Date: Tue, 22 Mar 2005 22:41:47 +1100 (EST) From: Edwin Groothuis <edwin@mavetju.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/79123: [patch] bsd.port.mk - add SHA256 support to "make checksum" Message-ID: <20050322114147.139136181@k7.mavetju> Resent-Message-ID: <200503221150.j2MBo27D009266@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 79123
>Category: ports
>Synopsis: [patch] bsd.port.mk - add SHA256 support to "make checksum"
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Mar 22 11:50:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Edwin Groothuis
>Release: FreeBSD 5.2.1-RELEASE i386
>Organization:
-
>Environment:
System: FreeBSD k7.mavetju 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #8: Wed Dec 15 16:58:01 EST 2004 edwin@k7.mavetju:/usr/src-5.2.1/sys/i386/compile/k7 i386
>Description:
With the support of sha256 in the base OS (>600020) and the
ports system (sysutils/freebsd-sha256), it's time to support
sha256 checksums in the ports system.
What this patch does is:
- Add support for the SHA256 variable (auto detected!)
- Add support for sha256 checksums in "make makesum".
- Add support to check sha256 checksums in "make checksum".
It basically tears the checksum target apart, copies it, uses
a black marker to add _sha256 and _md5 suffixes and glues it
back.
As usual, backwards compatible without extra effort: it doesn't
do anything on systems < 6000200 or when sysutils/freebsd-sha256
isn't installed.
>How-To-Repeat:
[~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>make checksum
===> Vulnerability check disabled, database not found
=> No checksum file (/usr/home/edwin/cvs/ports/sysutils/freebsd-sha256/distinfo).
[~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>make makesum
===> Vulnerability check disabled, database not found
[~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>cat distinfo
MD5 (freebsd-sha256-20050310.tar.gz) = 50a21ec5a4f75ad0a644c1139f7b0865
SHA256 (freebsd-sha256-20050310.tar.gz) = b75e964ecb77b54803cb0a90376bb830ed6b5fbd7130ef56165a8566e705cbea
SIZE (freebsd-sha256-20050310.tar.gz) = 8401
[~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>make checksum
===> Vulnerability check disabled, database not found
=> MD5 Checksum OK for freebsd-sha256-20050310.tar.gz.
=> SHA256 Checksum OK for freebsd-sha256-20050310.tar.gz.
[~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>SHA256=NO make checksum
===> Vulnerability check disabled, database not found
=> MD5 Checksum OK for freebsd-sha256-20050310.tar.gz.
With broken checksums:
[~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>make checksum
===> Vulnerability check disabled, database not found
=> MD5 Checksum mismatch for freebsd-sha256-20050310.tar.gz.
=> SHA256 Checksum OK for freebsd-sha256-20050310.tar.gz.
===> Refetch for 1 more times files: freebsd-sha256-20050310.tar.gz
etc etc etc
>Fix:
The patch looks scary, but the checksum target (after the patch)
explains it better.
--- bsd.port.mk.orig Tue Mar 22 19:48:55 2005
+++ bsd.port.mk Tue Mar 22 21:51:46 2005
@@ -1852,6 +1852,14 @@
.else
MD5?= md5
.endif
+.if exists(/sbin/sha256)
+SHA256?= /sbin/sha256
+.elif exists(${LOCALBASE}/sbin/sha256)
+SHA256?= ${LOCALBASE}/sbin/sha256
+.else
+SHA256?= NO
+.endif
+
MD5_FILE?= ${MASTERDIR}/distinfo
MAKE_FLAGS?= -f
@@ -4093,81 +4101,172 @@
@if [ -f ${MD5_FILE} ]; then ${CAT} /dev/null > ${MD5_FILE}; fi
@(cd ${DISTDIR}; \
for file in ${_CKSUMFILES}; do \
- ${MD5} $$file >> ${MD5_FILE}; \
+ if [ ${MD5} != "NO" ]; then \
+ ${MD5} $$file >> ${MD5_FILE}; \
+ fi; \
+ if [ ${SHA256} != "NO" ]; then \
+ ${SHA256} $$file >> ${MD5_FILE}; \
+ fi; \
if [ -z "${NO_SIZE}" ]; then \
${ECHO_CMD} "SIZE ($$file) = "`${LS} -ALln $$file | ${AWK} '{print $$5}'` >> ${MD5_FILE}; \
fi; \
done)
@for file in ${_IGNOREFILES}; do \
${ECHO_CMD} "MD5 ($$file) = IGNORE" >> ${MD5_FILE}; \
+ ${ECHO_CMD} "SHA256 ($$file) = IGNORE" >> ${MD5_FILE}; \
done
.endif
.if !target(checksum)
checksum: fetch
- @if [ -f ${MD5_FILE} ]; then \
- (cd ${DISTDIR}; OK=""; \
- for file in ${_CKSUMFILES}; do \
+ @ \
+ if [ -f ${MD5_FILE} ]; then \
+ ( cd ${DISTDIR}; OK=""; \
+ for file in ${_CKSUMFILES}; do \
pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
- CKSUM=`${MD5} < $$file`; \
- CKSUM2=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
- if [ -z "$$CKSUM2" ]; then \
- ${ECHO_MSG} "=> No checksum recorded for $$file."; \
- OK="false"; \
- elif [ "$$CKSUM2" = "IGNORE" ]; then \
- ${ECHO_MSG} "=> Checksum for $$file is set to IGNORE in distinfo file even though"; \
- ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \
- OK="false"; \
+ \
+ ignore_md5="false"; \
+ ignore_sha256="false"; \
+ \
+ if [ ${MD5} != "NO" ]; then \
+ MKSUM_MD5=`${MD5} < $$file`; \
+ CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
+ else \
+ ignore_md5="true"; \
+ fi; \
+ if [ ${SHA256} != "NO" ]; then \
+ MKSUM_SHA256=`${SHA256} < $$file`; \
+ CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
else \
- ckmatch=${FALSE}; \
- for cksum2 in $$CKSUM2; do \
- if [ "$$cksum2" = "$$CKSUM" ]; then \
- ckmatch=${TRUE}; \
+ ignore_sha256="true"; \
+ fi; \
+ \
+ if [ $$ignore_md5 = "false" -a -z "$$CKSUM_MD5" ]; then \
+ ${ECHO_MSG} "=> No MD5 checksum recorded for $$file."; \
+ ignore_md5="true"; \
+ fi; \
+ if [ $$ignore_sha256 = "false" -a -z "$$CKSUM_SHA256" ]; then \
+ ${ECHO_MSG} "=> No SHA256 checksum recorded for $$file."; \
+ ignore_sha256="true"; \
+ fi; \
+ \
+ if [ -z "$$CKSUM_MD5" -a -z "$$CKSUM_SHA256" ]; then \
+ ${ECHO_MSG} "=> No checksum recorded at all!"; \
+ OK=${FALSE}; \
+ fi; \
+ \
+ if [ "$$CKSUM_MD5" = "IGNORE" ]; then \
+ ${ECHO_MSG} "=> MD5 Checksum for $$file is set to IGNORE in distinfo file even though"; \
+ ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \
+ ignore_md5="true"; \
+ OK=${FALSE}; \
+ fi; \
+ if [ "$$CKSUM_SHA256" = "IGNORE" ]; then \
+ ${ECHO_MSG} "=> SHA256 Checksum for $$file is set to IGNORE in distinfo file even though"; \
+ ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \
+ ignore_sha256="true"; \
+ fi; \
+ \
+ if [ $$ignore_md5 = "false" ]; then \
+ match_md5="false"; \
+ for chksum_md5 in $$CKSUM_MD5; do \
+ if [ "$$chksum_md5" = "$$MKSUM_MD5" ]; then \
+ match_md5="true"; \
break; \
fi; \
done; \
- if $$ckmatch; then \
- ${ECHO_MSG} "=> Checksum OK for $$file."; \
+ if [ $$match_md5 = "true" ]; then \
+ ${ECHO_MSG} "=> MD5 Checksum OK for $$file."; \
else \
- ${ECHO_MSG} "=> Checksum mismatch for $$file."; \
+ ${ECHO_MSG} "=> MD5 Checksum mismatch for $$file."; \
refetchlist="$$refetchlist$$file "; \
OK="$${OK:-retry}"; \
fi; \
fi; \
- done; \
- for file in ${_IGNOREFILES}; do \
+ \
+ if [ $$ignore_sha256 = "false" ]; then \
+ match_sha256="false"; \
+ for chksum_sha256 in $$CKSUM_SHA256; do \
+ if [ "$$chksum_sha256" = "$$MKSUM_SHA256" ]; then \
+ match_sha256="true"; \
+ break; \
+ fi; \
+ done; \
+ if [ $$match_sha256 = "true" ]; then \
+ ${ECHO_MSG} "=> SHA256 Checksum OK for $$file."; \
+ else \
+ ${ECHO_MSG} "=> SHA256 Checksum mismatch for $$file."; \
+ refetchlist="$$refetchlist$$file "; \
+ OK="$${OK:-retry}"; \
+ fi; \
+ fi; \
+ \
+ done; \
+ \
+ for file in ${_IGNOREFILES}; do \
pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
- CKSUM2=`${GREP} "($$pattern)" ${MD5_FILE} | ${AWK} '{if(NR<2)print $$4}'`; \
- if [ "$$CKSUM2" = "" ]; then \
- ${ECHO_MSG} "=> No checksum recorded for $$file, file is in "'$$'"{IGNOREFILES} list."; \
- OK="false"; \
- elif [ "$$CKSUM2" != "IGNORE" ]; then \
- ${ECHO_MSG} "=> Checksum for $$file is not set to IGNORE in distinfo file even though"; \
- ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \
- OK="false"; \
- fi; \
- done; \
- if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \
- ${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \
- if ( cd ${.CURDIR} && \
+ \
+ ignore_md5="false"; \
+ ignore_sha256="false"; \
+ \
+ if [ ${MD5} != "NO" ]; then \
+ CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
+ else \
+ ignore_md5="true"; \
+ fi; \
+ \
+ if [ ${SHA256} != "NO" ]; then \
+ CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
+ else \
+ ignore_sha256="true"; \
+ fi; \
+ \
+ if [ $$ignore_md5 = "false" ]; then \
+ if [ -z "$$CKSUM_MD5" ]; then \
+ ${ECHO_MSG} "=> No MD5 checksum for $$file recorded (expected IGNORE)"; \
+ OK="false"; \
+ elif [ $$CKSUM_MD5 != "IGNORE" ]; then \
+ ${ECHO_MSG} "=> MD5 Checksum for $$file is not set to IGNORE in distinfo file even though"; \
+ ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \
+ OK="false"; \
+ fi; \
+ fi; \
+ \
+ if [ $$ignore_sha256 = "false" ]; then \
+ if [ -z "$$CKSUM_SHA256" ]; then \
+ ${ECHO_MSG} "=> No SHA256 checksum for $$file recorded (expected IGNORE)"; \
+ OK="false"; \
+ elif [ $$CKSUM_SHA256 != "IGNORE" ]; then \
+ ${ECHO_MSG} "=> SHA256 Checksum for $$file is not set to IGNORE in distinfo file even though"; \
+ ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \
+ OK="false"; \
+ fi; \
+ fi; \
+ done; \
+ \
+ if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \
+ ${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \
+ if ( cd ${.CURDIR} && \
${MAKE} ${.MAKEFLAGS} FORCE_FETCH="$$refetchlist" FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" fetch); then \
if ( cd ${.CURDIR} && \
${MAKE} ${.MAKEFLAGS} FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" checksum ); then \
OK="true"; \
fi; \
- fi; \
- fi ; \
- if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \
- ${ECHO_MSG} "===> Giving up on fetching files: $$refetchlist"; \
- ${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \
- ${ECHO_MSG} "are up to date. If you are absolutely sure you want to override this"; \
- ${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \
- exit 1; \
- fi; \
- if [ "$$OK" != "true" ]; then \
- exit 1; \
- fi); \
+ fi; \
+ fi ; \
+ \
+ if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \
+ ${ECHO_MSG} "===> Giving up on fetching files: $$refetchlist"; \
+ ${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \
+ ${ECHO_MSG} "are up to date. If you are absolutely sure you want to override this"; \
+ ${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \
+ exit 1; \
+ fi; \
+ if [ "$$OK" != "true" ]; then \
+ exit 1; \
+ fi \
+ ); \
elif [ -n "${_CKSUMFILES:M*}" ]; then \
${ECHO_MSG} "=> No checksum file (${MD5_FILE})."; \
fi
This is the new checksum target as it will be:
.if !target(checksum)
checksum: fetch
@ \
if [ -f ${MD5_FILE} ]; then \
( cd ${DISTDIR}; OK=""; \
for file in ${_CKSUMFILES}; do \
pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
\
ignore_md5="false"; \
ignore_sha256="false"; \
\
if [ ${MD5} != "NO" ]; then \
MKSUM_MD5=`${MD5} < $$file`; \
CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
else \
ignore_md5="true"; \
fi; \
if [ ${SHA256} != "NO" ]; then \
MKSUM_SHA256=`${SHA256} < $$file`; \
CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
else \
ignore_sha256="true"; \
fi; \
\
if [ $$ignore_md5 = "false" -a -z "$$CKSUM_MD5" ]; then \
${ECHO_MSG} "=> No MD5 checksum recorded for $$file."; \
ignore_md5="true"; \
fi; \
if [ $$ignore_sha256 = "false" -a -z "$$CKSUM_SHA256" ]; then \
${ECHO_MSG} "=> No SHA256 checksum recorded for $$file."; \
ignore_sha256="true"; \
fi; \
\
if [ -z "$$CKSUM_MD5" -a -z "$$CKSUM_SHA256" ]; then \
${ECHO_MSG} "=> No checksum recorded at all!"; \
OK=${FALSE}; \
fi; \
\
if [ "$$CKSUM_MD5" = "IGNORE" ]; then \
${ECHO_MSG} "=> MD5 Checksum for $$file is set to IGNORE in distinfo file even though"; \
${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \
ignore_md5="true"; \
OK=${FALSE}; \
fi; \
if [ "$$CKSUM_SHA256" = "IGNORE" ]; then \
${ECHO_MSG} "=> SHA256 Checksum for $$file is set to IGNORE in distinfo file even though"; \
${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \
ignore_sha256="true"; \
fi; \
\
if [ $$ignore_md5 = "false" ]; then \
match_md5="false"; \
for chksum_md5 in $$CKSUM_MD5; do \
if [ "$$chksum_md5" = "$$MKSUM_MD5" ]; then \
match_md5="true"; \
break; \
fi; \
done; \
if [ $$match_md5 = "true" ]; then \
${ECHO_MSG} "=> MD5 Checksum OK for $$file."; \
else \
${ECHO_MSG} "=> MD5 Checksum mismatch for $$file."; \
refetchlist="$$refetchlist$$file "; \
OK="$${OK:-retry}"; \
fi; \
fi; \
\
if [ $$ignore_sha256 = "false" ]; then \
match_sha256="false"; \
for chksum_sha256 in $$CKSUM_SHA256; do \
if [ "$$chksum_sha256" = "$$MKSUM_SHA256" ]; then \
match_sha256="true"; \
break; \
fi; \
done; \
if [ $$match_sha256 = "true" ]; then \
${ECHO_MSG} "=> SHA256 Checksum OK for $$file."; \
else \
${ECHO_MSG} "=> SHA256 Checksum mismatch for $$file."; \
refetchlist="$$refetchlist$$file "; \
OK="$${OK:-retry}"; \
fi; \
fi; \
\
done; \
\
for file in ${_IGNOREFILES}; do \
pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
\
ignore_md5="false"; \
ignore_sha256="false"; \
\
if [ ${MD5} != "NO" ]; then \
CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
else \
ignore_md5="true"; \
fi; \
\
if [ ${SHA256} != "NO" ]; then \
CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
else \
ignore_sha256="true"; \
fi; \
\
if [ $$ignore_md5 = "false" ]; then \
if [ -z "$$CKSUM_MD5" ]; then \
${ECHO_MSG} "=> No MD5 checksum for $$file recorded (expected IGNORE)"; \
OK="false"; \
elif [ $$CKSUM_MD5 != "IGNORE" ]; then \
${ECHO_MSG} "=> MD5 Checksum for $$file is not set to IGNORE in distinfo file even though"; \
${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \
OK="false"; \
fi; \
fi; \
\
if [ $$ignore_sha256 = "false" ]; then \
if [ -z "$$CKSUM_SHA256" ]; then \
${ECHO_MSG} "=> No SHA256 checksum for $$file recorded (expected IGNORE)"; \
OK="false"; \
elif [ $$CKSUM_SHA256 != "IGNORE" ]; then \
${ECHO_MSG} "=> SHA256 Checksum for $$file is not set to IGNORE in distinfo file even though"; \
${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \
OK="false"; \
fi; \
fi; \
done; \
\
if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \
${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \
if ( cd ${.CURDIR} && \
${MAKE} ${.MAKEFLAGS} FORCE_FETCH="$$refetchlist" FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" fetch); then \
if ( cd ${.CURDIR} && \
${MAKE} ${.MAKEFLAGS} FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" checksum ); then \
OK="true"; \
fi; \
fi; \
fi ; \
\
if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \
${ECHO_MSG} "===> Giving up on fetching files: $$refetchlist"; \
${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \
${ECHO_MSG} "are up to date. If you are absolutely sure you want to override this"; \
${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \
exit 1; \
fi; \
if [ "$$OK" != "true" ]; then \
exit 1; \
fi \
); \
elif [ -n "${_CKSUMFILES:M*}" ]; then \
${ECHO_MSG} "=> No checksum file (${MD5_FILE})."; \
fi
.endif
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050322114147.139136181>