ports/79123: [patch] bsd.port.mk - add SHA256 support to "make checksum"

Tue Mar 22 11:50:03 UTC 2005

>Number:         79123
>Category:       ports
>Synopsis:       [patch] bsd.port.mk - add SHA256 support to "make checksum"
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 22 11:50:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Edwin Groothuis
>Release:        FreeBSD 5.2.1-RELEASE i386
>Organization:
-
>Environment:
System: FreeBSD k7.mavetju 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #8: Wed Dec 15 16:58:01 EST 2004 edwin at k7.mavetju:/usr/src-5.2.1/sys/i386/compile/k7 i386

>Description:

    With the support of sha256 in the base OS (>600020) and the
    ports system (sysutils/freebsd-sha256), it's time to support
    sha256 checksums in the ports system.

    What this patch does is:

    - Add support for the SHA256 variable (auto detected!)

    - Add support for sha256 checksums in "make makesum".

    - Add support to check sha256 checksums in "make checksum".
      It basically tears the checksum target apart, copies it, uses
      a black marker to add _sha256 and _md5 suffixes and glues it
      back.

    As usual, backwards compatible without extra effort: it doesn't
    do anything on systems < 6000200 or when sysutils/freebsd-sha256
    isn't installed.

>How-To-Repeat:

[~/cvs/ports/sysutils/freebsd-sha256] edwin at k7>make checksum
===>  Vulnerability check disabled, database not found
=> No checksum file (/usr/home/edwin/cvs/ports/sysutils/freebsd-sha256/distinfo).

[~/cvs/ports/sysutils/freebsd-sha256] edwin at k7>make makesum
===>  Vulnerability check disabled, database not found
[~/cvs/ports/sysutils/freebsd-sha256] edwin at k7>cat distinfo 
MD5 (freebsd-sha256-20050310.tar.gz) = 50a21ec5a4f75ad0a644c1139f7b0865
SHA256 (freebsd-sha256-20050310.tar.gz) = b75e964ecb77b54803cb0a90376bb830ed6b5fbd7130ef56165a8566e705cbea
SIZE (freebsd-sha256-20050310.tar.gz) = 8401

[~/cvs/ports/sysutils/freebsd-sha256] edwin at k7>make checksum
===>  Vulnerability check disabled, database not found
=> MD5 Checksum OK for freebsd-sha256-20050310.tar.gz.
=> SHA256 Checksum OK for freebsd-sha256-20050310.tar.gz.

[~/cvs/ports/sysutils/freebsd-sha256] edwin at k7>SHA256=NO make checksum
===>  Vulnerability check disabled, database not found
=> MD5 Checksum OK for freebsd-sha256-20050310.tar.gz.

With broken checksums:

[~/cvs/ports/sysutils/freebsd-sha256] edwin at k7>make checksum
===>  Vulnerability check disabled, database not found
=> MD5 Checksum mismatch for freebsd-sha256-20050310.tar.gz.
=> SHA256 Checksum OK for freebsd-sha256-20050310.tar.gz.
===>  Refetch for 1 more times files: freebsd-sha256-20050310.tar.gz 

etc etc etc


>Fix:

The patch looks scary, but the checksum target (after the patch)
explains it better.

--- bsd.port.mk.orig	Tue Mar 22 19:48:55 2005
+++ bsd.port.mk	Tue Mar 22 21:51:46 2005
@@ -1852,6 +1852,14 @@
 .else
 MD5?=			md5
 .endif
+.if exists(/sbin/sha256)
+SHA256?=		/sbin/sha256
+.elif exists(${LOCALBASE}/sbin/sha256)
+SHA256?=		${LOCALBASE}/sbin/sha256
+.else
+SHA256?=		NO
+.endif
+
 MD5_FILE?=		${MASTERDIR}/distinfo
 
 MAKE_FLAGS?=	-f
@@ -4093,81 +4101,172 @@
 	@if [ -f ${MD5_FILE} ]; then ${CAT} /dev/null > ${MD5_FILE}; fi
 	@(cd ${DISTDIR}; \
 	 for file in ${_CKSUMFILES}; do \
-		${MD5} $$file >> ${MD5_FILE}; \
+		if [ ${MD5} != "NO" ]; then \
+			${MD5} $$file >> ${MD5_FILE}; \
+		fi; \
+		if [ ${SHA256} != "NO" ]; then \
+			${SHA256} $$file >> ${MD5_FILE}; \
+		fi; \
 		if [ -z "${NO_SIZE}" ]; then \
 			${ECHO_CMD} "SIZE ($$file) = "`${LS} -ALln $$file | ${AWK} '{print $$5}'` >> ${MD5_FILE}; \
 		fi; \
 	 done)
 	@for file in ${_IGNOREFILES}; do \
 		${ECHO_CMD} "MD5 ($$file) = IGNORE" >> ${MD5_FILE}; \
+		${ECHO_CMD} "SHA256 ($$file) = IGNORE" >> ${MD5_FILE}; \
 	done
 .endif
 
 
 .if !target(checksum)
 checksum: fetch
-	@if [ -f ${MD5_FILE} ]; then \
-		(cd ${DISTDIR}; OK=""; \
-		  for file in ${_CKSUMFILES}; do \
+	@ \
+	if [ -f ${MD5_FILE} ]; then \
+	(	cd ${DISTDIR}; OK=""; \
+		for file in ${_CKSUMFILES}; do \
 			pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
-			CKSUM=`${MD5} < $$file`; \
-			CKSUM2=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
-			if [ -z "$$CKSUM2" ]; then \
-				${ECHO_MSG} "=> No checksum recorded for $$file."; \
-				OK="false"; \
-			elif [ "$$CKSUM2" = "IGNORE" ]; then \
-				${ECHO_MSG} "=> Checksum for $$file is set to IGNORE in distinfo file even though"; \
-				${ECHO_MSG} "   the file is not in the "'$$'"{IGNOREFILES} list."; \
-				OK="false"; \
+			\
+			ignore_md5="false"; \
+			ignore_sha256="false"; \
+			\
+			if [ ${MD5} != "NO" ]; then \
+				MKSUM_MD5=`${MD5} < $$file`; \
+				CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
+			else \
+				ignore_md5="true"; \
+			fi; \
+			if [ ${SHA256} != "NO" ]; then \
+				MKSUM_SHA256=`${SHA256} < $$file`; \
+				CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
 			else \
-				ckmatch=${FALSE}; \
-				for cksum2 in $$CKSUM2; do \
-					if [ "$$cksum2" = "$$CKSUM" ]; then \
-						ckmatch=${TRUE}; \
+				ignore_sha256="true"; \
+			fi; \
+			\
+			if [ $$ignore_md5 = "false" -a -z "$$CKSUM_MD5" ]; then \
+				${ECHO_MSG} "=> No MD5 checksum recorded for $$file."; \
+				ignore_md5="true"; \
+			fi; \
+			if [ $$ignore_sha256 = "false" -a -z "$$CKSUM_SHA256" ]; then \
+				${ECHO_MSG} "=> No SHA256 checksum recorded for $$file."; \
+				ignore_sha256="true"; \
+			fi; \
+			\
+			if [ -z "$$CKSUM_MD5" -a -z "$$CKSUM_SHA256" ]; then \
+				${ECHO_MSG} "=> No checksum recorded at all!"; \
+				OK=${FALSE}; \
+			fi; \
+			\
+			if [ "$$CKSUM_MD5" = "IGNORE" ]; then \
+				${ECHO_MSG} "=> MD5 Checksum for $$file is set to IGNORE in distinfo file even though"; \
+				${ECHO_MSG} "   the file is not in the "'$$'"{IGNOREFILES} list."; \
+				ignore_md5="true"; \
+				OK=${FALSE}; \
+			fi; \
+			if [ "$$CKSUM_SHA256" = "IGNORE" ]; then \
+				${ECHO_MSG} "=> SHA256 Checksum for $$file is set to IGNORE in distinfo file even though"; \
+				${ECHO_MSG} "   the file is not in the "'$$'"{IGNOREFILES} list."; \
+				ignore_sha256="true"; \
+			fi; \
+			\
+			if [ $$ignore_md5 = "false" ]; then \
+				match_md5="false"; \
+				for chksum_md5 in $$CKSUM_MD5; do \
+					if [ "$$chksum_md5" = "$$MKSUM_MD5" ]; then \
+						match_md5="true"; \
 						break; \
 					fi; \
 				done; \
-				if $$ckmatch; then \
-					${ECHO_MSG} "=> Checksum OK for $$file."; \
+				if [ $$match_md5 = "true" ]; then \
+					${ECHO_MSG} "=> MD5 Checksum OK for $$file."; \
 				else \
-					${ECHO_MSG} "=> Checksum mismatch for $$file."; \
+					${ECHO_MSG} "=> MD5 Checksum mismatch for $$file."; \
 					refetchlist="$$refetchlist$$file "; \
 					OK="$${OK:-retry}"; \
 				fi; \
 			fi; \
-		  done; \
-		  for file in ${_IGNOREFILES}; do \
+			\
+			if [ $$ignore_sha256 = "false" ]; then \
+				match_sha256="false"; \
+				for chksum_sha256 in $$CKSUM_SHA256; do \
+					if [ "$$chksum_sha256" = "$$MKSUM_SHA256" ]; then \
+						match_sha256="true"; \
+						break; \
+					fi; \
+				done; \
+				if [ $$match_sha256 = "true" ]; then \
+					${ECHO_MSG} "=> SHA256 Checksum OK for $$file."; \
+				else \
+					${ECHO_MSG} "=> SHA256 Checksum mismatch for $$file."; \
+					refetchlist="$$refetchlist$$file "; \
+					OK="$${OK:-retry}"; \
+				fi; \
+			fi; \
+			\
+		done; \
+		\
+		for file in ${_IGNOREFILES}; do \
 			pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
-			CKSUM2=`${GREP} "($$pattern)" ${MD5_FILE} | ${AWK} '{if(NR<2)print $$4}'`; \
-			if [ "$$CKSUM2" = "" ]; then \
-				${ECHO_MSG} "=> No checksum recorded for $$file, file is in "'$$'"{IGNOREFILES} list."; \
-				OK="false"; \
-			elif [ "$$CKSUM2" != "IGNORE" ]; then \
-				${ECHO_MSG} "=> Checksum for $$file is not set to IGNORE in distinfo file even though"; \
-				${ECHO_MSG} "   the file is in the "'$$'"{IGNOREFILES} list."; \
-				OK="false"; \
-			fi; \
-		  done; \
-		  if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \
-			  ${ECHO_MSG} "===>  Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \
-			  if ( cd ${.CURDIR} && \
+			\
+			ignore_md5="false"; \
+			ignore_sha256="false"; \
+			\
+			if [ ${MD5} != "NO" ]; then \
+				CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
+			else \
+				ignore_md5="true"; \
+			fi; \
+			\
+			if [ ${SHA256} != "NO" ]; then \
+				CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
+			else \
+				ignore_sha256="true"; \
+			fi; \
+			\
+			if [ $$ignore_md5 = "false" ]; then \
+				if [ -z "$$CKSUM_MD5" ]; then \
+					${ECHO_MSG} "=> No MD5 checksum for $$file recorded (expected IGNORE)"; \
+					OK="false"; \
+				elif [ $$CKSUM_MD5 != "IGNORE" ]; then \
+					${ECHO_MSG} "=> MD5 Checksum for $$file is not set to IGNORE in distinfo file even though"; \
+					${ECHO_MSG} "   the file is in the "'$$'"{IGNOREFILES} list."; \
+					OK="false"; \
+				fi; \
+			fi; \
+			\
+			if [ $$ignore_sha256 = "false" ]; then \
+				if [ -z "$$CKSUM_SHA256" ]; then \
+					${ECHO_MSG} "=> No SHA256 checksum for $$file recorded (expected IGNORE)"; \
+					OK="false"; \
+				elif [ $$CKSUM_SHA256 != "IGNORE" ]; then \
+					${ECHO_MSG} "=> SHA256 Checksum for $$file is not set to IGNORE in distinfo file even though"; \
+					${ECHO_MSG} "   the file is in the "'$$'"{IGNOREFILES} list."; \
+					OK="false"; \
+				fi; \
+			fi; \
+		done; \
+		\
+		if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \
+			${ECHO_MSG} "===>  Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \
+			if ( cd ${.CURDIR} && \
 			    ${MAKE} ${.MAKEFLAGS} FORCE_FETCH="$$refetchlist" FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" fetch); then \
 				  if ( cd ${.CURDIR} && \
 			        ${MAKE} ${.MAKEFLAGS} FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" checksum ); then \
 				      OK="true"; \
 				  fi; \
-			  fi; \
-		  fi ; \
-		  if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \
-			  ${ECHO_MSG} "===>  Giving up on fetching files: $$refetchlist"; \
-			  ${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \
-			  ${ECHO_MSG} "are up to date.  If you are absolutely sure you want to override this"; \
-			  ${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \
-			  exit 1; \
-		  fi; \
-		  if [ "$$OK" != "true" ]; then \
-			  exit 1; \
-		  fi); \
+			fi; \
+		fi ; \
+		\
+		if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \
+			${ECHO_MSG} "===>  Giving up on fetching files: $$refetchlist"; \
+			${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \
+			${ECHO_MSG} "are up to date.  If you are absolutely sure you want to override this"; \
+			${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \
+			exit 1; \
+		fi; \
+		if [ "$$OK" != "true" ]; then \
+			exit 1; \
+		fi \
+	); \
 	elif [ -n "${_CKSUMFILES:M*}" ]; then \
 		${ECHO_MSG} "=> No checksum file (${MD5_FILE})."; \
 	fi


This is the new checksum target as it will be:

.if !target(checksum)
checksum: fetch
	@ \
	if [ -f ${MD5_FILE} ]; then \
	(	cd ${DISTDIR}; OK=""; \
		for file in ${_CKSUMFILES}; do \
			pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
			\
			ignore_md5="false"; \
			ignore_sha256="false"; \
			\
			if [ ${MD5} != "NO" ]; then \
				MKSUM_MD5=`${MD5} < $$file`; \
				CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
			else \
				ignore_md5="true"; \
			fi; \
			if [ ${SHA256} != "NO" ]; then \
				MKSUM_SHA256=`${SHA256} < $$file`; \
				CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
			else \
				ignore_sha256="true"; \
			fi; \
			\
			if [ $$ignore_md5 = "false" -a -z "$$CKSUM_MD5" ]; then \
				${ECHO_MSG} "=> No MD5 checksum recorded for $$file."; \
				ignore_md5="true"; \
			fi; \
			if [ $$ignore_sha256 = "false" -a -z "$$CKSUM_SHA256" ]; then \
				${ECHO_MSG} "=> No SHA256 checksum recorded for $$file."; \
				ignore_sha256="true"; \
			fi; \
			\
			if [ -z "$$CKSUM_MD5" -a -z "$$CKSUM_SHA256" ]; then \
				${ECHO_MSG} "=> No checksum recorded at all!"; \
				OK=${FALSE}; \
			fi; \
			\
			if [ "$$CKSUM_MD5" = "IGNORE" ]; then \
				${ECHO_MSG} "=> MD5 Checksum for $$file is set to IGNORE in distinfo file even though"; \
				${ECHO_MSG} "   the file is not in the "'$$'"{IGNOREFILES} list."; \
				ignore_md5="true"; \
				OK=${FALSE}; \
			fi; \
			if [ "$$CKSUM_SHA256" = "IGNORE" ]; then \
				${ECHO_MSG} "=> SHA256 Checksum for $$file is set to IGNORE in distinfo file even though"; \
				${ECHO_MSG} "   the file is not in the "'$$'"{IGNOREFILES} list."; \
				ignore_sha256="true"; \
			fi; \
			\
			if [ $$ignore_md5 = "false" ]; then \
				match_md5="false"; \
				for chksum_md5 in $$CKSUM_MD5; do \
					if [ "$$chksum_md5" = "$$MKSUM_MD5" ]; then \
						match_md5="true"; \
						break; \
					fi; \
				done; \
				if [ $$match_md5 = "true" ]; then \
					${ECHO_MSG} "=> MD5 Checksum OK for $$file."; \
				else \
					${ECHO_MSG} "=> MD5 Checksum mismatch for $$file."; \
					refetchlist="$$refetchlist$$file "; \
					OK="$${OK:-retry}"; \
				fi; \
			fi; \
			\
			if [ $$ignore_sha256 = "false" ]; then \
				match_sha256="false"; \
				for chksum_sha256 in $$CKSUM_SHA256; do \
					if [ "$$chksum_sha256" = "$$MKSUM_SHA256" ]; then \
						match_sha256="true"; \
						break; \
					fi; \
				done; \
				if [ $$match_sha256 = "true" ]; then \
					${ECHO_MSG} "=> SHA256 Checksum OK for $$file."; \
				else \
					${ECHO_MSG} "=> SHA256 Checksum mismatch for $$file."; \
					refetchlist="$$refetchlist$$file "; \
					OK="$${OK:-retry}"; \
				fi; \
			fi; \
			\
		done; \
		\
		for file in ${_IGNOREFILES}; do \
			pattern="`${ECHO_CMD} $$file | ${SED} -e 's/\./\\\\./g'`"; \
			\
			ignore_md5="false"; \
			ignore_sha256="false"; \
			\
			if [ ${MD5} != "NO" ]; then \
				CKSUM_MD5=`${GREP} "^MD5 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
			else \
				ignore_md5="true"; \
			fi; \
			\
			if [ ${SHA256} != "NO" ]; then \
				CKSUM_SHA256=`${GREP} "^SHA256 ($$pattern)" ${MD5_FILE} | ${AWK} '{print $$4}'`; \
			else \
				ignore_sha256="true"; \
			fi; \
			\
			if [ $$ignore_md5 = "false" ]; then \
				if [ -z "$$CKSUM_MD5" ]; then \
					${ECHO_MSG} "=> No MD5 checksum for $$file recorded (expected IGNORE)"; \
					OK="false"; \
				elif [ $$CKSUM_MD5 != "IGNORE" ]; then \
					${ECHO_MSG} "=> MD5 Checksum for $$file is not set to IGNORE in distinfo file even though"; \
					${ECHO_MSG} "   the file is in the "'$$'"{IGNOREFILES} list."; \
					OK="false"; \
				fi; \
			fi; \
			\
			if [ $$ignore_sha256 = "false" ]; then \
				if [ -z "$$CKSUM_SHA256" ]; then \
					${ECHO_MSG} "=> No SHA256 checksum for $$file recorded (expected IGNORE)"; \
					OK="false"; \
				elif [ $$CKSUM_SHA256 != "IGNORE" ]; then \
					${ECHO_MSG} "=> SHA256 Checksum for $$file is not set to IGNORE in distinfo file even though"; \
					${ECHO_MSG} "   the file is in the "'$$'"{IGNOREFILES} list."; \
					OK="false"; \
				fi; \
			fi; \
		done; \
		\
		if [ "$${OK:=true}" = "retry" ] && [ ${FETCH_REGET} -gt 0 ]; then \
			${ECHO_MSG} "===>  Refetch for ${FETCH_REGET} more times files: $$refetchlist"; \
			if ( cd ${.CURDIR} && \
			    ${MAKE} ${.MAKEFLAGS} FORCE_FETCH="$$refetchlist" FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" fetch); then \
				  if ( cd ${.CURDIR} && \
			        ${MAKE} ${.MAKEFLAGS} FETCH_REGET="`${EXPR} ${FETCH_REGET} - 1`" checksum ); then \
				      OK="true"; \
				  fi; \
			fi; \
		fi ; \
		\
		if [ "$$OK" != "true" -a ${FETCH_REGET} -eq 0 ]; then \
			${ECHO_MSG} "===>  Giving up on fetching files: $$refetchlist"; \
			${ECHO_MSG} "Make sure the Makefile and distinfo file (${MD5_FILE})"; \
			${ECHO_MSG} "are up to date.  If you are absolutely sure you want to override this"; \
			${ECHO_MSG} "check, type \"make NO_CHECKSUM=yes [other args]\"."; \
			exit 1; \
		fi; \
		if [ "$$OK" != "true" ]; then \
			exit 1; \
		fi \
	); \
	elif [ -n "${_CKSUMFILES:M*}" ]; then \
		${ECHO_MSG} "=> No checksum file (${MD5_FILE})."; \
	fi
.endif
>Release-Note:
>Audit-Trail:
>Unformatted:

