-- cgit v1.2.3 From 69011919790dd64568e91563659e57a77452b002 Mon Sep 17 00:00:00 2001 From: merakor Date: Fri, 30 Jul 2021 10:39:56 +0000 Subject: cpt-checksum: don't generate checksums file if no sources exist FossilOrigin-Name: ba75b770884c705c81be7e47cc2d697bd2b2971ae9ae14985873d795c20ad5f6 --- src/cpt-checksum | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/cpt-checksum b/src/cpt-checksum index 5c6de52..951eb34 100755 --- a/src/cpt-checksum +++ b/src/cpt-checksum @@ -13,8 +13,13 @@ create_cache for pkg; do pkg_lint "$pkg" c; done for pkg; do pkg_sources "$pkg" c; done - for pkg; do + # Do not generate checksums if the 'sources' file is empty or it doesn't + # exist. + [ -s "$(pkg_find "$pkg")/sources" ] || { + log "$pkg" "No 'sources' file, skipping checksums" + continue + } pkg_checksums "$pkg" | { repo_dir=$(pkg_find "$pkg") -- cgit v1.2.3 From 0bbaf7b214ed9a6e2c4788ab3987ef21d6ae62e1 Mon Sep 17 00:00:00 2001 From: merakor Date: Fri, 30 Jul 2021 10:43:47 +0000 Subject: cpt-checksum: use pkg_find once per loop FossilOrigin-Name: 909ee2ee48fcda24b75f9ae8e49c6f61cbbb2bc91d9390152d7ddbce65f36a33 --- src/cpt-checksum | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cpt-checksum b/src/cpt-checksum index 951eb34..619aad2 100755 --- a/src/cpt-checksum +++ b/src/cpt-checksum @@ -16,12 +16,12 @@ for pkg; do pkg_sources "$pkg" c; done for pkg; do # Do not generate checksums if the 'sources' file is empty or it doesn't # exist. - [ -s "$(pkg_find "$pkg")/sources" ] || { + repo_dir=$(pkg_find "$pkg") + [ -s "$repo_dir/sources" ] || { log "$pkg" "No 'sources' file, skipping checksums" continue } pkg_checksums "$pkg" | { - repo_dir=$(pkg_find "$pkg") if [ -w "$repo_dir" ]; then tee "$repo_dir/checksums" -- cgit v1.2.3 From fcb7c68220403e6f68d93286c783dd60a7da61ea Mon Sep 17 00:00:00 2001 From: merakor Date: Fri, 30 Jul 2021 11:23:12 +0000 Subject: cpt: use blake3 as a digest algorithm FossilOrigin-Name: 1f32b949e8a2a7fd5a91ac6a15bb25b404737150b0cbe6f73cec06da9710dce3 --- src/cpt-lib.in | 47 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 8 deletions(-) diff --git a/src/cpt-lib.in b/src/cpt-lib.in index 504829d..ff445e0 100644 --- a/src/cpt-lib.in +++ b/src/cpt-lib.in @@ -154,6 +154,22 @@ _readlinkf() ( return 1 ) +_get_digest() { + # Get digest algorithm from the given file. It looks for a header on the + # file declaring the digest algorithm. Currently only BLAKE3 is supported. + # If the file does not include a header, the function will assume that it is + # using sha256 as a digest algorithm. If the given file doesn't exist it will + # return 1. + [ -r "$1" ] || return 1 + read -r chk < "$1" + case $chk in + %BLAKE3) chk=b3sum ;; + %*) die "Unknown digest algorithm: '${chk#\%}'" ;; + *) chk=sh256 + esac + out "$chk" +} + # This is the public domain getoptions shell library. It also forms a usage # function. # URL: https://github.com/ko1nksm/getoptions (v2.5.0) @@ -981,10 +997,16 @@ pkg_etcsums() ( # /etc/ directory for use in "smart" handling of these files. log "$1" "Generating etcsums" + # Try to get the digest algorithm from the installed etcsums file. This + # makes sure that old packages continue to have the same digest algorithm + # and not a bunch of '.new' files are installed. It's not foolproof at all, + # but at least it keeps the /etc directory as clean as possible. + digest=$(_get_digest "$pkg_db/$1/etcsums") || digest=b3sum + case $digest in b3sum) out "%BLAKE3"; esac > "$pkg_dir/$1/$pkg_db/$1/etcsums" find etc -type f | while read -r file; do - sh256 "$file" - done > "$pkg_dir/$1/$pkg_db/$1/etcsums" + "$digest" "$file" + done >> "$pkg_dir/$1/$pkg_db/$1/etcsums" ) pkg_tar() { @@ -1205,6 +1227,8 @@ pkg_checksums() { [ -f "$repo_dir/sources" ] || return 0 + case ${2:-b3sum} in b3sum) out "%BLAKE3"; esac + while read -r src _ || [ "$src" ]; do # Skip checksums if it's a comment, or a VCS repository. @@ -1223,9 +1247,9 @@ pkg_checksums() { die "$1" "Couldn't find source '$src'" fi - # An easy way to get 'sha256sum' to print with the 'basename' + # An easy way to get 'b3sum' to print with the 'basename' # of files is to 'cd' to the file's directory beforehand. - (cd "$src_path" && sh256 "${src##*/}") || + (cd "$src_path" && "${2:-b3sum}" "${src##*/}") || die "$1" "Failed to generate checksums" done < "$repo_dir/sources" } @@ -1233,13 +1257,18 @@ pkg_checksums() { pkg_verify() { # Verify all package checksums. This is achieved by generating a new set of # checksums and then comparing those with the old set. - verify_cmd="NR==FNR{a[\$1];next}/^git .*/{next}!((\$1)in a){exit 1}" + vcmd="NR==FNR{a[\$1];next}/^git .*/{next}!((\$1)in a){exit 1}" for pkg; do repo_dir=$(pkg_find "$pkg") + [ -f "$repo_dir/sources" ] || continue - pkg_checksums "$pkg" | awk "$verify_cmd" - "$repo_dir/checksums" || { + # Determine the type of digest algorithm from the checksums file to do + # verification with. + digest="$(_get_digest "$repo_dir/checksums")" + + pkg_checksums "$pkg" "$digest" | awk "$vcmd" - "$repo_dir/checksums" || { log "$pkg" "Checksum mismatch" # Instead of dying above, log it to the terminal. Also define a @@ -1418,10 +1447,12 @@ pkg_etc() { mkdir -p "$CPT_ROOT/$dir" done + digest=$(_get_digest "$mak_dir/c") || digest=b3sum + # Handle files in /etc/ based on a 3-way checksum check. find etc ! -type d | while read -r file; do - { sum_new=$(sh256 "$file") - sum_sys=$(cd "$CPT_ROOT/"; sh256 "$file") + { sum_new=$("$digest" "$file") + sum_sys=$(cd "$CPT_ROOT/"; "$digest" "$file") sum_old=$("$grep" "$file$" "$mak_dir/c"); } 2>/dev/null ||: logv "$pkg_name" "Doing 3-way handshake for $file" -- cgit v1.2.3 From aeefcabdb00bf7a87ed24c792e2a6dca0330897a Mon Sep 17 00:00:00 2001 From: merakor Date: Fri, 30 Jul 2021 11:39:45 +0000 Subject: pkg_etcsums: variable fix FossilOrigin-Name: 1e436cfa811583b4d5424be697a6a9d0e882316bd40cf33b59a6ba4a04aba67a --- src/cpt-lib.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/cpt-lib.in b/src/cpt-lib.in index ff445e0..83ed5f9 100644 --- a/src/cpt-lib.in +++ b/src/cpt-lib.in @@ -1001,7 +1001,8 @@ pkg_etcsums() ( # makes sure that old packages continue to have the same digest algorithm # and not a bunch of '.new' files are installed. It's not foolproof at all, # but at least it keeps the /etc directory as clean as possible. - digest=$(_get_digest "$pkg_db/$1/etcsums") || digest=b3sum + digest=$(_get_digest "$sys_db/$1/etcsums") || digest=b3sum + out "$digest" case $digest in b3sum) out "%BLAKE3"; esac > "$pkg_dir/$1/$pkg_db/$1/etcsums" find etc -type f | while read -r file; do -- cgit v1.2.3 From 8e4ac4c3a6ea04c46e3c92604c0234ae803e42a7 Mon Sep 17 00:00:00 2001 From: merakor Date: Fri, 30 Jul 2021 11:42:16 +0000 Subject: cpt-lib: fix faulty check-in FossilOrigin-Name: 1632041acc204a89042a9e998507148ee70dfff36f73bdcac95090b43e5422f0 --- src/cpt-lib.in | 1 - 1 file changed, 1 deletion(-) diff --git a/src/cpt-lib.in b/src/cpt-lib.in index 83ed5f9..092ae0d 100644 --- a/src/cpt-lib.in +++ b/src/cpt-lib.in @@ -1002,7 +1002,6 @@ pkg_etcsums() ( # and not a bunch of '.new' files are installed. It's not foolproof at all, # but at least it keeps the /etc directory as clean as possible. digest=$(_get_digest "$sys_db/$1/etcsums") || digest=b3sum - out "$digest" case $digest in b3sum) out "%BLAKE3"; esac > "$pkg_dir/$1/$pkg_db/$1/etcsums" find etc -type f | while read -r file; do -- cgit v1.2.3