summaryrefslogtreecommitdiffstats
path: root/scripts/libmakepkg/integrity
AgeCommit message (Collapse)AuthorFilesLines
2017-01-04makepkg: Verify git signaturesEli Schwartz1-4/+49
A git repository is marked as signed if it contains the query "signed" as defined by https://tools.ietf.org/html/rfc3986 Adds two utility functions in util/source.sh.in to extract fragments and queries, and modifies source/git.sh.in to use them. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04libmakepkg/integrity: Verify file signatures in a separate functionEli Schwartz1-38/+46
This makes it easier to add signature verification for new protos. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae4-4/+4
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Use coreutils binaries for checking/generating checksumsAllan McRae2-9/+4
If pacman is build against a crypto library other than openssl, it makes no sense to require makepkg to use it. The only currently considered alternative to openssl is nettle, which has no binary for base64 encode/decode. This means that we could replace the hashing cacluations with nettle-hash, but would require base64 from coreutils. Given makepkg already relies heavily on coreutils, we might as well use all the coreutils hashing binaries too. This patch also improves the checking of required binaries for hashing operations. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18libmakepkg: extract functions for integrity checkingAshley Whetter4-0/+502
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>