checksums

Robert Connolly robert at linuxfromscratch.org
Fri May 30 21:12:03 PDT 2008


What do you all think about adding a Bash function to check for .sha1, .md5, 
or even .sign files? I have been doing this for a while and I enjoy it a 
lot. .patch files are important too. My script isn't perfect, but it works 
for me. I haven't honed it yet... this function breaks the ability to create 
tar files, but it provides the basic idea:

# Using '/bin/tar' is important, so this function doesn't loop calling itself.
function tar() {
  if [ $1 == "xf" ] || [ $1 == "xvf" ] ; then
    if [ -f ${2} ] ; then
      if [ -f ${2}.sig ] ; then
        gpg --verify ${2}.sig &&
        /bin/tar $1 $2
      elif [ -f ${2}.sign ] ; then
        gpg --verify ${2}.sign &&
        /bin/tar $1 $2
      elif [ -f ${2}.asc ] ; then
        gpg --verify ${2}.asc &&
        /bin/tar $1 $2
      elif [ -f ${2}.md5 ] ; then
        md5sum --check ${2}.md5 &&
        /bin/tar $1 $2
      elif [ -f ${2}.sha1 ] ; then
        sha1sum --check ${2}.sha1 &&
        /bin/tar $1 $2
      elif [ -f ${2}.sha ] ; then
        sha1sum --check ${2}.sha &&
        /bin/tar $1 $2
      else
        /bin/tar $1 $2
      fi
    fi
  fi
}

All GNU packages have a .sig file, and all kernel.org files have a .sign file, 
for gnupg. Almost everyone else has an md5 or sha checksum available from the 
package maintainer.

It would be ideal to check a file's checksum every time it is used. In the 
spirit of distrusting your OS vendor, package checksums should be checked 
against the package maintainer's checksum and not the checksum HLFS created 
(whenever possible). This means installing gnupg to check the majority of 
packages.

I could use help in making a better Bash function for 'tar' and 'patch', 
unless there is a logical objection to doing this in HLFS.

Gnupg would need to be installed in chap5, and checksum files would need to be 
added to the needed package/patch files.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080531/d949579f/attachment.sig>


More information about the hlfs-dev mailing list