Skip to content

Instantly share code, notes, and snippets.

@kpcyrd
Created August 11, 2018 15:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kpcyrd/c9769e0b307ac751485e606a30b83612 to your computer and use it in GitHub Desktop.
Save kpcyrd/c9769e0b307ac751485e606a30b83612 to your computer and use it in GitHub Desktop.
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 2ac1bbca..3fbfc5a7 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -55,6 +55,7 @@ splitpkg_overrides=('pkgdesc' 'arch' 'url' 'license' 'groups' 'depends'
readonly -a build_options splitpkg_overrides
known_hash_algos=('md5' 'sha1' 'sha224' 'sha256' 'sha384' 'sha512' 'whirlpool')
+secure_hash_algos=('sha224' 'sha256' 'sha384' 'sha512' 'whirlpool')
# Options
ASDEPS=0
@@ -1012,6 +1013,28 @@ check_software() {
fi
fi
+ # check for secure checksums
+ if (( ! GENINTEG )) && ! source_has_signatures; then
+ local insecure=1
+
+ local integlist
+ IFS=$'\n' read -rd '' -a integlist < <(get_integlist)
+
+ local integ secure_integ
+ for integ in "${integlist[@]}"; do
+ for secure_integ in "${secure_hash_algos[@]}"; do
+ if [[ "$integ" == "$secure" ]]; then
+ insecure=0
+ break 2
+ fi
+ done
+ done
+
+ if [[ $insecure == 1 ]]; then
+ warning "$(gettext "The package doesn't have a cryptographic checksum or signature")"
+ fi
+ fi
+
# checksum operations
if (( GENINTEG || ! SKIPCHECKSUMS )); then
local integlist
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment