From: Sergey Matveev Date: Fri, 6 Mar 2026 14:01:46 +0000 (+0300) Subject: Simpler checksums inside packages X-Git-Url: http://www.git.stargrave.org/?a=commitdiff_plain;h=f64274eb56494e6bb309e10d0a849d340151f4c6e62a809bf4b27502eebd580a;p=bass.git Simpler checksums inside packages --- diff --git a/build/lib/mk-pkg b/build/lib/mk-pkg index b1cea2a..f9afc82 100755 --- a/build/lib/mk-pkg +++ b/build/lib/mk-pkg @@ -5,7 +5,7 @@ # other skels after that script exits. All its write permissions are # dropped. $namenhash is saved in "name", current commit revision is # saved in "buildinfo" and $namenhash in "bin", with corresponding -# .meta4 checksum files. Resulting skelpkg it written to stdout. +# .hashes checksum files. Resulting skelpkg it written to stdout. # Copyright (C) 2024-2026 Sergey Matveev # 2024-2026 Elena Balakhonova @@ -38,13 +38,11 @@ tmp=$(mktemp -d $TMPDIR/$namenhash-mk-pkg.XXXXXX) trap "rm -fr $tmp" HUP PIPE INT QUIT TERM EXIT echo $namenhash | tee $tmp/name | - meta4ra-create -no-published -no-generator -hashes "$META4RA_HASHES" \ - -fn name >$tmp/name.meta4 + meta4ra-hash -hashes "$META4RA_HASHES" -all >$tmp/name.hashes cat >$tmp/buildinfo <$tmp/buildinfo.meta4 +meta4ra-hash -hashes "$META4RA_HASHES" -all <$tmp/buildinfo >$tmp/buildinfo.hashes chmod -R a-w $namenhash { @@ -53,14 +51,13 @@ chmod -R a-w $namenhash } | { $COMPRESSOR || touch $tmp/tar-pipe-failed ; } | { tee $tmp/$namenhash || touch $tmp/tar-pipe-failed ; } | -{ meta4ra-create -no-published -no-generator -fn $namenhash \ - -hashes "$META4RA_HASHES" || touch $tmp/tar-pipe-failed -} >$tmp/$namenhash.meta4 +{ meta4ra-hash -hashes "$META4RA_HASHES" -all || touch $tmp/tar-pipe-failed +} >$tmp/$namenhash.hashes [ ! -e $tmp/tar-pipe-failed ] cd $tmp mv $namenhash bin -mv $namenhash.meta4 bin.meta4 -totar="name name.meta4 buildinfo buildinfo.meta4 bin.meta4 bin" +mv $namenhash.hashes bin.hashes +totar="name name.hashes buildinfo buildinfo.hashes bin.hashes bin" chmod a-w $totar "$BASS_ROOT"/build/contrib/detpax/detpax $totar diff --git a/build/lib/pkg-inst b/build/lib/pkg-inst index 74e9833..23ea222 100755 --- a/build/lib/pkg-inst +++ b/build/lib/pkg-inst @@ -43,12 +43,14 @@ else trap "$BASS_ROOT/bin/rm-r $tmp" HUP PIPE INT QUIT TERM EXIT cd $tmp if command -v meta4ra-check >/dev/null ; then - $TAR xf $skelpkg bin.meta4 + $TAR xf $skelpkg bin.hashes || $TAR xf $skelpkg bin.meta4 + [ -s bin.hashes ] && opts="-plain bin.hashes" || opts="-pipe bin.meta4" $TAR xfO $skelpkg bin | { - meta4ra-check -hashes "$META4RA_HASHES" -pipe bin.meta4 $NAMENHASH || + meta4ra-check -hashes "$META4RA_HASHES" $opts $NAMENHASH || touch untar-failed } | $TAR xf - || touch untar-failed else + echo warning: skipping checksum verification >&2 $TAR xfO $skelpkg bin | $TAR xf - || touch untar-failed fi [ ! -e untar-failed ] diff --git a/doc/Build/skelpkg b/doc/Build/skelpkg index 0fd4eaf..8e78be5 100644 --- a/doc/Build/skelpkg +++ b/doc/Build/skelpkg @@ -16,13 +16,13 @@ metadata. Similarly to Arch Linux and skelpkg is a single file, uncompressed POSIX pax archive with following entries: -* name, name.meta4 +* name, name.hashes Full name of the skelbin directory, $NAME-$hsh. With an optional checksum file. -* buildinfo, buildinfo.meta4 +* buildinfo, buildinfo.hashes Just a textual information how that skelbin/skelpkg was built. Currently just a current BASS'es commit revision. -* bin.meta4, bin +* bin.hashes, bin Compressed POSIX pax archive containing the skelbin ($NAME-$hsh/ directory hierarchy). @@ -41,13 +41,7 @@ to place the largest "bin" file at the very end of the archive. And that is why the outer archive is not compressed -- to easily seek among its entries. -A [Index/Concepts] Metalink4 -A [Index/Programs] meta4 -=> https://datatracker.ietf.org/doc/html/rfc5854 Metalink4 -XML-based format is used to keep integrity checksums for files. It is -well supported format by various tools and it is capable of storing -multiple checksums simultaneously. That allows us to keep both Streebog -hashes and much more faster ones. +.hashes files contain "name hex(hash)" lines with various file checksums. Nothing prevents you from extending it with additional files, for example holding cryptographic signatures.