From owner-freebsd-ports  Fri Mar  9 13:29:47 2001
Delivered-To: freebsd-ports@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.146])
	by hub.freebsd.org (Postfix) with ESMTP id D421A37B718
	for <ports@freebsd.org>; Fri,  9 Mar 2001 13:29:43 -0800 (PST)
	(envelope-from trevor@jpj.net)
Received: from localhost (trevor@localhost)
	by blues.jpj.net (8.11.1/8.11.1) with ESMTP id f29LTWK07807;
	Fri, 9 Mar 2001 16:29:32 -0500 (EST)
Date: Fri, 9 Mar 2001 16:29:32 -0500 (EST)
From: Trevor Johnson <trevor@jpj.net>
To: <ports@freebsd.org>
Cc: Alistair Crooks <agc@pkgsrc.org>
Subject: new message digest support in pkgsrc (fwd)
Message-ID: <20010309162527.Q7303-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I've added this utility to the FreeBSD ports collection (as
security/digest).
-- 
Trevor Johnson
http://jpj.net/~trevor/gpgkey.txt

---------- Forwarded message ----------
Date: Tue, 6 Mar 2001 15:01:23 +0000
From: Alistair Crooks <agc@pkgsrc.org>
To: tech-pkg@netbsd.org
Subject: new message digest support in pkgsrc

I have just committed changes to pkgsrc to add support for
message digests other than md5.

> Add support for message digests other than md5 into pkgsrc. This is done
> by using the pkgsrc/pkgtools/digest package, and adding dependencies in
> bsd.pkg.mk to make sure that that package is up to date.
>
> There is no discernable performance decrease in using sha1 checksums
> over md5 ones, and most people advocate the use of sha1 or rmd160 over
> md5.
>
> As part of this change, move the initial setting of LOCALBASE, X11BASE
> and CROSSBASE into bsd.prefs.mk from bsd.pkg.mk.
>
> Addresses PR 11809.

And now for some background:

We have been advised that we should move away from the md5 algorithm,
and onto either sha1 or rmd160.  We have done this by adding a new
package called digest, which is a small, statically-linked utility
which takes command line arguments of the form:

	digest -V

which prints the version and exits, and

	digest algorithm [file...]

which calculates a message digest, using algorithm, for all files
on the command line. If no files are specified, then standard
input is used. The output is of the same format as md5(1). The
digest utility is designed to be scalable, so that, as and when
new message digest algorithms come out, they can be incorporated.

I considered modifying the existing cksum(1) utility, but thought
that it wasn't scalable enough, and I considered using openssl, but
didn't want pkgsrc to be dependent on openssl being installed, and
because the output format isn't the same as md5(1).

digest should work fine with the existing md5 checksums.  Over time, I
hope to migrate to sha1 in all of pkgsrc.  This has been tested quite
extensively (with thanks to Thomas Klausner), but if you experience
any unusual side effects, please use send-pr in the usual way.

Thanks,
Alistair


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message