kiss: switch to blake3 checksums (#72)

As discussed in kiss-community/repo#100 and #39, we seem to be in favor of switching to blake3. The following changes are made: - All newly generated checksums are blake3 - The user is prompted to generate blake3 checksums if sha256 sums are present (maybe this should be automatic) - For installed packages, we can fall back to sha256 to check etcsums This includes a name change of the `checksums` and `etcsums` files -- I'm not sure of any better way to detect whether sha256 sums are in use, as blake3 sums are the same length. Feedback is appreciated Co-authored-by: Owen Rafferty <owen@owenrafferty.com> Reviewed-on: https://codeberg.org/kiss-community/kiss/pulls/72
2022-09-28 19:15:17 +02:00 · 2022-09-28 19:15:17 +02:00 · 51768ad4c3
parent d31dcf585e
commit 51768ad4c3
1 changed files with 59 additions and 8 deletions
--- a/67
+++ b/67
@ -198,6 +198,41 @@ decompress() {
    esac < "$1"
 }

+b3() {
+    # Higher level blake3 function which filters out non-existent
+    # files (and also directories).
+    for f do shift
+        [ -d "$f" ] || [ ! -e "$f" ] || set -- "$@" "$f"
+    done
+
+    _b3 "$@"
+}
+
+_b3() {
+    unset hash
+
+    # Skip generation if no arguments.
+    ! equ "$#" 0 || return 0
+
+    IFS=$newline
+
+    # Generate checksums for all input files. This is a single
+    # call to the utility rather than one per file.
+    #
+    # The length of the checksum is set to 33 bytes to
+    # differentiate it from sha256 checksums.
+    _hash=$("$cmd_b3" -l 33 "$@") || die "Failed to generate checksums"
+
+    # Strip the filename from each element.
+    # '<checksum> ?<file>' -> '<checksum>'
+    for sum in $_hash; do
+        hash=$hash${hash:+"$newline"}${sum%% *}
+    done
+
+    printf '%s\n' "$hash"
+    unset IFS
+}
+
 sh256() {
    # Higher level sh256 function which filters out non-existent
    # files (and also directories).
@ -896,7 +931,7 @@ pkg_etcsums() {
        set -- "$pkg_dir/$repo_name/$etc" "$@"
    esac done < manifest

-    sh256 "$@" > etcsums
+    b3 "$@" > etcsums
 }

 pkg_tar() {
@ -1125,7 +1160,7 @@ pkg_checksum_gen() {
        esac
    done < "$repo_dir/sources"

-    _sh256 "$@"
+    _b3 "$@"
 }

 pkg_verify() {
@ -1145,6 +1180,13 @@ pkg_verify() {
    # Check that the first column (separated by whitespace) match in both
    # checksum files. If any part of either file differs, mismatch. Abort.
    null "$1" || while read -r chk _ || ok "$1"; do
+        equ "${#chk}" 64 && {
+            log "$repo_name" "Detected sha256 checksums." ERROR
+            log "blake3 is the new checksum provider for kiss. Please run"
+            log "'kiss checksum $repo_name' to regenerate the checksums file."
+            return 1
+        }
+
        printf '%s\n%s\n' "- ${chk:-missing}" "+ ${1:-no source}"

        equ "$1-${chk:-null}" "$chk-$1" ||
@ -1378,10 +1420,13 @@ pkg_remove_files() {
    # functions allows us to stop duplicating code.
    while read -r file; do
        case $file in /etc/?*[!/])
-            sh256 "$KISS_ROOT/$file" >/dev/null
-
            read -r sum_pkg <&3 ||:

+            case "${#sum_pkg}" in
+                64) sh256 "$KISS_ROOT/$file" >/dev/null ;;
+                66) b3    "$KISS_ROOT/$file" >/dev/null ;;
+            esac
+
            equ "$hash" "$sum_pkg" || {
                printf 'Skipping %s (modified)\n' "$file"
                continue
@ -1413,13 +1458,16 @@ pkg_remove_files() {
 }

 pkg_etc() {
-    sh256 "$tar_dir/$_pkg$file" "$KISS_ROOT$file" >/dev/null
+    read -r sum_old <&3 2>/dev/null ||:
+
+    case "${#sum_old}" in
+        64) sh256 "$tar_dir/$_pkg$file" "$KISS_ROOT$file" >/dev/null ;;
+        66) b3    "$tar_dir/$_pkg$file" "$KISS_ROOT$file" >/dev/null ;;
+    esac

    sum_new=${hash%%"$newline"*}
    sum_sys=${hash#*"$newline"}

-    read -r sum_old <&3 2>/dev/null ||:
-
    # Compare the three checksums to determine what to do.
    case ${sum_old:-null}${sum_sys:-null}${sum_new} in
        # old = Y, sys = X, new = Y
@ -2040,6 +2088,9 @@ main() {
        command -v llvm-readelf
    )"} || cmd_elf=ldd

+    # b3sum is, for now, the only supported blake3 digest utility.
+    cmd_b3=b3sum
+
    # Figure out which sha256 utility is available.
    cmd_sha=${KISS_CHK:-"$(
        command -v openssl   ||
@ -2047,7 +2098,7 @@ main() {
        command -v sha256    ||
        command -v shasum    ||
        command -v digest
-    )"} || die "No sha256 utility found"
+    )"} || war "No sha256 utility found"

    # Figure out which download utility is available.
    cmd_get=${KISS_GET:-"$(