forked from kiss-community/kiss
kiss: drop filenames from checksums files
With this change, checksums generated by the package manager will no longer contain the second field (the basename of the file). The second field is quite useless as ordering is already fixed. This change is backwards compatible and existing checksums files will containue to function as normal. As checksums are regenerated (with updates to packages), the new format will be used. The compatibility works via checking /only the first column/ in each checksums file. This is the only part of the file which must match 1:1 as ordering is always the same. Notes about etcsums: This change also affects the etcsums file which is used for the 3-way checksum verification for files in /etc/. Existing etcsums will simply be invalidated with the safest path chosen (.new file is created) until they are regenerated via a package build. Ordering is now fixed inside etcsums files. This makes parsing them faster and more reliable. This also fixes a theoretical bug with naming conflicts during parsing of etcsums.
This commit is contained in:
parent
487358a047
commit
fecf4995f8
44
kiss
44
kiss
@ -118,7 +118,7 @@ sh256() {
|
|||||||
shasum -a 256 "$1" ||
|
shasum -a 256 "$1" ||
|
||||||
digest -a sha256 "$1") 2>/dev/null
|
digest -a sha256 "$1") 2>/dev/null
|
||||||
|
|
||||||
printf '%s %s\n' "${hash%% *}" "$1"
|
printf '%s\n' "${hash%% *}"
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg_lint() {
|
pkg_lint() {
|
||||||
@ -514,7 +514,7 @@ pkg_etcsums() (
|
|||||||
|
|
||||||
# This can't be a simple 'find -exec' as 'sh256' is a shell function
|
# This can't be a simple 'find -exec' as 'sh256' is a shell function
|
||||||
# and not a real command of any kind. This is the shell equivalent.
|
# and not a real command of any kind. This is the shell equivalent.
|
||||||
find etc -type f | while read -r line; do
|
find etc ! -type d | sort | while read -r line; do
|
||||||
sh256 "$line"
|
sh256 "$line"
|
||||||
done > "$pkg_dir/$1/$pkg_db/$1/etcsums"
|
done > "$pkg_dir/$1/$pkg_db/$1/etcsums"
|
||||||
)
|
)
|
||||||
@ -698,18 +698,14 @@ pkg_checksums() {
|
|||||||
# Support packages without sources. Simply do nothing.
|
# Support packages without sources. Simply do nothing.
|
||||||
[ -f "$repo_dir/sources" ] || return 0
|
[ -f "$repo_dir/sources" ] || return 0
|
||||||
|
|
||||||
while read -r src _ || [ "$src" ]; do case $src in \#*) ;;
|
while read -r src _ || [ "$src" ]; do
|
||||||
git+*) printf 'git %s\n' "$src" ;;
|
case $src in
|
||||||
|
\#*|"") ;;
|
||||||
*)
|
git+*) printf '%s\n' "$src" ;;
|
||||||
# Check for cached remote sources first and fallback to
|
*://*) sh256 "$src_dir/$1/${src##*/}" ;;
|
||||||
# local repository files. We prefer local files to remote.
|
*) sh256 "$repo_dir/$src" ;;
|
||||||
[ ! -f "$src_dir/$1/${src##*/}" ] || cd "$src_dir/$1"
|
esac
|
||||||
[ ! -f "$repo_dir/$src" ] || cd "$repo_dir/${src%/*}"
|
done < "$repo_dir/sources" || die "$1" "Failed to generate checksums"
|
||||||
|
|
||||||
sh256 "${src##*/}" || die "$1" "Failed to generate checksums"
|
|
||||||
;;
|
|
||||||
esac; done < "$repo_dir/sources"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg_verify() {
|
pkg_verify() {
|
||||||
@ -718,7 +714,11 @@ pkg_verify() {
|
|||||||
for pkg do repo_dir=$(pkg_find "$pkg")
|
for pkg do repo_dir=$(pkg_find "$pkg")
|
||||||
[ -f "$repo_dir/sources" ] || continue
|
[ -f "$repo_dir/sources" ] || continue
|
||||||
|
|
||||||
pkg_checksums "$pkg" | diff - "$repo_dir/checksums" || {
|
pkg_checksums "$pkg" |
|
||||||
|
|
||||||
|
# Check that the first column (separated by whitespace) match in both
|
||||||
|
# checksum files. If any part of either file differs, mismatch. Abort.
|
||||||
|
awk 'NR==FNR{a[$1];next}!(($1)in a){exit 1}' - "$repo_dir/checksums" || {
|
||||||
log "$pkg" "Checksum mismatch"
|
log "$pkg" "Checksum mismatch"
|
||||||
|
|
||||||
# Instead of dying above, log it to the terminal. Also define a
|
# Instead of dying above, log it to the terminal. Also define a
|
||||||
@ -977,18 +977,18 @@ pkg_remove_files() {
|
|||||||
pkg_etc() (
|
pkg_etc() (
|
||||||
[ -d "$tar_dir/$pkg_name/etc" ] || return 0
|
[ -d "$tar_dir/$pkg_name/etc" ] || return 0
|
||||||
|
|
||||||
|
# Create all directories beforehand.
|
||||||
|
cd "$KISS_ROOT/"
|
||||||
|
find etc -type d -exec mkdir -p {} +
|
||||||
cd "$tar_dir/$pkg_name"
|
cd "$tar_dir/$pkg_name"
|
||||||
|
|
||||||
# Create all directories beforehand.
|
|
||||||
find etc -type d | while read -r dir; do
|
|
||||||
mkdir -p "$KISS_ROOT/$dir"
|
|
||||||
done
|
|
||||||
|
|
||||||
# Handle files in /etc/ based on a 3-way checksum check.
|
# Handle files in /etc/ based on a 3-way checksum check.
|
||||||
find etc ! -type d | while read -r file; do
|
find etc ! -type d | sort | while read -r file; do
|
||||||
|
i=$((i + 1))
|
||||||
|
|
||||||
{ sum_new=$(sh256 "$file")
|
{ sum_new=$(sh256 "$file")
|
||||||
sum_sys=$(cd "$KISS_ROOT/"; sh256 "$file")
|
sum_sys=$(cd "$KISS_ROOT/"; sh256 "$file")
|
||||||
sum_old=$(grep "$file$" "$mak_dir/c"); } 2>/dev/null ||:
|
sum_old=$(awk "NR == $i" "$mak_dir/c"); } 2>/dev/null ||:
|
||||||
|
|
||||||
log "$pkg_name" "Doing 3-way handshake for $file"
|
log "$pkg_name" "Doing 3-way handshake for $file"
|
||||||
printf '%s\n' "Previous: ${sum_old:-null}"
|
printf '%s\n' "Previous: ${sum_old:-null}"
|
||||||
|
Loading…
Reference in New Issue
Block a user