
+                       if [ "X$$a" = "X" ]; then continue; fi;         \
+                       ${DIGEST} $$a $$sumfile >> $$newfile;           \
+               done;                                                   \
                ${WC} -c $$sumfile | ${AWK} '{ print "Size (" $$2 ") = " $$1 " bytes" }' >> $$newfile; \
        done;                                                           \
        for ignore in "" ${_IGNOREFILES}; do                            \
                if [ "X$$ignore" = "X" ]; then continue; fi;            \
-               ${ECHO} "${DIGEST_ALGORITHM} ($$ignore) = IGNORE" >> $$newfile; \
+               for a in "" ${DIGEST_ALGORITHMS}; do                    \
+                       if [ "X$$a" = "X" ]; then continue; fi;         \
+                       ${ECHO} "$$a ($$ignore) = IGNORE" >> $$newfile; \
+               done;                                                   \
        done;                                                           \
        if [ -f ${DISTINFO_FILE} ]; then                                \
                ${AWK} '$$2 ~ /\(patch-[a-z0-9]+\)/ { print $$0 }' < ${DISTINFO_FILE} >> $$newfile; \
@@ -3729,7 +3736,7 @@
                        case $$sumfile in                               \
                                patch-local-*) ;;                       \
                                *.orig|*.rej|*~) continue ;;            \
-                               *)      ${ECHO} "${DIGEST_ALGORITHM} ($$sumfile) = `${SED} -e '/\$$NetBSD.*/d' $$sumfile | ${DIGEST} ${DIGEST_ALGORITHM}`" >> $$newfile;; \
+                               *)      ${ECHO} "${PATCH_DIGEST_ALGORITHM} ($$sumfile) = `${SED} -e '/\$$NetBSD.*/d' $$sumfile | ${DIGEST} ${PATCH_DIGEST_ALGORITHM}`" >> $$newfile;; \
                        esac;                                           \
                done);                                                  \
        fi;                                                             \
@@ -3762,23 +3769,25 @@
                  for file in "" ${_CKSUMFILES}; do                     \
                        if [ "X$$file" = X"" ]; then continue; fi;      \
                        alg=`${AWK} 'NF == 4 && $$2 == "('$$file')" && $$3 == "=" {print $$1;}' ${DISTINFO_FILE}`; \
-                       if [ "X$$alg" = "X" ]; then                     \
-                               ${ECHO_MSG} "=> No checksum recorded for $$file."; \
-                               OK="false";                             \
-                       else                                            \
-                               CKSUM=`${DIGEST} $$alg < $$file`;       \
-                               CKSUM2=`${AWK} '$$1 == "'$$alg'" && $$2 == "('$$file')"{print $$4;}' ${DISTINFO_FILE}`; \
-                               if [ "$$CKSUM2" = "IGNORE" ]; then      \
-                                       ${ECHO_MSG} "=> Checksum for $$file is set to IGNORE in checksum file even though"; \
-                                       ${ECHO_MSG} "   the file is not in the "'$$'"{IGNOREFILES} list."; \
+                       for a in $$alg; do                              \
+                               if [ "X$$alg" = "X" ]; then             \
+                                       ${ECHO_MSG} "=> No checksum recorded for $$file."; \
                                        OK="false";                     \
-                               elif [ "$$CKSUM" = "$$CKSUM2" ]; then   \
-                                       ${ECHO_MSG} "=> Checksum OK for $$file."; \
                                else                                    \
-                                       ${ECHO_MSG} "=> Checksum mismatch for $$file."; \
-                                       OK="false";                     \
+                                       CKSUM=`${DIGEST} $$a < $$file`; \
+                                       CKSUM2=`${AWK} '$$1 == "'$$a'" && $$2 == "('$$file')"{print $$4;}' ${DISTINFO_FILE}`; \
+                                       if [ "$$CKSUM2" = "IGNORE" ]; then \
+                                               ${ECHO_MSG} "=> Checksum for $$file is set to IGNORE in checksum file even though"; \
+                                               ${ECHO_MSG} "   the file is not in the "'$$'"{IGNOREFILES} list."; \
+                                               OK="false";             \
+                                       elif [ "$$CKSUM" = "$$CKSUM2" ]; then   \
+                                               ${ECHO_MSG} "=> Checksum $$a OK for $$file."; \
+                                       else                            \
+                                               ${ECHO_MSG} "=> Checksum $$a mismatch for $$file."; \
+                                               OK="false";             \
+                                       fi;                             \
                                fi;                                     \
-                       fi;                                             \
+                       done;                                           \
                  done;                                                 \
                  for file in "" ${_IGNOREFILES}; do                    \
                        if [ "X$$file" = X"" ]; then continue; fi;      \



Home | Main Index | Thread Index | Old Index