summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2020-01-23 03:14:14 +0100
committerAllan McRae <allan@archlinux.org>2020-01-28 01:46:26 +0100
commit21af79860403f9120d2c0412a95ec97d06368e11 (patch)
tree44961845d694432a85a70cf25f702ff181a1d95a
parentc3852ff42569542b787d9e49289f5358ad22f900 (diff)
downloadpacman-21af79860403f9120d2c0412a95ec97d06368e11.tar.gz
pacman-21af79860403f9120d2c0412a95ec97d06368e11.tar.xz
makepkg: add CRC checksums and set these to be the default
Checksums arrays should be filled with values provided by upstream. We currently have md5 set as an unsecure default, and are constantly asked to change it to sha2. However, just changing the default to a stronger checksum gives the user the impression that "makepkg -g" checksums are perfect. Instead, change the default checksum to a CRC, to make it clear that any checksum generated purely by "makepkg -g" is not ideal. Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--doc/PKGBUILD.5.asciidoc14
-rw-r--r--doc/makepkg.conf.5.asciidoc2
-rw-r--r--etc/makepkg.conf.in4
-rw-r--r--scripts/libmakepkg/util/schema.sh.in2
-rw-r--r--scripts/makepkg.sh.in4
5 files changed, 13 insertions, 13 deletions
diff --git a/doc/PKGBUILD.5.asciidoc b/doc/PKGBUILD.5.asciidoc
index 4c4c6df5..2e2108a0 100644
--- a/doc/PKGBUILD.5.asciidoc
+++ b/doc/PKGBUILD.5.asciidoc
@@ -118,7 +118,7 @@ systems (see below).
+
Additional architecture-specific sources can be added by appending an
underscore and the architecture name e.g., 'source_x86_64=()'. There must be a
-corresponding integrity array with checksums, e.g. 'md5sums_x86_64=()'.
+corresponding integrity array with checksums, e.g. 'cksums_x86_64=()'.
+
It is also possible to change the name of the downloaded file, which is helpful
with weird URLs and for handling multiple source files with the same
@@ -146,19 +146,19 @@ contain whitespace characters.
listed here will not be extracted with the rest of the source files. This
is useful for packages that use compressed data directly.
-*md5sums (array)*::
- This array contains an MD5 hash for every source file specified in the
+*cksums (array)*::
+ This array contains CRC checksums for every source file specified in the
source array (in the same order). makepkg will use this to verify source
file integrity during subsequent builds. If 'SKIP' is put in the array
in place of a normal hash, the integrity check for that source file will
- be skipped. To easily generate md5sums, run ``makepkg -g >> PKGBUILD''.
- If desired, move the md5sums line to an appropriate location. Note that
+ be skipped. To easily generate cksums, run ``makepkg -g >> PKGBUILD''.
+ If desired, move the cksums line to an appropriate location. Note that
checksums generated by "makepkg -g" should be verified using checksum
values provided by the software developer.
-*sha1sums, sha224sums, sha256sums, sha384sums, sha512sums, b2sums (arrays)*::
+*md5sums, sha1sums, sha224sums, sha256sums, sha384sums, sha512sums, b2sums (arrays)*::
Alternative integrity checks that makepkg supports; these all behave
- similar to the md5sums option described above. To enable use and generation
+ similar to the cksums option described above. To enable use and generation
of these checksums, be sure to set up the `INTEGRITY_CHECK` option in
linkman:makepkg.conf[5].
diff --git a/doc/makepkg.conf.5.asciidoc b/doc/makepkg.conf.5.asciidoc
index b7496324..04cc5ea9 100644
--- a/doc/makepkg.conf.5.asciidoc
+++ b/doc/makepkg.conf.5.asciidoc
@@ -192,7 +192,7 @@ Options
**INTEGRITY_CHECK=(**check1 ...**)**::
File integrity checks to use. Multiple checks may be specified; this
affects both generation and checking. The current valid options are:
- `md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`, and `b2`.
+ `ck`, `md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`, and `b2`.
**STRIP_BINARIES=**"--strip-all"::
Options to be used when stripping binaries. See linkman:strip[1]
diff --git a/etc/makepkg.conf.in b/etc/makepkg.conf.in
index caf5114b..1c7988d2 100644
--- a/etc/makepkg.conf.in
+++ b/etc/makepkg.conf.in
@@ -89,8 +89,8 @@ BUILDENV=(!distcc color !ccache check !sign)
#
OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !debug)
-#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
-INTEGRITY_CHECK=(md5)
+#-- File integrity checks to use. Valid: ck, md5, sha1, sha224, sha256, sha384, sha512, b2
+INTEGRITY_CHECK=(ck)
#-- Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="@STRIP_BINARIES@"
#-- Options to be used when stripping shared libraries. See `man strip' for details.
diff --git a/scripts/libmakepkg/util/schema.sh.in b/scripts/libmakepkg/util/schema.sh.in
index b2f119cf..02bfdb86 100644
--- a/scripts/libmakepkg/util/schema.sh.in
+++ b/scripts/libmakepkg/util/schema.sh.in
@@ -26,7 +26,7 @@ LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
source "$LIBRARY/util/util.sh"
-known_hash_algos=({md5,sha{1,224,256,384,512},b2})
+known_hash_algos=({ck,md5,sha{1,224,256,384,512},b2})
pkgbuild_schema_arrays=(arch backup checkdepends conflicts depends groups
license makedepends noextract optdepends options
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index a6de7823..7fa791e1 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1195,8 +1195,8 @@ unset "${known_hash_algos[@]/%/sums}"
unset -f pkgver prepare build check package "${!package_@}"
unset "${!makedepends_@}" "${!depends_@}" "${!source_@}" "${!checkdepends_@}"
unset "${!optdepends_@}" "${!conflicts_@}" "${!provides_@}" "${!replaces_@}"
-unset "${!md5sums_@}" "${!sha1sums_@}" "${!sha224sums_@}" "${!sha256sums_@}"
-unset "${!sha384sums_@}" "${!sha512sums_@}" "${!b2sums_@}"
+unset "${!cksums_@}" "${!md5sums_@}" "${!sha1sums_@}" "${!sha224sums_@}"
+unset "${!sha256sums_@}" "${!sha384sums_@}" "${!sha512sums_@}" "${!b2sums_@}"
BUILDFILE=${BUILDFILE:-$BUILDSCRIPT}
if [[ ! -f $BUILDFILE ]]; then