# other skels after that script exits. All its write permissions are
# dropped. $namenhash is saved in "name", current commit revision is
# saved in "buildinfo" and $namenhash in "bin", with corresponding
-# .meta4 checksum files. Resulting skelpkg it written to stdout.
+# .hashes checksum files. Resulting skelpkg it written to stdout.
# Copyright (C) 2024-2026 Sergey Matveev <stargrave@stargrave.org>
# 2024-2026 Elena Balakhonova <balakhonova.e.v@yandex.ru>
trap "rm -fr $tmp" HUP PIPE INT QUIT TERM EXIT
echo $namenhash | tee $tmp/name |
- meta4ra-create -no-published -no-generator -hashes "$META4RA_HASHES" \
- -fn name >$tmp/name.meta4
+ meta4ra-hash -hashes "$META4RA_HASHES" -all >$tmp/name.hashes
cat >$tmp/buildinfo <<EOF
$BASS_REV
EOF
-meta4ra-create -no-published -no-generator -hashes "$META4RA_HASHES" \
- -fn buildinfo <$tmp/buildinfo >$tmp/buildinfo.meta4
+meta4ra-hash -hashes "$META4RA_HASHES" -all <$tmp/buildinfo >$tmp/buildinfo.hashes
chmod -R a-w $namenhash
{
} |
{ $COMPRESSOR || touch $tmp/tar-pipe-failed ; } |
{ tee $tmp/$namenhash || touch $tmp/tar-pipe-failed ; } |
-{ meta4ra-create -no-published -no-generator -fn $namenhash \
- -hashes "$META4RA_HASHES" || touch $tmp/tar-pipe-failed
-} >$tmp/$namenhash.meta4
+{ meta4ra-hash -hashes "$META4RA_HASHES" -all || touch $tmp/tar-pipe-failed
+} >$tmp/$namenhash.hashes
[ ! -e $tmp/tar-pipe-failed ]
cd $tmp
mv $namenhash bin
-mv $namenhash.meta4 bin.meta4
-totar="name name.meta4 buildinfo buildinfo.meta4 bin.meta4 bin"
+mv $namenhash.hashes bin.hashes
+totar="name name.hashes buildinfo buildinfo.hashes bin.hashes bin"
chmod a-w $totar
"$BASS_ROOT"/build/contrib/detpax/detpax $totar
trap "$BASS_ROOT/bin/rm-r $tmp" HUP PIPE INT QUIT TERM EXIT
cd $tmp
if command -v meta4ra-check >/dev/null ; then
- $TAR xf $skelpkg bin.meta4
+ $TAR xf $skelpkg bin.hashes || $TAR xf $skelpkg bin.meta4
+ [ -s bin.hashes ] && opts="-plain bin.hashes" || opts="-pipe bin.meta4"
$TAR xfO $skelpkg bin | {
- meta4ra-check -hashes "$META4RA_HASHES" -pipe bin.meta4 $NAMENHASH ||
+ meta4ra-check -hashes "$META4RA_HASHES" $opts $NAMENHASH ||
touch untar-failed
} | $TAR xf - || touch untar-failed
else
+ echo warning: skipping checksum verification >&2
$TAR xfO $skelpkg bin | $TAR xf - || touch untar-failed
fi
[ ! -e untar-failed ]
skelpkg is a single file, uncompressed POSIX pax archive with following
entries:
-* name, name.meta4
+* name, name.hashes
Full name of the skelbin directory, $NAME-$hsh.
With an optional checksum file.
-* buildinfo, buildinfo.meta4
+* buildinfo, buildinfo.hashes
Just a textual information how that skelbin/skelpkg was built.
Currently just a current BASS'es commit revision.
-* bin.meta4, bin
+* bin.hashes, bin
Compressed POSIX pax archive containing the skelbin
($NAME-$hsh/ directory hierarchy).
is why the outer archive is not compressed -- to easily seek among its
entries.
-A [Index/Concepts] Metalink4\r
-A [Index/Programs] meta4\r
-=> https://datatracker.ietf.org/doc/html/rfc5854 Metalink4\r
-XML-based format is used to keep integrity checksums for files. It is
-well supported format by various tools and it is capable of storing
-multiple checksums simultaneously. That allows us to keep both Streebog
-hashes and much more faster ones.
+.hashes files contain "name hex(hash)" lines with various file checksums.
Nothing prevents you from extending it with additional files, for
example holding cryptographic signatures.