From 9297eb344e997b716ee3de9f17c7ebb33cd1791d Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@archlinux.org>
Date: Mon, 2 Jan 2023 15:16:29 +0100
Subject: commitpkg: disallow weak hashing algorithms

Do not allow uploads of source=() with only weak cryptographic hashing
algorithms but require at least one strong algorithm.

This doesn't 100% enforce it ofcourse, but it allows for an early
failure instead of failing in `db-update`.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
---
 src/commitpkg.in | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'src')

diff --git a/src/commitpkg.in b/src/commitpkg.in
index ef30544..6b9d727 100644
--- a/src/commitpkg.in
+++ b/src/commitpkg.in
@@ -4,6 +4,33 @@
 
 m4_include(lib/common.sh)
 
+check_pkgbuild_validity() {
+	# shellcheck source=contrib/makepkg/PKGBUILD.proto
+	. ./PKGBUILD
+
+	# skip when there are no sources available
+	if (( ! ${#source[@]} )); then
+		return
+	fi
+
+	# validate sources hash algo is at least > sha1
+	local bad_algos=("cksums" "md5sums" "sha1sums")
+	local good_hash_algo=false
+
+	# from makepkg libmakepkg/util/schema.sh
+	for integ in "${known_hash_algos[@]}"; do
+		local sumname="${integ}sums"
+		if [[ -n ${!sumname} ]] && ! in_array "${sumname}" "${bad_algos[@]}"; then
+			good_hash_algo=true
+			break
+		fi
+	done
+
+	if ! $good_hash_algo; then
+		die "PKGBUILD lacks a secure cryptographic checksum, insecure algorithms: ${bad_algos[*]}"
+	fi
+}
+
 # Source makepkg.conf; fail if it is not found
 if [[ -r '/etc/makepkg.conf' ]]; then
 	# shellcheck source=config/makepkg/x86_64.conf
@@ -121,6 +148,9 @@ for _arch in "${arch[@]}"; do
 	fi
 done
 
+# check for PKGBUILD standards
+check_pkgbuild_validity
+
 if [[ -z $server ]]; then
 	server='repos.archlinux.org'
 fi
-- 
cgit v1.2.3-54-g00ecf