3 files changed, 88 insertions, 23 deletions
diff --git a/src/cpt-build b/src/cpt-build
index cb93949..4eccbd1 100755
--- a/src/cpt-build
+++ b/src/cpt-build
@@ -2,7 +2,7 @@
 # Build a package
 
 parser_definition() {
-    setup REST help:usage -- "usage: ${0##*/} [pkg...]"
+    setup REST help:usage -- "usage: ${0##*/} [-tfy] [--root ROOT] [pkg...]"
     msg -- '' 'Options:'
     flag CPT_TEST   -t --test export:1 init:@export -- "Run tests (if they exist)"
     global_options
diff --git a/src/cpt-checksum b/src/cpt-checksum
index 5c6de52..488ab87 100755
--- a/src/cpt-checksum
+++ b/src/cpt-checksum
@@ -1,22 +1,32 @@
 #!/bin/sh -ef
 # Generate checksums
 
-if [ -f ./cpt-lib ]; then . ./cpt-lib; else . cpt-lib; fi
+parser_definition() {
+    setup REST help:usage -- "usage: ${0##*/} [-s] [pkg...]"
+    msg         -- '' 'Options:'
+    flag sha -s --    "Generate checksums using the depracated sha256 algorithm"
+    global_options
+}
 
-case "$1" in
-    --help|-h) out "usage: ${0##*/} [pkg...]"; exit 0 ;;
-    --version|-v) version ;;
-    '') set -- "${PWD##*/}"; export CPT_PATH=${PWD%/*}:$CPT_PATH ;;
-esac
+if [ -f ./cpt-lib ]; then . ./cpt-lib; else . cpt-lib; fi
 
+[ "$1" ] || { set -- "${PWD##*/}"; CPT_PATH=${PWD%/*}:$CPT_PATH ;}
 create_cache
 
 for pkg; do pkg_lint    "$pkg" c; done
 for pkg; do pkg_sources "$pkg" c; done
-
 for pkg; do
-    pkg_checksums "$pkg" | {
-        repo_dir=$(pkg_find "$pkg")
+    # Do not generate checksums if the 'sources' file is empty or it doesn't
+    # exist.
+    repo_dir=$(pkg_find "$pkg")
+    [ -s "$repo_dir/sources" ] || {
+        log "$pkg" "No 'sources' file, skipping checksums"
+        continue
+    }
+
+    # $sha is defined by the parser.
+    # shellcheck disable=2154
+    pkg_checksums "$pkg" "${sha:+sh256}" | {
 
         if [ -w "$repo_dir" ]; then
             tee "$repo_dir/checksums"
diff --git a/src/cpt-lib.in b/src/cpt-lib.in
index 7514608..c055331 100644
--- a/src/cpt-lib.in
+++ b/src/cpt-lib.in
@@ -9,7 +9,9 @@
 # Currently maintained by Cem Keylan.
 
 version() {
-    log "Carbs Packaging Tools" @VERSION@
+    out "Carbs Packaging Tools, version @VERSION@" \
+        @LICENSE@
+
     exit 0
 }
 
@@ -154,6 +156,22 @@ _readlinkf() (
     return 1
 )
 
+_get_digest() {
+    # Get digest algorithm from the given file. It looks for a header on the
+    # file declaring the digest algorithm. Currently only BLAKE3 is supported.
+    # If the file does not include a header, the function will assume that it is
+    # using sha256 as a digest algorithm. If the given file doesn't exist it will
+    # return 1.
+    [ -r "$1" ] || return 1
+    read -r chk < "$1"
+    case $chk in
+        %BLAKE3) chk=b3sum ;;
+        %*) die "Unknown digest algorithm: '${chk#\%}'" ;;
+        *) chk=sh256
+    esac
+    out "$chk"
+}
+
 # This is the public domain getoptions shell library. It also forms a usage
 # function.
 # URL: https://github.com/ko1nksm/getoptions (v2.5.0)
@@ -419,6 +437,21 @@ regesc() {
     sed 's|\\|\\\\|g;s|\[|\\[|g;s|\$|\\$|g;s|\.|\\.|g;s|\*|\\*|g;s|\^|\\^|g'
 }
 
+pkg_download() {
+    # $1: URL
+    # $2: Output (Optional)
+    set -- "$1" "${2:-${1##*/}}"
+    case ${dl_prog##*/} in
+        aria2c|axel) set -- -o "$2" "$1"   ;;
+        curl)        set -- -fLo "$2" "$1" ;;
+        wget|wget2)  set -- -O "$2" "$1"   ;;
+    esac
+
+    "$dl_prog" "$@" || {
+        rm -f "$2"
+        return 1
+    }
+}
 
 prompt() {
     # If a CPT_NOPROMPT variable is set, continue.
@@ -688,10 +721,8 @@ pkg_sources() {
             # interrupt, we handle this ourselves.
             trap_set handle-int
 
-            curl "$src" -fLo "${src##*/}" || {
-                rm -f "${src##*/}"
-                die "$1" "Failed to download $src"
-            }
+            # Download the source
+            pkg_download "$src" || die "$1" "Failed to download $src"
 
             # Restore original trap value.
             trap_set cleanup
@@ -968,10 +999,16 @@ pkg_etcsums() (
     # /etc/ directory for use in "smart" handling of these files.
     log "$1" "Generating etcsums"
 
+    # Try to get the digest algorithm from the installed etcsums file. This
+    # makes sure that old packages continue to have the same digest algorithm
+    # and not a bunch of '.new' files are installed. It's not foolproof at all,
+    # but at least it keeps the /etc directory as clean as possible.
+    digest=$(_get_digest "$sys_db/$1/etcsums") || digest=b3sum
 
+    case $digest in b3sum) out "%BLAKE3"; esac > "$pkg_dir/$1/$pkg_db/$1/etcsums"
     find etc -type f | while read -r file; do
-        sh256 "$file"
-    done > "$pkg_dir/$1/$pkg_db/$1/etcsums"
+        "$digest" "$file"
+    done >> "$pkg_dir/$1/$pkg_db/$1/etcsums"
 )
 
 pkg_tar() {
@@ -1192,6 +1229,8 @@ pkg_checksums() {
 
     [ -f "$repo_dir/sources" ] || return 0
 
+    case ${2:-b3sum} in b3sum) out "%BLAKE3"; esac
+
     while read -r src _ || [ "$src" ]; do
 
         # Skip checksums if it's a comment, or a VCS repository.
@@ -1210,9 +1249,9 @@ pkg_checksums() {
             die "$1" "Couldn't find source '$src'"
         fi
 
-        # An easy way to get 'sha256sum' to print with the 'basename'
+        # An easy way to get 'b3sum' to print with the 'basename'
         # of files is to 'cd' to the file's directory beforehand.
-        (cd "$src_path" && sh256 "${src##*/}") ||
+        (cd "$src_path" && "${2:-b3sum}" "${src##*/}") ||
             die "$1" "Failed to generate checksums"
     done < "$repo_dir/sources"
 }
@@ -1220,13 +1259,18 @@ pkg_checksums() {
 pkg_verify() {
     # Verify all package checksums. This is achieved by generating a new set of
     # checksums and then comparing those with the old set.
-    verify_cmd="NR==FNR{a[\$1];next}/^git  .*/{next}!((\$1)in a){exit 1}"
+    vcmd="NR==FNR{a[\$1];next}/^git  .*/{next}!((\$1)in a){exit 1}"
 
     for pkg; do
         repo_dir=$(pkg_find "$pkg")
+
         [ -f "$repo_dir/sources" ] || continue
 
-        pkg_checksums "$pkg" | awk "$verify_cmd" - "$repo_dir/checksums" || {
+        # Determine the type of digest algorithm from the checksums file to do
+        # verification with.
+        digest="$(_get_digest "$repo_dir/checksums")"
+
+        pkg_checksums "$pkg" "$digest" | awk "$vcmd" - "$repo_dir/checksums" || {
         log "$pkg" "Checksum mismatch"
 
         # Instead of dying above, log it to the terminal. Also define a
@@ -1405,10 +1449,12 @@ pkg_etc() {
         mkdir -p "$CPT_ROOT/$dir"
     done
 
+    digest=$(_get_digest "$mak_dir/c") || digest=b3sum
+
     # Handle files in /etc/ based on a 3-way checksum check.
     find etc ! -type d | while read -r file; do
-        { sum_new=$(sh256 "$file")
-          sum_sys=$(cd "$CPT_ROOT/"; sh256 "$file")
+        { sum_new=$("$digest" "$file")
+          sum_sys=$(cd "$CPT_ROOT/"; "$digest" "$file")
           sum_old=$("$grep" "$file$" "$mak_dir/c"); } 2>/dev/null ||:
 
         logv "$pkg_name" "Doing 3-way handshake for $file"
@@ -2117,6 +2163,15 @@ create_cache() {
                command -v llvm-readelf  ||
                command -v eu-readelf)"} || elf_prog=ldd
 
+    # Use one of the following programs to download package sources. Downloads
+    # are made using the `pkg_download()` function.
+    dl_prog=${CPT_DOWNLOADER:="$(
+              command -v curl      ||
+              command -v wget      ||
+              command -v wget2     ||
+              command -v axel      ||
+              command -v aria2c)"} || dl_prog=curl
+
     # Make note of the user's current ID to do root checks later on.
     # This is used enough to warrant a place here.
     uid=$(id -u)