Bug 79123
| Summary: | [patch] bsd.port.mk - add SHA256 support to "make checksum" | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | edwin |
| Component: | Individual Port(s) | Assignee: | Port Management Team <portmgr> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
Responsible Changed From-To: freebsd-ports-bugs->portmgr Port manager territory[sp] This is a new patch, which removes the duplicate code and does some
more checking of the files required. It introduces a new variable,
CHECKSUM_ALGORITHMS, which can be set to the algorithms to be used.
For example: CHECKSUM_ALGORITHMS= sha256 md5.
At the end again is the full "Checksumming utilities" port of
bsd.port.mk for easier reading and understanding.
--- bsd.port.mk.orig Tue Mar 22 19:48:55 2005
+++ bsd.port.mk Wed Mar 23 11:59:04 2005
@@ -887,6 +887,11 @@
# - If set, it will overwrite any existing package
# registration information in ${PKG_DBDIR}/${PKGNAME}.
# NO_DEPENDS - Don't verify build of dependencies.
+# CHECKSUM_ALGORITHMS
+# - Different checksum algorithms to check for verifying the
+# integrity of the distfiles. The absence of the algorithm
+# in distinfo doesn't make it fail.
+# Default: md5
# NO_CHECKSUM - Don't verify the checksum. Typically used when
# when you noticed the distfile you just fetched has
# a different checksum and you intend to verify if
@@ -1852,6 +1857,16 @@
.else
MD5?= md5
.endif
+.if exists(/sbin/sha256)
+SHA256?= /sbin/sha256
+.elif exists(${LOCALBASE}/sbin/sha256)
+SHA256?= ${LOCALBASE}/sbin/sha256
+.else
+SHA256?= NO
+.endif
+
+CHECKSUM_ALGORITHMS?= md5 sha256
+
MD5_FILE?= ${MASTERDIR}/distinfo
MAKE_FLAGS?= -f
@@ -4086,88 +4101,172 @@
# Checksumming utilities
+check-checksum-algorithms:
+ @ \
+ ${checksum_init} \
+ \
+ for alg in ${CHECKSUM_ALGORITHMS:U}; do \
+ eval alg_executable=\$$$$alg; \
+ if [ -z "$$alg_executable" ]; then \
+ ${ECHO_CMD} "Checksum algorithm $$alg: Couldn't find the executable."; \
+ ${ECHO_CMD} "Set $$alg=/path/to/$$alg in /etc/make.conf and try again."; \
+ exit 1; \
+ fi; \
+ done; \
+
+checksum_init=\
+ SHA256=${SHA256}; \
+ MD5=${MD5};
+
.if !target(makesum)
-makesum:
+makesum: check-checksum-algorithms
@cd ${.CURDIR} && ${MAKE} ${__softMAKEFLAGS} fetch NO_CHECKSUM=yes \
DISABLE_SIZE=yes
@if [ -f ${MD5_FILE} ]; then ${CAT} /dev/null > ${MD5_FILE}; fi
- @(cd ${DISTDIR}; \
- for file in ${_CKSUMFILES}; do \
- ${MD5} $$file >> ${MD5_FILE}; \
- if [ -z "${NO_SIZE}" ]; then \
- ${ECHO_CMD} "SIZE ($$file) = "`${LS} -ALln $$file | ${AWK} '{print $$5}'` >> ${MD5_FILE}; \
- fi; \
- done)
+ @( \
+ cd ${DISTDIR}; \
+ \
+ ${checksum_init} \
+ \
+ for file in ${_CKSUMFILES}; do \
+ for alg in ${CHECKSUM_ALGORITHMS:U}; do \
+ eval alg_executable=\$$$$alg; \
+ \
+ if [ $$alg_executable != "NO" ]; then \
+ $$alg_executable $$file >> ${MD5_FILE}; \
+ fi; \
+ done; \
+ if [ -z "${NO_SIZE}" ]; then \
+ ${ECHO_CMD} "SIZE ($$file) = "`${LS} -ALln $$file | ${AWK} '{print $$5}'` >> ${MD5_FILE}; \
+ fi; \
+ done \
+ )
@for file in ${_IGNOREFILES}; do \
- ${ECHO_CMD} "MD5 ($$file) = IGNORE" >> ${MD5_FILE}; \
+ for alg in ${CHECKSUM_ALGORITHMS:U}; do \
+ ${ECHO_CMD} "$$alg ($$file) = IGNORE" >> ${MD5_FILE}; \
+ done; \
done
.endif
-
.if !target(checksum)
-checksum: fetch
- @if [ -f ${MD5_FILE} ]; then \
- (cd ${DISTDIR}; OK=""; \
- for file in ${_CKSUMFILES}; do \
+checksum: fetch check-checksum-algorithms
+ @ \
+ \
+ ${checksum_init} \
+ \
+ if [ -f ${MD5_FILE} ]; then \
+ ( cd ${DISTDIR}; OK=""; \
+ for file in ${_CKSUMFILES}; do \
pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
- CKSUM=`${MD5} < $$file`; \
- CKSUM2=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
- if [ -z "$$CKSUM2" ]; then \
- ${ECHO_MSG} "=> No checksum recorded for $$file."; \
- OK="false"; \
- elif [ "$$CKSUM2" = "IGNORE" ]; then \
- ${ECHO_MSG} "=> Checksum for $$file is set to IGNORE in distinfo file even though"; \
- ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \
- OK="false"; \
- else \
- ckmatch=${FALSE}; \
- for cksum2 in $$CKSUM2; do \
- if [ "$$cksum2" = "$$CKSUM" ]; then \
- ckmatch=${TRUE}; \
- break; \
- fi; \
- done; \
- if $$ckmatch; then \
- ${ECHO_MSG} "=> Checksum OK for $$file."; \
+ \
+ ignored="true"; \
+ for alg in ${CHECKSUM_ALGORITHMS:U}; do \
+ ignore="false"; \
+ eval alg_executable=\$$$$alg; \
+ \
+ if [ $$alg_executable != "NO" ]; then \
+ MKSUM=`$$alg_executable < $$file`; \
+ CKSUM=`${GREP} "^$$alg ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
else \
- ${ECHO_MSG} "=> Checksum mismatch for $$file."; \
- refetchlist="$$refetchlist$$file "; \
- OK="$${OK:-retry}"; \
+ ignore="true"; \
fi; \
+ \
+ if [ $$ignore = "false" -a -z "$$CKSUM" ]; then \
+ ${ECHO_MSG} "=> No $$alg checksum recorded for $$file."; \
+ ignore="true"; \
+ fi; \
+ \
+ if [ "$$CKSUM" = "IGNORE" ]; then \
+ ${ECHO_MSG} "=> $$alg Checksum for $$file is set to IGNORE in distinfo file even though"; \
+ ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \
+ ignore="true"; \
+ OK=${FALSE}; \
+ fi; \
+ \
+ if [ $$ignore = "false" ]; then \
+ match="false"; \
+ for chksum in $$CKSUM; do \
+ if [ "$$chksum" = "$$MKSUM" ]; then \
+ match="true"; \
+ break; \
+ fi; \
+ done; \
+ if [ $$match = "true" ]; then \
+ ${ECHO_MSG} "=> $$alg Checksum OK for $$file."; \
+ ignored="false"; \
+ else \
+ ${ECHO_MSG} "=> $$alg Checksum mismatch for $$file."; \
+ refetchlist="$$refetchlist$$file "; \
+ OK="$${OK:-retry}"; \
+ ignored="false"; \
+ fi; \
+ fi; \
+ done; \
+ \
+ if [ $$ignored = "true" ]; then \
+ ${ECHO_MSG} "=> No suitable checksum found for $$file."; \
+ OK="${FALSE}"; \
fi; \
- done; \
- for file in ${_IGNOREFILES}; do \
+ \
+ done; \
+ \
+ for file in ${_IGNOREFILES}; do \
pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
- CKSUM2=`${GREP} "($$pattern)" ${MD5_FILE} | ${AWK} '{if(NR<2)print $$4}'`; \
- if [ "$$CKSUM2" = "" ]; then \
- ${ECHO_MSG} "=> No checksum recorded for $$file, file is in "'$$'"{IGNOREFILES} list."; \
- OK="false"; \
- elif [ "$$CKSUM2" != "IGNORE" ]; then \
- ${ECHO_MSG} "=> Checksum for $$file is not set to IGNORE in distinfo file even though"; \
- ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \
- OK="false"; \
+ \
+ ignored="true"; \
+ for alg in ${CHECKSUM_ALGORITHMS:U}; do \
+ ignore="false"; \
+ eval alg_executable=\$$$$alg; \
+ \
+ if [ $$alg_executable != "NO" ]; then \
+ CKSUM=`${GREP} "^$$alg ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
+ else \
+ ignore="true"; \
+ fi; \
+ \
+ if [ $$ignore = "false" ]; then \
+ if [ -z "$$CKSUM" ]; then \
+ ${ECHO_MSG} "=> No $$alg checksum for $$file recorded (expected IGNORE)"; \
+ OK="false"; \
+ elif [ $$CKSUM != "IGNORE" ]; then \
+ ${ECHO_MSG} "=> $$alg Checksum for $$file is not set to IGNORE in distinfo file even though"; \
+ ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \
+ OK="false"; \
+ else \
+ ignored="false"; \
+ fi; \
+ fi; \
+ done; \
+ \
+ if [ $$ignored = "true" ]; then \
+ ${ECHO_MSG} "=> No suitable checksum found for $$file."; \
+ OK="${FALSE}"; \
fi; \
- done; \
- if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \
- ${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \
- if ( cd ${.CURDIR} && \
+ \
+ done; \
+ \
+ if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \
+ ${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \
+ if ( cd ${.CURDIR} && \
${MAKE} ${.MAKEFLAGS} FORCE_FETCH="$$refetchlist" FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" fetch); then \
if ( cd ${.CURDIR} && \
${MAKE} ${.MAKEFLAGS} FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" checksum ); then \
OK="true"; \
fi; \
- fi; \
- fi ; \
- if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \
- ${ECHO_MSG} "===> Giving up on fetching files: $$refetchlist"; \
- ${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \
- ${ECHO_MSG} "are up to date. If you are absolutely sure you want to override this"; \
- ${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \
- exit 1; \
- fi; \
- if [ "$$OK" != "true" ]; then \
- exit 1; \
- fi); \
+ fi; \
+ fi ; \
+ \
+ if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \
+ ${ECHO_MSG} "===> Giving up on fetching files: $$refetchlist"; \
+ ${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \
+ ${ECHO_MSG} "are up to date. If you are absolutely sure you want to override this"; \
+ ${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \
+ exit 1; \
+ fi; \
+ if [ "$$OK" != "true" ]; then \
+ exit 1; \
+ fi \
+ ); \
elif [ -n "${_CKSUMFILES:M*}" ]; then \
${ECHO_MSG} "=> No checksum file (${MD5_FILE})."; \
fi
:r /tmp/aaa
# Checksumming utilities
check-checksum-algorithms:
@ \
${checksum_init} \
\
for alg in ${CHECKSUM_ALGORITHMS:U}; do \
eval alg_executable=\$$$$alg; \
if [ -z "$$alg_executable" ]; then \
${ECHO_CMD} "Checksum algorithm $$alg: Couldn't find the executable."; \
${ECHO_CMD} "Set $$alg=/path/to/$$alg in /etc/make.conf and try again."; \
exit 1; \
fi; \
done; \
checksum_init=\
SHA256=${SHA256}; \
MD5=${MD5};
.if !target(makesum)
makesum: check-checksum-algorithms
@cd ${.CURDIR} && ${MAKE} ${__softMAKEFLAGS} fetch NO_CHECKSUM=yes \
DISABLE_SIZE=yes
@if [ -f ${MD5_FILE} ]; then ${CAT} /dev/null > ${MD5_FILE}; fi
@( \
cd ${DISTDIR}; \
\
${checksum_init} \
\
for file in ${_CKSUMFILES}; do \
for alg in ${CHECKSUM_ALGORITHMS:U}; do \
eval alg_executable=\$$$$alg; \
\
if [ $$alg_executable != "NO" ]; then \
$$alg_executable $$file >> ${MD5_FILE}; \
fi; \
done; \
if [ -z "${NO_SIZE}" ]; then \
${ECHO_CMD} "SIZE ($$file) = "`${LS} -ALln $$file | ${AWK} '{print $$5}'` >> ${MD5_FILE}; \
fi; \
done \
)
@for file in ${_IGNOREFILES}; do \
for alg in ${CHECKSUM_ALGORITHMS:U}; do \
${ECHO_CMD} "$$alg ($$file) = IGNORE" >> ${MD5_FILE}; \
done; \
done
.endif
.if !target(checksum)
checksum: fetch check-checksum-algorithms
@ \
\
${checksum_init} \
\
if [ -f ${MD5_FILE} ]; then \
( cd ${DISTDIR}; OK=""; \
for file in ${_CKSUMFILES}; do \
pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
\
ignored="true"; \
for alg in ${CHECKSUM_ALGORITHMS:U}; do \
ignore="false"; \
eval alg_executable=\$$$$alg; \
\
if [ $$alg_executable != "NO" ]; then \
MKSUM=`$$alg_executable < $$file`; \
CKSUM=`${GREP} "^$$alg ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
else \
ignore="true"; \
fi; \
\
if [ $$ignore = "false" -a -z "$$CKSUM" ]; then \
${ECHO_MSG} "=> No $$alg checksum recorded for $$file."; \
ignore="true"; \
fi; \
\
if [ "$$CKSUM" = "IGNORE" ]; then \
${ECHO_MSG} "=> $$alg Checksum for $$file is set to IGNORE in distinfo file even though"; \
${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \
ignore="true"; \
OK=${FALSE}; \
fi; \
\
if [ $$ignore = "false" ]; then \
match="false"; \
for chksum in $$CKSUM; do \
if [ "$$chksum" = "$$MKSUM" ]; then \
match="true"; \
break; \
fi; \
done; \
if [ $$match = "true" ]; then \
${ECHO_MSG} "=> $$alg Checksum OK for $$file."; \
ignored="false"; \
else \
${ECHO_MSG} "=> $$alg Checksum mismatch for $$file."; \
refetchlist="$$refetchlist$$file "; \
OK="$${OK:-retry}"; \
ignored="false"; \
fi; \
fi; \
done; \
\
if [ $$ignored = "true" ]; then \
${ECHO_MSG} "=> No suitable checksum found for $$file."; \
OK="${FALSE}"; \
fi; \
\
done; \
\
for file in ${_IGNOREFILES}; do \
pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
\
ignored="true"; \
for alg in ${CHECKSUM_ALGORITHMS:U}; do \
ignore="false"; \
eval alg_executable=\$$$$alg; \
\
if [ $$alg_executable != "NO" ]; then \
CKSUM=`${GREP} "^$$alg ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
else \
ignore="true"; \
fi; \
\
if [ $$ignore = "false" ]; then \
if [ -z "$$CKSUM" ]; then \
${ECHO_MSG} "=> No $$alg checksum for $$file recorded (expected IGNORE)"; \
OK="false"; \
elif [ $$CKSUM != "IGNORE" ]; then \
${ECHO_MSG} "=> $$alg Checksum for $$file is not set to IGNORE in distinfo file even though"; \
${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \
OK="false"; \
else \
ignored="false"; \
fi; \
fi; \
done; \
\
if [ $$ignored = "true" ]; then \
${ECHO_MSG} "=> No suitable checksum found for $$file."; \
OK="${FALSE}"; \
fi; \
\
done; \
\
if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \
${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \
if ( cd ${.CURDIR} && \
${MAKE} ${.MAKEFLAGS} FORCE_FETCH="$$refetchlist" FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" fetch); then \
if ( cd ${.CURDIR} && \
${MAKE} ${.MAKEFLAGS} FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" checksum ); then \
OK="true"; \
fi; \
fi; \
fi ; \
\
if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \
${ECHO_MSG} "===> Giving up on fetching files: $$refetchlist"; \
${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \
${ECHO_MSG} "are up to date. If you are absolutely sure you want to override this"; \
${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \
exit 1; \
fi; \
if [ "$$OK" != "true" ]; then \
exit 1; \
fi \
); \
elif [ -n "${_CKSUMFILES:M*}" ]; then \
${ECHO_MSG} "=> No checksum file (${MD5_FILE})."; \
fi
.endif
--
Edwin Groothuis | Personal website: http://www.mavetju.org
edwin@mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/
ksum" Reply-To: Example of how it can easily be extended: [~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>SHA1=/usr/local/sbin/sha1 CHECKSUM_ALGORITHMS="sha256 md5 sha1" make makesum ===> Vulnerability check disabled, database not found [~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>cat distinfo SHA256 (freebsd-sha256-20050310.tar.gz) = b75e964ecb77b54803cb0a90376bb830ed6b5fbd7130ef56165a8566e705cbea MD5 (freebsd-sha256-20050310.tar.gz) = 50a21ec5a4f75ad0a644c1139f7b0865 SHA1 (freebsd-sha256-20050310.tar.gz) = f0a5fa0db54a6e36d56cd0f23d92b1915628c9a4 SIZE (freebsd-sha256-20050310.tar.gz) = 8401 [~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>SHA1=/usr/local/sbin/sha1 CHECKSUM_ALGORITHMS="sha256 md5 sha1" make checksum ===> Vulnerability check disabled, database not found => SHA256 Checksum OK for freebsd-sha256-20050310.tar.gz. => MD5 Checksum OK for freebsd-sha256-20050310.tar.gz. => SHA1 Checksum OK for freebsd-sha256-20050310.tar.gz. -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/ On Tue, Mar 22, 2005 at 03:41:03PM -0500, Jason Harris wrote: > On Tue, Mar 22, 2005 at 10:41:47PM +1100, Edwin Groothuis wrote: > > > >Number: 79123 > > >Category: ports > > >Synopsis: [patch] bsd.port.mk - add SHA256 support to "make checksum" > > > >Description: > > > > With the support of sha256 in the base OS (>600020) and the > > ports system (sysutils/freebsd-sha256), it's time to support > > sha256 checksums in the ports system. > > Also, are you aware of PR ports/56641 and PR ports/67361? While the > latter says it is now a part of ports/devel/portmk, ports/Mk/bsd.port.mk > still doesn't support checksums other than MD5 (IINM). No, I wasn't aware of them. I didn't look for them neither before I started. I knew there could be, but I just wanted to set my teeth in it and present my solution. From my point of view (IMHO etc), the checksum target was really getting messy and before you could add additional features it needed some reorganising and restructuring of the code. > submit with my PRs. Hopefully, portmgr@ will approve your patch and > more people will start generating and checking SHA-256 hashes. It will At least they can't say that nobody submitted patches :-) > be nice if FreeBSD widely adopts SHA-256 before (all, or at least) most > other OSes. I'd also like to see FreeBSD finally adopt SHA-1 and RIPEMD- > 160, however, because projects like GPG have only recently traded MD5 for > SHA-1 in their release announcements, for example, and for easier > comparison/bootstrapping with NetBSD and OpenBSD distinfo files. Absolutely. I'm hoping to hear something from portmgrs idea on these features. Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/ State Changed From-To: open->analyzed Will be tested during next exp. build. State Changed From-To: analyzed->closed Committed. Thanks! |
With the support of sha256 in the base OS (>600020) and the ports system (sysutils/freebsd-sha256), it's time to support sha256 checksums in the ports system. What this patch does is: - Add support for the SHA256 variable (auto detected!) - Add support for sha256 checksums in "make makesum". - Add support to check sha256 checksums in "make checksum". It basically tears the checksum target apart, copies it, uses a black marker to add _sha256 and _md5 suffixes and glues it back. As usual, backwards compatible without extra effort: it doesn't do anything on systems < 6000200 or when sysutils/freebsd-sha256 isn't installed. Fix: The patch looks scary, but the checksum target (after the patch) explains it better. This is the new checksum target as it will be: .if !target(checksum) checksum: fetch @ \ if [ -f ${MD5_FILE} ]; then \ ( cd ${DISTDIR}; OK=""; \ for file in ${_CKSUMFILES}; do \ pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \ \ ignore_md5="false"; \ ignore_sha256="false"; \ \ if [ ${MD5} != "NO" ]; then \ MKSUM_MD5=`${MD5} < $$file`; \ CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \ else \ ignore_md5="true"; \ fi; \ if [ ${SHA256} != "NO" ]; then \ MKSUM_SHA256=`${SHA256} < $$file`; \ CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \ else \ ignore_sha256="true"; \ fi; \ \ if [ $$ignore_md5 = "false" -a -z "$$CKSUM_MD5" ]; then \ ${ECHO_MSG} "=> No MD5 checksum recorded for $$file."; \ ignore_md5="true"; \ fi; \ if [ $$ignore_sha256 = "false" -a -z "$$CKSUM_SHA256" ]; then \ ${ECHO_MSG} "=> No SHA256 checksum recorded for $$file."; \ ignore_sha256="true"; \ fi; \ \ if [ -z "$$CKSUM_MD5" -a -z "$$CKSUM_SHA256" ]; then \ ${ECHO_MSG} "=> No checksum recorded at all!"; \ OK=${FALSE}; \ fi; \ \ if [ "$$CKSUM_MD5" = "IGNORE" ]; then \ ${ECHO_MSG} "=> MD5 Checksum for $$file is set to IGNORE in distinfo file even though"; \ ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \ ignore_md5="true"; \ OK=${FALSE}; \ fi; \ if [ "$$CKSUM_SHA256" = "IGNORE" ]; then \ ${ECHO_MSG} "=> SHA256 Checksum for $$file is set to IGNORE in distinfo file even though"; \ ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \ ignore_sha256="true"; \ fi; \ \ if [ $$ignore_md5 = "false" ]; then \ match_md5="false"; \ for chksum_md5 in $$CKSUM_MD5; do \ if [ "$$chksum_md5" = "$$MKSUM_MD5" ]; then \ match_md5="true"; \ break; \ fi; \ done; \ if [ $$match_md5 = "true" ]; then \ ${ECHO_MSG} "=> MD5 Checksum OK for $$file."; \ else \ ${ECHO_MSG} "=> MD5 Checksum mismatch for $$file."; \ refetchlist="$$refetchlist$$file "; \ OK="$${OK:-retry}"; \ fi; \ fi; \ \ if [ $$ignore_sha256 = "false" ]; then \ match_sha256="false"; \ for chksum_sha256 in $$CKSUM_SHA256; do \ if [ "$$chksum_sha256" = "$$MKSUM_SHA256" ]; then \ match_sha256="true"; \ break; \ fi; \ done; \ if [ $$match_sha256 = "true" ]; then \ ${ECHO_MSG} "=> SHA256 Checksum OK for $$file."; \ else \ ${ECHO_MSG} "=> SHA256 Checksum mismatch for $$file."; \ refetchlist="$$refetchlist$$file "; \ OK="$${OK:-retry}"; \ fi; \ fi; \ \ done; \ \ for file in ${_IGNOREFILES}; do \ pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \ \ ignore_md5="false"; \ ignore_sha256="false"; \ \ if [ ${MD5} != "NO" ]; then \ CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \ else \ ignore_md5="true"; \ fi; \ \ if [ ${SHA256} != "NO" ]; then \ CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \ else \ ignore_sha256="true"; \ fi; \ \ if [ $$ignore_md5 = "false" ]; then \ if [ -z "$$CKSUM_MD5" ]; then \ ${ECHO_MSG} "=> No MD5 checksum for $$file recorded (expected IGNORE)"; \ OK="false"; \ elif [ $$CKSUM_MD5 != "IGNORE" ]; then \ ${ECHO_MSG} "=> MD5 Checksum for $$file is not set to IGNORE in distinfo file even though"; \ ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \ OK="false"; \ fi; \ fi; \ \ if [ $$ignore_sha256 = "false" ]; then \ if [ -z "$$CKSUM_SHA256" ]; then \ ${ECHO_MSG} "=> No SHA256 checksum for $$file recorded (expected IGNORE)"; \ OK="false"; \ elif [ $$CKSUM_SHA256 != "IGNORE" ]; then \ ${ECHO_MSG} "=> SHA256 Checksum for $$file is not set to IGNORE in distinfo file even though"; \ ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \ OK="false"; \ fi; \ fi; \ done; \ \ if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \ ${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \ if ( cd ${.CURDIR} && \ ${MAKE} ${.MAKEFLAGS} FORCE_FETCH="$$refetchlist" FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" fetch); then \ if ( cd ${.CURDIR} && \ ${MAKE} ${.MAKEFLAGS} FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" checksum ); then \ OK="true"; \ fi; \ fi; \ fi ; \ \ if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \ ${ECHO_MSG} "===> Giving up on fetching files: $$refetchlist"; \ ${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \ ${ECHO_MSG} "are up to date. If you are absolutely sure you want to override this"; \ ${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \ exit 1; \ fi; \ if [ "$$OK" != "true" ]; then \ exit 1; \ fi \ ); \ elif [ -n "${_CKSUMFILES:M*}" ]; then \ ${ECHO_MSG} "=> No checksum file (${MD5_FILE})."; \ fi .endif--hsLmr6S0xPVdF0WYjl8VzNrsUgI7SK0ssz6VDSXQkyT7c1Aw Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" --- bsd.port.mk.orig Tue Mar 22 19:48:55 2005 +++ bsd.port.mk Tue Mar 22 21:51:46 2005 @@ -1852,6 +1852,14 @@ .else MD5?= md5 .endif +.if exists(/sbin/sha256) +SHA256?= /sbin/sha256 +.elif exists(${LOCALBASE}/sbin/sha256) +SHA256?= ${LOCALBASE}/sbin/sha256 +.else +SHA256?= NO +.endif + MD5_FILE?= ${MASTERDIR}/distinfo MAKE_FLAGS?= -f @@ -4093,81 +4101,172 @@ @if [ -f ${MD5_FILE} ]; then ${CAT} /dev/null > ${MD5_FILE}; fi @(cd ${DISTDIR}; \ for file in ${_CKSUMFILES}; do \ - ${MD5} $$file >> ${MD5_FILE}; \ + if [ ${MD5} != "NO" ]; then \ + ${MD5} $$file >> ${MD5_FILE}; \ + fi; \ + if [ ${SHA256} != "NO" ]; then \ + ${SHA256} $$file >> ${MD5_FILE}; \ + fi; \ if [ -z "${NO_SIZE}" ]; then \ ${ECHO_CMD} "SIZE ($$file) = "`${LS} -ALln $$file | ${AWK} '{print $$5}'` >> ${MD5_FILE}; \ fi; \ done) @for file in ${_IGNOREFILES}; do \ ${ECHO_CMD} "MD5 ($$file) = IGNORE" >> ${MD5_FILE}; \ + ${ECHO_CMD} "SHA256 ($$file) = IGNORE" >> ${MD5_FILE}; \ done .endif .if !target(checksum) checksum: fetch - @if [ -f ${MD5_FILE} ]; then \ - (cd ${DISTDIR}; OK=""; \ - for file in ${_CKSUMFILES}; do \ + @ \ + if [ -f ${MD5_FILE} ]; then \ + ( cd ${DISTDIR}; OK=""; \ + for file in ${_CKSUMFILES}; do \ pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \ - CKSUM=`${MD5} < $$file`; \ - CKSUM2=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \ - if [ -z "$$CKSUM2" ]; then \ - ${ECHO_MSG} "=> No checksum recorded for $$file."; \ - OK="false"; \ - elif [ "$$CKSUM2" = "IGNORE" ]; then \ - ${ECHO_MSG} "=> Checksum for $$file is set to IGNORE in distinfo file even though"; \ - ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \ - OK="false"; \ + \ + ignore_md5="false"; \ + ignore_sha256="false"; \ + \ + if [ ${MD5} != "NO" ]; then \ + MKSUM_MD5=`${MD5} < $$file`; \ + CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \ + else \ + ignore_md5="true"; \ + fi; \ + if [ ${SHA256} != "NO" ]; then \ + MKSUM_SHA256=`${SHA256} < $$file`; \ + CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \ else \ - ckmatch=${FALSE}; \ - for cksum2 in $$CKSUM2; do \ - if [ "$$cksum2" = "$$CKSUM" ]; then \ - ckmatch=${TRUE}; \ + ignore_sha256="true"; \ + fi; \ + \ + if [ $$ignore_md5 = "false" -a -z "$$CKSUM_MD5" ]; then \ + ${ECHO_MSG} "=> No MD5 checksum recorded for $$file."; \ + ignore_md5="true"; \ + fi; \ + if [ $$ignore_sha256 = "false" -a -z "$$CKSUM_SHA256" ]; then \ + ${ECHO_MSG} "=> No SHA256 checksum recorded for $$file."; \ + ignore_sha256="true"; \ + fi; \ + \ + if [ -z "$$CKSUM_MD5" -a -z "$$CKSUM_SHA256" ]; then \ + ${ECHO_MSG} "=> No checksum recorded at all!"; \ + OK=${FALSE}; \ + fi; \ + \ + if [ "$$CKSUM_MD5" = "IGNORE" ]; then \ + ${ECHO_MSG} "=> MD5 Checksum for $$file is set to IGNORE in distinfo file even though"; \ + ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \ + ignore_md5="true"; \ + OK=${FALSE}; \ + fi; \ + if [ "$$CKSUM_SHA256" = "IGNORE" ]; then \ + ${ECHO_MSG} "=> SHA256 Checksum for $$file is set to IGNORE in distinfo file even though"; \ + ${ECHO_MSG} " the file is not in the "'$$'"{IGNOREFILES} list."; \ + ignore_sha256="true"; \ + fi; \ + \ + if [ $$ignore_md5 = "false" ]; then \ + match_md5="false"; \ + for chksum_md5 in $$CKSUM_MD5; do \ + if [ "$$chksum_md5" = "$$MKSUM_MD5" ]; then \ + match_md5="true"; \ break; \ fi; \ done; \ - if $$ckmatch; then \ - ${ECHO_MSG} "=> Checksum OK for $$file."; \ + if [ $$match_md5 = "true" ]; then \ + ${ECHO_MSG} "=> MD5 Checksum OK for $$file."; \ else \ - ${ECHO_MSG} "=> Checksum mismatch for $$file."; \ + ${ECHO_MSG} "=> MD5 Checksum mismatch for $$file."; \ refetchlist="$$refetchlist$$file "; \ OK="$${OK:-retry}"; \ fi; \ fi; \ - done; \ - for file in ${_IGNOREFILES}; do \ + \ + if [ $$ignore_sha256 = "false" ]; then \ + match_sha256="false"; \ + for chksum_sha256 in $$CKSUM_SHA256; do \ + if [ "$$chksum_sha256" = "$$MKSUM_SHA256" ]; then \ + match_sha256="true"; \ + break; \ + fi; \ + done; \ + if [ $$match_sha256 = "true" ]; then \ + ${ECHO_MSG} "=> SHA256 Checksum OK for $$file."; \ + else \ + ${ECHO_MSG} "=> SHA256 Checksum mismatch for $$file."; \ + refetchlist="$$refetchlist$$file "; \ + OK="$${OK:-retry}"; \ + fi; \ + fi; \ + \ + done; \ + \ + for file in ${_IGNOREFILES}; do \ pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \ - CKSUM2=`${GREP} "($$pattern)" ${MD5_FILE} | ${AWK} '{if(NR<2)print $$4}'`; \ - if [ "$$CKSUM2" = "" ]; then \ - ${ECHO_MSG} "=> No checksum recorded for $$file, file is in "'$$'"{IGNOREFILES} list."; \ - OK="false"; \ - elif [ "$$CKSUM2" != "IGNORE" ]; then \ - ${ECHO_MSG} "=> Checksum for $$file is not set to IGNORE in distinfo file even though"; \ - ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \ - OK="false"; \ - fi; \ - done; \ - if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \ - ${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \ - if ( cd ${.CURDIR} && \ + \ + ignore_md5="false"; \ + ignore_sha256="false"; \ + \ + if [ ${MD5} != "NO" ]; then \ + CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \ + else \ + ignore_md5="true"; \ + fi; \ + \ + if [ ${SHA256} != "NO" ]; then \ + CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \ + else \ + ignore_sha256="true"; \ + fi; \ + \ + if [ $$ignore_md5 = "false" ]; then \ + if [ -z "$$CKSUM_MD5" ]; then \ + ${ECHO_MSG} "=> No MD5 checksum for $$file recorded (expected IGNORE)"; \ + OK="false"; \ + elif [ $$CKSUM_MD5 != "IGNORE" ]; then \ + ${ECHO_MSG} "=> MD5 Checksum for $$file is not set to IGNORE in distinfo file even though"; \ + ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \ + OK="false"; \ + fi; \ + fi; \ + \ + if [ $$ignore_sha256 = "false" ]; then \ + if [ -z "$$CKSUM_SHA256" ]; then \ + ${ECHO_MSG} "=> No SHA256 checksum for $$file recorded (expected IGNORE)"; \ + OK="false"; \ + elif [ $$CKSUM_SHA256 != "IGNORE" ]; then \ + ${ECHO_MSG} "=> SHA256 Checksum for $$file is not set to IGNORE in distinfo file even though"; \ + ${ECHO_MSG} " the file is in the "'$$'"{IGNOREFILES} list."; \ + OK="false"; \ + fi; \ + fi; \ + done; \ + \ + if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \ + ${ECHO_MSG} "===> Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \ + if ( cd ${.CURDIR} && \ ${MAKE} ${.MAKEFLAGS} FORCE_FETCH="$$refetchlist" FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" fetch); then \ if ( cd ${.CURDIR} && \ ${MAKE} ${.MAKEFLAGS} FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" checksum ); then \ OK="true"; \ fi; \ - fi; \ - fi ; \ - if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \ - ${ECHO_MSG} "===> Giving up on fetching files: $$refetchlist"; \ - ${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \ - ${ECHO_MSG} "are up to date. If you are absolutely sure you want to override this"; \ - ${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \ - exit 1; \ - fi; \ - if [ "$$OK" != "true" ]; then \ - exit 1; \ - fi); \ + fi; \ + fi ; \ + \ + if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \ + ${ECHO_MSG} "===> Giving up on fetching files: $$refetchlist"; \ + ${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \ + ${ECHO_MSG} "are up to date. If you are absolutely sure you want to override this"; \ + ${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \ + exit 1; \ + fi; \ + if [ "$$OK" != "true" ]; then \ + exit 1; \ + fi \ + ); \ elif [ -n "${_CKSUMFILES:M*}" ]; then \ ${ECHO_MSG} "=> No checksum file (${MD5_FILE})."; \ fi How-To-Repeat: [~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>make checksum ===> Vulnerability check disabled, database not found => No checksum file (/usr/home/edwin/cvs/ports/sysutils/freebsd-sha256/distinfo). [~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>make makesum ===> Vulnerability check disabled, database not found [~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>cat distinfo MD5 (freebsd-sha256-20050310.tar.gz) = 50a21ec5a4f75ad0a644c1139f7b0865 SHA256 (freebsd-sha256-20050310.tar.gz) = b75e964ecb77b54803cb0a90376bb830ed6b5fbd7130ef56165a8566e705cbea SIZE (freebsd-sha256-20050310.tar.gz) = 8401 [~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>make checksum ===> Vulnerability check disabled, database not found => MD5 Checksum OK for freebsd-sha256-20050310.tar.gz. => SHA256 Checksum OK for freebsd-sha256-20050310.tar.gz. [~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>SHA256=NO make checksum ===> Vulnerability check disabled, database not found => MD5 Checksum OK for freebsd-sha256-20050310.tar.gz. With broken checksums: [~/cvs/ports/sysutils/freebsd-sha256] edwin@k7>make checksum ===> Vulnerability check disabled, database not found => MD5 Checksum mismatch for freebsd-sha256-20050310.tar.gz. => SHA256 Checksum OK for freebsd-sha256-20050310.tar.gz. ===> Refetch for 1 more times files: freebsd-sha256-20050310.tar.gz etc etc etc