forked from kiss-community/kiss
kiss: switch to blake3 checksums (#72)
As discussed in kiss-community/repo#100 and #39, we seem to be in favor of switching to blake3. The following changes are made: - All newly generated checksums are blake3 - The user is prompted to generate blake3 checksums if sha256 sums are present (maybe this should be automatic) - For installed packages, we can fall back to sha256 to check etcsums This includes a name change of the `checksums` and `etcsums` files -- I'm not sure of any better way to detect whether sha256 sums are in use, as blake3 sums are the same length. Feedback is appreciated Co-authored-by: Owen Rafferty <owen@owenrafferty.com> Reviewed-on: https://codeberg.org/kiss-community/kiss/pulls/72
This commit is contained in:
parent
d31dcf585e
commit
51768ad4c3
67
kiss
67
kiss
@ -198,6 +198,41 @@ decompress() {
|
||||
esac < "$1"
|
||||
}
|
||||
|
||||
b3() {
|
||||
# Higher level blake3 function which filters out non-existent
|
||||
# files (and also directories).
|
||||
for f do shift
|
||||
[ -d "$f" ] || [ ! -e "$f" ] || set -- "$@" "$f"
|
||||
done
|
||||
|
||||
_b3 "$@"
|
||||
}
|
||||
|
||||
_b3() {
|
||||
unset hash
|
||||
|
||||
# Skip generation if no arguments.
|
||||
! equ "$#" 0 || return 0
|
||||
|
||||
IFS=$newline
|
||||
|
||||
# Generate checksums for all input files. This is a single
|
||||
# call to the utility rather than one per file.
|
||||
#
|
||||
# The length of the checksum is set to 33 bytes to
|
||||
# differentiate it from sha256 checksums.
|
||||
_hash=$("$cmd_b3" -l 33 "$@") || die "Failed to generate checksums"
|
||||
|
||||
# Strip the filename from each element.
|
||||
# '<checksum> ?<file>' -> '<checksum>'
|
||||
for sum in $_hash; do
|
||||
hash=$hash${hash:+"$newline"}${sum%% *}
|
||||
done
|
||||
|
||||
printf '%s\n' "$hash"
|
||||
unset IFS
|
||||
}
|
||||
|
||||
sh256() {
|
||||
# Higher level sh256 function which filters out non-existent
|
||||
# files (and also directories).
|
||||
@ -896,7 +931,7 @@ pkg_etcsums() {
|
||||
set -- "$pkg_dir/$repo_name/$etc" "$@"
|
||||
esac done < manifest
|
||||
|
||||
sh256 "$@" > etcsums
|
||||
b3 "$@" > etcsums
|
||||
}
|
||||
|
||||
pkg_tar() {
|
||||
@ -1125,7 +1160,7 @@ pkg_checksum_gen() {
|
||||
esac
|
||||
done < "$repo_dir/sources"
|
||||
|
||||
_sh256 "$@"
|
||||
_b3 "$@"
|
||||
}
|
||||
|
||||
pkg_verify() {
|
||||
@ -1145,6 +1180,13 @@ pkg_verify() {
|
||||
# Check that the first column (separated by whitespace) match in both
|
||||
# checksum files. If any part of either file differs, mismatch. Abort.
|
||||
null "$1" || while read -r chk _ || ok "$1"; do
|
||||
equ "${#chk}" 64 && {
|
||||
log "$repo_name" "Detected sha256 checksums." ERROR
|
||||
log "blake3 is the new checksum provider for kiss. Please run"
|
||||
log "'kiss checksum $repo_name' to regenerate the checksums file."
|
||||
return 1
|
||||
}
|
||||
|
||||
printf '%s\n%s\n' "- ${chk:-missing}" "+ ${1:-no source}"
|
||||
|
||||
equ "$1-${chk:-null}" "$chk-$1" ||
|
||||
@ -1378,10 +1420,13 @@ pkg_remove_files() {
|
||||
# functions allows us to stop duplicating code.
|
||||
while read -r file; do
|
||||
case $file in /etc/?*[!/])
|
||||
sh256 "$KISS_ROOT/$file" >/dev/null
|
||||
|
||||
read -r sum_pkg <&3 ||:
|
||||
|
||||
case "${#sum_pkg}" in
|
||||
64) sh256 "$KISS_ROOT/$file" >/dev/null ;;
|
||||
66) b3 "$KISS_ROOT/$file" >/dev/null ;;
|
||||
esac
|
||||
|
||||
equ "$hash" "$sum_pkg" || {
|
||||
printf 'Skipping %s (modified)\n' "$file"
|
||||
continue
|
||||
@ -1413,13 +1458,16 @@ pkg_remove_files() {
|
||||
}
|
||||
|
||||
pkg_etc() {
|
||||
sh256 "$tar_dir/$_pkg$file" "$KISS_ROOT$file" >/dev/null
|
||||
read -r sum_old <&3 2>/dev/null ||:
|
||||
|
||||
case "${#sum_old}" in
|
||||
64) sh256 "$tar_dir/$_pkg$file" "$KISS_ROOT$file" >/dev/null ;;
|
||||
66) b3 "$tar_dir/$_pkg$file" "$KISS_ROOT$file" >/dev/null ;;
|
||||
esac
|
||||
|
||||
sum_new=${hash%%"$newline"*}
|
||||
sum_sys=${hash#*"$newline"}
|
||||
|
||||
read -r sum_old <&3 2>/dev/null ||:
|
||||
|
||||
# Compare the three checksums to determine what to do.
|
||||
case ${sum_old:-null}${sum_sys:-null}${sum_new} in
|
||||
# old = Y, sys = X, new = Y
|
||||
@ -2040,6 +2088,9 @@ main() {
|
||||
command -v llvm-readelf
|
||||
)"} || cmd_elf=ldd
|
||||
|
||||
# b3sum is, for now, the only supported blake3 digest utility.
|
||||
cmd_b3=b3sum
|
||||
|
||||
# Figure out which sha256 utility is available.
|
||||
cmd_sha=${KISS_CHK:-"$(
|
||||
command -v openssl ||
|
||||
@ -2047,7 +2098,7 @@ main() {
|
||||
command -v sha256 ||
|
||||
command -v shasum ||
|
||||
command -v digest
|
||||
)"} || die "No sha256 utility found"
|
||||
)"} || war "No sha256 utility found"
|
||||
|
||||
# Figure out which download utility is available.
|
||||
cmd_get=${KISS_GET:-"$(
|
||||
|
Loading…
Reference in New Issue
Block a user