kiss: sha changes

1. Now supports multiple input files. Reduces calls/subshells to
   sha utilities to once per list of files.

2. Errors from sha utilities are now shown rather than hidden.

3. Made sha command detection a startup thing. Made 2. possible.

4. Updated callers of sha256 to give all files at once (except for
   one last TODO).

5. Remove find/sort/whatever from pkg_etcsums.
This commit is contained in:
Dylan Araps 2021-07-18 23:05:19 +03:00
parent 8574d3ed4a
commit e62a239fb3
No known key found for this signature in database
GPG Key ID: 13295DAC2CF13B5C

116
kiss
View File

@ -181,20 +181,38 @@ sh256() {
# All utilities must match 'sha256sum' output. # All utilities must match 'sha256sum' output.
# #
# Example: '<checksum> <file>' # Example: '<checksum> <file>'
unset hash
if [ ! -d "$1" ] && [ -e "$1" ]; then # Filter out directories and anything which does not exist.
hash=$( for f do shift
openssl dgst -sha256 -r "$1" || [ -d "$f" ] || [ ! -e "$f" ] || set -- "$@" "$f"
sha256sum "$1" || done
sha256 -r "$1" ||
shasum -a 256 "$1" ||
digest -a sha256 "$1"
) 2>/dev/null || die "Failed to generate checksums for '$1'"
hash=${hash%% *} # Set the arguments based on found sha256 utility.
printf '%s\n' "$hash" case ${cmd_sha##*/} in
fi openssl) set -- dgst -sha256 -r "$@" ;;
sha256) set -- -r "$@" ;;
shasum) set -- -a 256 "$@" ;;
digest) set -- -a sha256 "$@" ;;
esac
# This is now one call to the checksums command rather than
# one per file. We also display errors now rather than not
# (due to old runtime detection method).
hash=$("$cmd_sha" "$@") || die "Failed to generate checksums"
# Intentional, globbing disabled.
# shellcheck disable=2046,2086
set -- $hash
# As the output is '<hash> <file>' and the above list is
# split on whitespace; we need to pop every 2nd element.
for sum do case ${_i:-0} in
0) _i=1; set -- "$@" "$sum" ;;
1) _i=0
esac; shift; done
printf '%s\n' "$@"
hash=$*
} }
pkg_lint() { pkg_lint() {
@ -584,8 +602,6 @@ pkg_fix_deps() {
# dependencies pulled in by the package's build suite. # dependencies pulled in by the package's build suite.
log "$1" "looking for dependencies (using ${cmd_elf##*/})" log "$1" "looking for dependencies (using ${cmd_elf##*/})"
cd "$pkg_dir/$1/$pkg_db/$1"
tmp_file_copy "$1" depends depends tmp_file_copy "$1" depends depends
tmp_file "$1" depends-fixed tmp_file "$1" depends-fixed
@ -734,15 +750,17 @@ pkg_manifest_replace() {
pkg_etcsums() { pkg_etcsums() {
# Generate checksums for each configuration file in the package's /etc/ # Generate checksums for each configuration file in the package's /etc/
# directory for use in "smart" handling of these files. # directory for use in "smart" handling of these files.
log "$1" "Generating etcsums" log "$repo_name" "Generating etcsums"
! [ -d "$pkg_dir/$1/etc" ] || # Minor optimization - skip packages without /etc/.
[ -d "$pkg_dir/$repo_name/etc" ] || return 0
# This can't be a simple 'find -exec' as 'sh256' is a shell function # Create a list of all files in etc but do it in reverse.
# and not a real command of any kind. This is the shell equivalent. while read -r etc; do case $etc in /etc/*[!/])
find "$pkg_dir/$1/etc" ! -type d | sort | while read -r line; do set -- "$pkg_dir/$repo_name/$etc" "$@"
sh256 "$line" esac done < manifest
done > "$pkg_dir/$1/$pkg_db/$1/etcsums"
sh256 "$@" > etcsums
} }
pkg_tar() { pkg_tar() {
@ -854,8 +872,11 @@ pkg_build_all() {
pkg_build "$pkg" pkg_build "$pkg"
pkg_manifest "$pkg" pkg_manifest "$pkg"
pkg_strip "$pkg" pkg_strip "$pkg"
cd "$pkg_dir/$pkg/$pkg_db/$pkg"
pkg_fix_deps "$pkg" pkg_fix_deps "$pkg"
pkg_etcsums "$pkg" pkg_etcsums
pkg_tar "$pkg" pkg_tar "$pkg"
if [ "$pkg_update" ] || ! contains "$explicit" "$pkg"; then if [ "$pkg_update" ] || ! contains "$explicit" "$pkg"; then
@ -943,20 +964,16 @@ pkg_build() {
pkg_checksums() { pkg_checksums() {
# Generate checksums for packages. # Generate checksums for packages.
# #
# NOTE: repo_dir comes from caller. # NOTE: repo_ comes from caller.
unset _hash
while read -r src dest || [ "$src" ]; do while read -r src dest || [ "$src" ]; do
pkg_source_resolve "$1" "$src" "$dest" >/dev/null pkg_source_resolve "$repo_name" "$src" "$dest" >/dev/null
case $_res in */*[!.]) case $_res in */*[!.])
sh256 "$_res" set -- "$@" "$_res"
# Store the generated checksums in a string for use internally
# without the need for subshells.
_hash="$_hash${_hash:+"$newline"}$hash"
esac esac
done < "$repo_dir/sources" || die "$1" "Failed to generate checksums" done < "$repo_dir/sources"
sh256 "$@"
} }
pkg_verify() { pkg_verify() {
@ -964,14 +981,14 @@ pkg_verify() {
# of checksums and then comparing those with the old set. # of checksums and then comparing those with the old set.
# #
# NOTE: repo_dir comes from caller. # NOTE: repo_dir comes from caller.
log "$1" "Verifying sources" log "$repo_name" "Verifying sources"
# Generate a new set of checksums to compare against. # Generate a new set of checksums to compare against.
pkg_checksums "$1" > /dev/null pkg_checksums >/dev/null
# Intentional, globbing disabled. # Intentional, globbing disabled.
# shellcheck disable=2038,2086 # shellcheck disable=2038,2086
set -- $_hash set -- $hash
# Only read checksums if we generated some. # Only read checksums if we generated some.
! [ "$1" ] || ! [ "$1" ] ||
@ -983,7 +1000,7 @@ pkg_verify() {
case $1-${chk:-null} in case $1-${chk:-null} in
"$chk-$1"|"$1-SKIP") ;; "$chk-$1"|"$1-SKIP") ;;
"$_hash"-*|*) die "$repo_name" "Checksum mismatch" "$hash"-*|*) die "$repo_name" "Checksum mismatch"
esac esac
shift "$(($# != 0))" shift "$(($# != 0))"
@ -1210,6 +1227,7 @@ pkg_remove_files() {
# functions allows us to stop duplicating code. # functions allows us to stop duplicating code.
while read -r file; do while read -r file; do
case $file in /etc/?*[!/]) case $file in /etc/?*[!/])
# TODO: One call to sh256 for all etc files.
sh256 "$KISS_ROOT/$file" >/dev/null sh256 "$KISS_ROOT/$file" >/dev/null
grep -qF "${hash:-null}" "$1" || { grep -qF "${hash:-null}" "$1" || {
@ -1248,15 +1266,10 @@ pkg_remove_files() {
pkg_etc() { pkg_etc() {
_etc_cnt=$((_etc_cnt + 1)) _etc_cnt=$((_etc_cnt + 1))
# Generate checksums from tarball. sh256 "$tar_dir/$_pkg$1" "$KISS_ROOT$1" >/dev/null
sh256 "$tar_dir/$_pkg$1" >/dev/null
sum_new=$hash
# Generate checksums from system. sum_new=${hash%% *}
sh256 "$KISS_ROOT$1" >/dev/null sum_sys=${hash#* }
sum_sys=$hash
# Extract checksums from system etcsums.
sum_old=$(awk "NR == $_etc_cnt" "$2") >/dev/null 2>&1 ||: sum_old=$(awk "NR == $_etc_cnt" "$2") >/dev/null 2>&1 ||:
# Compare the three checksums to determine what to do. # Compare the three checksums to determine what to do.
@ -1734,15 +1747,15 @@ args() {
[ -f "$repo_dir/sources" ] || continue [ -f "$repo_dir/sources" ] || continue
pkg_checksums "$pkg" pkg_checksums
case $_hash in case $hash in
'') '')
log "$pkg" "No sources needing checksums" log "$pkg" "No sources needing checksums"
;; ;;
*) *)
printf '%s\n' "$_hash" > "$repo_dir/checksums" printf '%s\n' "$hash" > "$repo_dir/checksums"
log "$pkg" "Generated checksums" log "$pkg" "Generated checksums"
;; ;;
esac esac
@ -1882,6 +1895,15 @@ main() {
command -v llvm-readelf command -v llvm-readelf
)"} || cmd_elf=ldd )"} || cmd_elf=ldd
# Figure out which sha256 utility is available.
cmd_sha=$(
command -v openssl ||
command -v sha256sum ||
command -v sha256 ||
command -v shasum ||
command -v digest
) || die "No sha256 utility found"
# Store the date and time of script invocation to be used as the name of # Store the date and time of script invocation to be used as the name of
# the log files the package manager creates uring builds. # the log files the package manager creates uring builds.
time=$(date +%Y-%m-%d-%H:%M) time=$(date +%Y-%m-%d-%H:%M)