Subject: new message digest support in pkgsrc
To: None <tech-pkg@netbsd.org>
From: Alistair Crooks <agc@pkgsrc.org>
List: tech-pkg
Date: 03/06/2001 15:01:23
I have just committed changes to pkgsrc to add support for
message digests other than md5.
> Add support for message digests other than md5 into pkgsrc. This is done
> by using the pkgsrc/pkgtools/digest package, and adding dependencies in
> bsd.pkg.mk to make sure that that package is up to date.
>
> There is no discernable performance decrease in using sha1 checksums
> over md5 ones, and most people advocate the use of sha1 or rmd160 over
> md5.
>
> As part of this change, move the initial setting of LOCALBASE, X11BASE
> and CROSSBASE into bsd.prefs.mk from bsd.pkg.mk.
>
> Addresses PR 11809.
And now for some background:
We have been advised that we should move away from the md5 algorithm,
and onto either sha1 or rmd160. We have done this by adding a new
package called digest, which is a small, statically-linked utility
which takes command line arguments of the form:
digest -V
which prints the version and exits, and
digest algorithm [file...]
which calculates a message digest, using algorithm, for all files
on the command line. If no files are specified, then standard
input is used. The output is of the same format as md5(1). The
digest utility is designed to be scalable, so that, as and when
new message digest algorithms come out, they can be incorporated.
I considered modifying the existing cksum(1) utility, but thought
that it wasn't scalable enough, and I considered using openssl, but
didn't want pkgsrc to be dependent on openssl being installed, and
because the output format isn't the same as md5(1).
digest should work fine with the existing md5 checksums. Over time, I
hope to migrate to sha1 in all of pkgsrc. This has been tested quite
extensively (with thanks to Thomas Klausner), but if you experience
any unusual side effects, please use send-pr in the usual way.
Thanks,
Alistair