diff options
author | Allan McRae <allan@archlinux.org> | 2020-01-23 03:14:14 +0100 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2020-01-28 01:46:26 +0100 |
commit | 21af79860403f9120d2c0412a95ec97d06368e11 (patch) | |
tree | 44961845d694432a85a70cf25f702ff181a1d95a | |
parent | c3852ff42569542b787d9e49289f5358ad22f900 (diff) | |
download | pacman-21af79860403f9120d2c0412a95ec97d06368e11.tar.gz pacman-21af79860403f9120d2c0412a95ec97d06368e11.tar.xz |
makepkg: add CRC checksums and set these to be the default
Checksums arrays should be filled with values provided by upstream. We
currently have md5 set as an unsecure default, and are constantly asked to
change it to sha2. However, just changing the default to a stronger checksum
gives the user the impression that "makepkg -g" checksums are perfect.
Instead, change the default checksum to a CRC, to make it clear that any
checksum generated purely by "makepkg -g" is not ideal.
Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r-- | doc/PKGBUILD.5.asciidoc | 14 | ||||
-rw-r--r-- | doc/makepkg.conf.5.asciidoc | 2 | ||||
-rw-r--r-- | etc/makepkg.conf.in | 4 | ||||
-rw-r--r-- | scripts/libmakepkg/util/schema.sh.in | 2 | ||||
-rw-r--r-- | scripts/makepkg.sh.in | 4 |
5 files changed, 13 insertions, 13 deletions
diff --git a/doc/PKGBUILD.5.asciidoc b/doc/PKGBUILD.5.asciidoc index 4c4c6df5..2e2108a0 100644 --- a/doc/PKGBUILD.5.asciidoc +++ b/doc/PKGBUILD.5.asciidoc @@ -118,7 +118,7 @@ systems (see below). + Additional architecture-specific sources can be added by appending an underscore and the architecture name e.g., 'source_x86_64=()'. There must be a -corresponding integrity array with checksums, e.g. 'md5sums_x86_64=()'. +corresponding integrity array with checksums, e.g. 'cksums_x86_64=()'. + It is also possible to change the name of the downloaded file, which is helpful with weird URLs and for handling multiple source files with the same @@ -146,19 +146,19 @@ contain whitespace characters. listed here will not be extracted with the rest of the source files. This is useful for packages that use compressed data directly. -*md5sums (array)*:: - This array contains an MD5 hash for every source file specified in the +*cksums (array)*:: + This array contains CRC checksums for every source file specified in the source array (in the same order). makepkg will use this to verify source file integrity during subsequent builds. If 'SKIP' is put in the array in place of a normal hash, the integrity check for that source file will - be skipped. To easily generate md5sums, run ``makepkg -g >> PKGBUILD''. - If desired, move the md5sums line to an appropriate location. Note that + be skipped. To easily generate cksums, run ``makepkg -g >> PKGBUILD''. + If desired, move the cksums line to an appropriate location. Note that checksums generated by "makepkg -g" should be verified using checksum values provided by the software developer. -*sha1sums, sha224sums, sha256sums, sha384sums, sha512sums, b2sums (arrays)*:: +*md5sums, sha1sums, sha224sums, sha256sums, sha384sums, sha512sums, b2sums (arrays)*:: Alternative integrity checks that makepkg supports; these all behave - similar to the md5sums option described above. To enable use and generation + similar to the cksums option described above. To enable use and generation of these checksums, be sure to set up the `INTEGRITY_CHECK` option in linkman:makepkg.conf[5]. diff --git a/doc/makepkg.conf.5.asciidoc b/doc/makepkg.conf.5.asciidoc index b7496324..04cc5ea9 100644 --- a/doc/makepkg.conf.5.asciidoc +++ b/doc/makepkg.conf.5.asciidoc @@ -192,7 +192,7 @@ Options **INTEGRITY_CHECK=(**check1 ...**)**:: File integrity checks to use. Multiple checks may be specified; this affects both generation and checking. The current valid options are: - `md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`, and `b2`. + `ck`, `md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`, and `b2`. **STRIP_BINARIES=**"--strip-all":: Options to be used when stripping binaries. See linkman:strip[1] diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in index caf5114b..1c7988d2 100644 --- a/etc/makepkg.conf.in +++ b/etc/makepkg.conf.in @@ -89,8 +89,8 @@ BUILDENV=(!distcc color !ccache check !sign) # OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !debug) -#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2 -INTEGRITY_CHECK=(md5) +#-- File integrity checks to use. Valid: ck, md5, sha1, sha224, sha256, sha384, sha512, b2 +INTEGRITY_CHECK=(ck) #-- Options to be used when stripping binaries. See `man strip' for details. STRIP_BINARIES="@STRIP_BINARIES@" #-- Options to be used when stripping shared libraries. See `man strip' for details. diff --git a/scripts/libmakepkg/util/schema.sh.in b/scripts/libmakepkg/util/schema.sh.in index b2f119cf..02bfdb86 100644 --- a/scripts/libmakepkg/util/schema.sh.in +++ b/scripts/libmakepkg/util/schema.sh.in @@ -26,7 +26,7 @@ LIBRARY=${LIBRARY:-'@libmakepkgdir@'} source "$LIBRARY/util/util.sh" -known_hash_algos=({md5,sha{1,224,256,384,512},b2}) +known_hash_algos=({ck,md5,sha{1,224,256,384,512},b2}) pkgbuild_schema_arrays=(arch backup checkdepends conflicts depends groups license makedepends noextract optdepends options diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index a6de7823..7fa791e1 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1195,8 +1195,8 @@ unset "${known_hash_algos[@]/%/sums}" unset -f pkgver prepare build check package "${!package_@}" unset "${!makedepends_@}" "${!depends_@}" "${!source_@}" "${!checkdepends_@}" unset "${!optdepends_@}" "${!conflicts_@}" "${!provides_@}" "${!replaces_@}" -unset "${!md5sums_@}" "${!sha1sums_@}" "${!sha224sums_@}" "${!sha256sums_@}" -unset "${!sha384sums_@}" "${!sha512sums_@}" "${!b2sums_@}" +unset "${!cksums_@}" "${!md5sums_@}" "${!sha1sums_@}" "${!sha224sums_@}" +unset "${!sha256sums_@}" "${!sha384sums_@}" "${!sha512sums_@}" "${!b2sums_@}" BUILDFILE=${BUILDFILE:-$BUILDSCRIPT} if [[ ! -f $BUILDFILE ]]; then |