From 9297eb344e997b716ee3de9f17c7ebb33cd1791d Mon Sep 17 00:00:00 2001 From: Jelle van der Waa Date: Mon, 2 Jan 2023 15:16:29 +0100 Subject: commitpkg: disallow weak hashing algorithms Do not allow uploads of source=() with only weak cryptographic hashing algorithms but require at least one strong algorithm. This doesn't 100% enforce it ofcourse, but it allows for an early failure instead of failing in `db-update`. Signed-off-by: Levente Polyak --- src/commitpkg.in | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'src') diff --git a/src/commitpkg.in b/src/commitpkg.in index ef30544..6b9d727 100644 --- a/src/commitpkg.in +++ b/src/commitpkg.in @@ -4,6 +4,33 @@ m4_include(lib/common.sh) +check_pkgbuild_validity() { + # shellcheck source=contrib/makepkg/PKGBUILD.proto + . ./PKGBUILD + + # skip when there are no sources available + if (( ! ${#source[@]} )); then + return + fi + + # validate sources hash algo is at least > sha1 + local bad_algos=("cksums" "md5sums" "sha1sums") + local good_hash_algo=false + + # from makepkg libmakepkg/util/schema.sh + for integ in "${known_hash_algos[@]}"; do + local sumname="${integ}sums" + if [[ -n ${!sumname} ]] && ! in_array "${sumname}" "${bad_algos[@]}"; then + good_hash_algo=true + break + fi + done + + if ! $good_hash_algo; then + die "PKGBUILD lacks a secure cryptographic checksum, insecure algorithms: ${bad_algos[*]}" + fi +} + # Source makepkg.conf; fail if it is not found if [[ -r '/etc/makepkg.conf' ]]; then # shellcheck source=config/makepkg/x86_64.conf @@ -121,6 +148,9 @@ for _arch in "${arch[@]}"; do fi done +# check for PKGBUILD standards +check_pkgbuild_validity + if [[ -z $server ]]; then server='repos.archlinux.org' fi -- cgit v1.2.3-70-g09d2