forked from kiss-community/kiss
kiss: sha changes
1. Now supports multiple input files. Reduces calls/subshells to sha utilities to once per list of files. 2. Errors from sha utilities are now shown rather than hidden. 3. Made sha command detection a startup thing. Made 2. possible. 4. Updated callers of sha256 to give all files at once (except for one last TODO). 5. Remove find/sort/whatever from pkg_etcsums.
This commit is contained in:
parent
8574d3ed4a
commit
e62a239fb3
116
kiss
116
kiss
@ -181,20 +181,38 @@ sh256() {
|
|||||||
# All utilities must match 'sha256sum' output.
|
# All utilities must match 'sha256sum' output.
|
||||||
#
|
#
|
||||||
# Example: '<checksum> <file>'
|
# Example: '<checksum> <file>'
|
||||||
unset hash
|
|
||||||
|
|
||||||
if [ ! -d "$1" ] && [ -e "$1" ]; then
|
# Filter out directories and anything which does not exist.
|
||||||
hash=$(
|
for f do shift
|
||||||
openssl dgst -sha256 -r "$1" ||
|
[ -d "$f" ] || [ ! -e "$f" ] || set -- "$@" "$f"
|
||||||
sha256sum "$1" ||
|
done
|
||||||
sha256 -r "$1" ||
|
|
||||||
shasum -a 256 "$1" ||
|
|
||||||
digest -a sha256 "$1"
|
|
||||||
) 2>/dev/null || die "Failed to generate checksums for '$1'"
|
|
||||||
|
|
||||||
hash=${hash%% *}
|
# Set the arguments based on found sha256 utility.
|
||||||
printf '%s\n' "$hash"
|
case ${cmd_sha##*/} in
|
||||||
fi
|
openssl) set -- dgst -sha256 -r "$@" ;;
|
||||||
|
sha256) set -- -r "$@" ;;
|
||||||
|
shasum) set -- -a 256 "$@" ;;
|
||||||
|
digest) set -- -a sha256 "$@" ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# This is now one call to the checksums command rather than
|
||||||
|
# one per file. We also display errors now rather than not
|
||||||
|
# (due to old runtime detection method).
|
||||||
|
hash=$("$cmd_sha" "$@") || die "Failed to generate checksums"
|
||||||
|
|
||||||
|
# Intentional, globbing disabled.
|
||||||
|
# shellcheck disable=2046,2086
|
||||||
|
set -- $hash
|
||||||
|
|
||||||
|
# As the output is '<hash> <file>' and the above list is
|
||||||
|
# split on whitespace; we need to pop every 2nd element.
|
||||||
|
for sum do case ${_i:-0} in
|
||||||
|
0) _i=1; set -- "$@" "$sum" ;;
|
||||||
|
1) _i=0
|
||||||
|
esac; shift; done
|
||||||
|
|
||||||
|
printf '%s\n' "$@"
|
||||||
|
hash=$*
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg_lint() {
|
pkg_lint() {
|
||||||
@ -584,8 +602,6 @@ pkg_fix_deps() {
|
|||||||
# dependencies pulled in by the package's build suite.
|
# dependencies pulled in by the package's build suite.
|
||||||
log "$1" "looking for dependencies (using ${cmd_elf##*/})"
|
log "$1" "looking for dependencies (using ${cmd_elf##*/})"
|
||||||
|
|
||||||
cd "$pkg_dir/$1/$pkg_db/$1"
|
|
||||||
|
|
||||||
tmp_file_copy "$1" depends depends
|
tmp_file_copy "$1" depends depends
|
||||||
tmp_file "$1" depends-fixed
|
tmp_file "$1" depends-fixed
|
||||||
|
|
||||||
@ -734,15 +750,17 @@ pkg_manifest_replace() {
|
|||||||
pkg_etcsums() {
|
pkg_etcsums() {
|
||||||
# Generate checksums for each configuration file in the package's /etc/
|
# Generate checksums for each configuration file in the package's /etc/
|
||||||
# directory for use in "smart" handling of these files.
|
# directory for use in "smart" handling of these files.
|
||||||
log "$1" "Generating etcsums"
|
log "$repo_name" "Generating etcsums"
|
||||||
|
|
||||||
! [ -d "$pkg_dir/$1/etc" ] ||
|
# Minor optimization - skip packages without /etc/.
|
||||||
|
[ -d "$pkg_dir/$repo_name/etc" ] || return 0
|
||||||
|
|
||||||
# This can't be a simple 'find -exec' as 'sh256' is a shell function
|
# Create a list of all files in etc but do it in reverse.
|
||||||
# and not a real command of any kind. This is the shell equivalent.
|
while read -r etc; do case $etc in /etc/*[!/])
|
||||||
find "$pkg_dir/$1/etc" ! -type d | sort | while read -r line; do
|
set -- "$pkg_dir/$repo_name/$etc" "$@"
|
||||||
sh256 "$line"
|
esac done < manifest
|
||||||
done > "$pkg_dir/$1/$pkg_db/$1/etcsums"
|
|
||||||
|
sh256 "$@" > etcsums
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg_tar() {
|
pkg_tar() {
|
||||||
@ -854,8 +872,11 @@ pkg_build_all() {
|
|||||||
pkg_build "$pkg"
|
pkg_build "$pkg"
|
||||||
pkg_manifest "$pkg"
|
pkg_manifest "$pkg"
|
||||||
pkg_strip "$pkg"
|
pkg_strip "$pkg"
|
||||||
|
|
||||||
|
cd "$pkg_dir/$pkg/$pkg_db/$pkg"
|
||||||
|
|
||||||
pkg_fix_deps "$pkg"
|
pkg_fix_deps "$pkg"
|
||||||
pkg_etcsums "$pkg"
|
pkg_etcsums
|
||||||
pkg_tar "$pkg"
|
pkg_tar "$pkg"
|
||||||
|
|
||||||
if [ "$pkg_update" ] || ! contains "$explicit" "$pkg"; then
|
if [ "$pkg_update" ] || ! contains "$explicit" "$pkg"; then
|
||||||
@ -943,20 +964,16 @@ pkg_build() {
|
|||||||
pkg_checksums() {
|
pkg_checksums() {
|
||||||
# Generate checksums for packages.
|
# Generate checksums for packages.
|
||||||
#
|
#
|
||||||
# NOTE: repo_dir comes from caller.
|
# NOTE: repo_ comes from caller.
|
||||||
unset _hash
|
|
||||||
|
|
||||||
while read -r src dest || [ "$src" ]; do
|
while read -r src dest || [ "$src" ]; do
|
||||||
pkg_source_resolve "$1" "$src" "$dest" >/dev/null
|
pkg_source_resolve "$repo_name" "$src" "$dest" >/dev/null
|
||||||
|
|
||||||
case $_res in */*[!.])
|
case $_res in */*[!.])
|
||||||
sh256 "$_res"
|
set -- "$@" "$_res"
|
||||||
|
|
||||||
# Store the generated checksums in a string for use internally
|
|
||||||
# without the need for subshells.
|
|
||||||
_hash="$_hash${_hash:+"$newline"}$hash"
|
|
||||||
esac
|
esac
|
||||||
done < "$repo_dir/sources" || die "$1" "Failed to generate checksums"
|
done < "$repo_dir/sources"
|
||||||
|
|
||||||
|
sh256 "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg_verify() {
|
pkg_verify() {
|
||||||
@ -964,14 +981,14 @@ pkg_verify() {
|
|||||||
# of checksums and then comparing those with the old set.
|
# of checksums and then comparing those with the old set.
|
||||||
#
|
#
|
||||||
# NOTE: repo_dir comes from caller.
|
# NOTE: repo_dir comes from caller.
|
||||||
log "$1" "Verifying sources"
|
log "$repo_name" "Verifying sources"
|
||||||
|
|
||||||
# Generate a new set of checksums to compare against.
|
# Generate a new set of checksums to compare against.
|
||||||
pkg_checksums "$1" > /dev/null
|
pkg_checksums >/dev/null
|
||||||
|
|
||||||
# Intentional, globbing disabled.
|
# Intentional, globbing disabled.
|
||||||
# shellcheck disable=2038,2086
|
# shellcheck disable=2038,2086
|
||||||
set -- $_hash
|
set -- $hash
|
||||||
|
|
||||||
# Only read checksums if we generated some.
|
# Only read checksums if we generated some.
|
||||||
! [ "$1" ] ||
|
! [ "$1" ] ||
|
||||||
@ -983,7 +1000,7 @@ pkg_verify() {
|
|||||||
|
|
||||||
case $1-${chk:-null} in
|
case $1-${chk:-null} in
|
||||||
"$chk-$1"|"$1-SKIP") ;;
|
"$chk-$1"|"$1-SKIP") ;;
|
||||||
"$_hash"-*|*) die "$repo_name" "Checksum mismatch"
|
"$hash"-*|*) die "$repo_name" "Checksum mismatch"
|
||||||
esac
|
esac
|
||||||
|
|
||||||
shift "$(($# != 0))"
|
shift "$(($# != 0))"
|
||||||
@ -1210,6 +1227,7 @@ pkg_remove_files() {
|
|||||||
# functions allows us to stop duplicating code.
|
# functions allows us to stop duplicating code.
|
||||||
while read -r file; do
|
while read -r file; do
|
||||||
case $file in /etc/?*[!/])
|
case $file in /etc/?*[!/])
|
||||||
|
# TODO: One call to sh256 for all etc files.
|
||||||
sh256 "$KISS_ROOT/$file" >/dev/null
|
sh256 "$KISS_ROOT/$file" >/dev/null
|
||||||
|
|
||||||
grep -qF "${hash:-null}" "$1" || {
|
grep -qF "${hash:-null}" "$1" || {
|
||||||
@ -1248,15 +1266,10 @@ pkg_remove_files() {
|
|||||||
pkg_etc() {
|
pkg_etc() {
|
||||||
_etc_cnt=$((_etc_cnt + 1))
|
_etc_cnt=$((_etc_cnt + 1))
|
||||||
|
|
||||||
# Generate checksums from tarball.
|
sh256 "$tar_dir/$_pkg$1" "$KISS_ROOT$1" >/dev/null
|
||||||
sh256 "$tar_dir/$_pkg$1" >/dev/null
|
|
||||||
sum_new=$hash
|
|
||||||
|
|
||||||
# Generate checksums from system.
|
sum_new=${hash%% *}
|
||||||
sh256 "$KISS_ROOT$1" >/dev/null
|
sum_sys=${hash#* }
|
||||||
sum_sys=$hash
|
|
||||||
|
|
||||||
# Extract checksums from system etcsums.
|
|
||||||
sum_old=$(awk "NR == $_etc_cnt" "$2") >/dev/null 2>&1 ||:
|
sum_old=$(awk "NR == $_etc_cnt" "$2") >/dev/null 2>&1 ||:
|
||||||
|
|
||||||
# Compare the three checksums to determine what to do.
|
# Compare the three checksums to determine what to do.
|
||||||
@ -1734,15 +1747,15 @@ args() {
|
|||||||
|
|
||||||
[ -f "$repo_dir/sources" ] || continue
|
[ -f "$repo_dir/sources" ] || continue
|
||||||
|
|
||||||
pkg_checksums "$pkg"
|
pkg_checksums
|
||||||
|
|
||||||
case $_hash in
|
case $hash in
|
||||||
'')
|
'')
|
||||||
log "$pkg" "No sources needing checksums"
|
log "$pkg" "No sources needing checksums"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
*)
|
*)
|
||||||
printf '%s\n' "$_hash" > "$repo_dir/checksums"
|
printf '%s\n' "$hash" > "$repo_dir/checksums"
|
||||||
log "$pkg" "Generated checksums"
|
log "$pkg" "Generated checksums"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -1882,6 +1895,15 @@ main() {
|
|||||||
command -v llvm-readelf
|
command -v llvm-readelf
|
||||||
)"} || cmd_elf=ldd
|
)"} || cmd_elf=ldd
|
||||||
|
|
||||||
|
# Figure out which sha256 utility is available.
|
||||||
|
cmd_sha=$(
|
||||||
|
command -v openssl ||
|
||||||
|
command -v sha256sum ||
|
||||||
|
command -v sha256 ||
|
||||||
|
command -v shasum ||
|
||||||
|
command -v digest
|
||||||
|
) || die "No sha256 utility found"
|
||||||
|
|
||||||
# Store the date and time of script invocation to be used as the name of
|
# Store the date and time of script invocation to be used as the name of
|
||||||
# the log files the package manager creates uring builds.
|
# the log files the package manager creates uring builds.
|
||||||
time=$(date +%Y-%m-%d-%H:%M)
|
time=$(date +%Y-%m-%d-%H:%M)
|
||||||
|
Loading…
Reference in New Issue
Block a user