sys-apps/apk-tools: patch: force SHA256 instead of SHA1 for signing

ce08c4a8 · Anna Wilcox · a7614714 · ce08c4a8 · ce08c4a8 · ce08c4a8
Commit ce08c4a8 authored 9 years ago by Anna Wilcox
--- a/sys-apps/apk-tools/Manifest
+++ b/sys-apps/apk-tools/Manifest
-AUX apk-tools-2.6.4-glibc-add-missing-headers.patch 250 SHA256 568eecdf3d4e7fb7e7dff6e0ca6c4c56b7ed1939fc159228805e964b268e55ca SHA512 b0172ece44815a4b89075f95b2b83ce47200536592d7a863732388de8b73b151d15d99a9875a9c74a3ea975e2bfde020e0bcf15c6103586d40569d9b7525c042 WHIRLPOOL a24ee803522aedd5bbab7ef696740a1d4f9bf9d3b7ddd3130cbc128ba688a30f4e5251044c3806af7fdba229ea75bba3dfd918597a518db576720927c085ab7f
 DIST apk-tools-2.6.4.tar.bz2 81902 SHA256 0f52b96c5b8b5ad6f710610d8f21dcfb275795e1f282418a6f9953c02f41312e SHA512 efff745ae625aae7bec0c4f45c877e9f1e12860324a492d950358ba0ecb07ca13c8c963a078118692e7edc3a19053fee307bcfd0a730f7ed6e497c2dc7df16d6 WHIRLPOOL 5a879dd63f7da34c5ed687d20fba7e3873d7bed51a5c27f4144becc5b6ba8c7f15edc189b55ddec7449f075203043ef6b10e5293573918e9bc938d4fd4b0fa1c
-EBUILD apk-tools-2.6.4.ebuild 1101 SHA256 864ec9eaaafb135ad9696a772cbd6d797094434be2679d9a813b370f5a5b78f2 SHA512 332f8754006a90602e0bf4b9b176c063b0729c56fb2873e9ab1ec5cc83cd32ebc7819745758d1ff9d67ea2a9985b1f94618bb8c62801e8c334b0008be76beba8 WHIRLPOOL bb5fb68a50da6ca651bc5b44b7e42ed0e4c3d1ba95461287fb2a17203f768df54ae99490c9e09eeffade609c66e663bcdd22628ed14fb4cdf4f6c94608e8f03b
-MISC metadata.xml 279 SHA256 39f4ad67c5455abfea7aa3bd906e40b688d5203f9dacd375c1a146d0a1fece2d SHA512 790fd7853b501b8076829d15b88ef130416252732db389109c1497266699f3224d394b1c91d90cd76481e36ee79d8444571878cc76ccef4c82328d54b5dd0c26 WHIRLPOOL 9474d591fde0aeba07b3011fe6241bc13b5c5d67a2f142ffdf9823dc12d47e7144e1e3b297e4d0baa2710a33a7ccddfa666f563c8f35c9053db83ae84140847a
--- a/sys-apps/apk-tools/apk-tools-2.6.4.ebuild
+++ b/sys-apps/apk-tools/apk-tools-2.6.4.ebuild
@@ -23,7 +23,10 @@ RDEPEND="${DEPEND}
 "
 #	lua? ( dev-lang/lua:5.2 )

-EPATCH_SOURCE=( "${FILESDIR}"/${P}-glibc-add-missing-headers.patch )
+EPATCH_SOURCE=(
+	"${FILESDIR}"/${P}-glibc-add-missing-headers.patch
+	"${FILESDIR}"/${P}-use-sha256-signature.patch
+	)

 src_prepare() {
 	epatch
@@ -31,10 +34,10 @@ src_prepare() {
 }

 src_configure() {
-	if ! use lua; then
+	#if ! use lua; then
 		echo 'LUAAPK=' >> "${S}"/config.mk
 		echo 'export LUAAPK' >> "${S}"/config.mk
-	fi
+	#fi
 }

 src_compile () {

--- a/sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch
+++ b/sys-apps/apk-tools/files/apk-tools-2.6.4-use-sha256-signature.patch
+From 0984ca854ce4b9fddbf1dc7503058406ded6e2cc Mon Sep 17 00:00:00 2001
+From: Andrew Wilcox <AWilcox@Wilcox-Tech.com>
+Date: Sun, 18 Oct 2015 11:19:36 -0500
+Subject: [PATCH] package: use SHA256 for signature instead of SHA1
+
+---
+ src/apk_blob.h | 2 +-
+ src/package.c  | 8 ++------
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/apk_blob.h b/src/apk_blob.h
+index 2d2e30e..a879d27 100644
+--- a/src/apk_blob.h
+++ b/src/apk_blob.h
+@@ -41,7 +41,7 @@ extern apk_blob_t apk_null_blob;
+ 
+ /* Internal cointainer for MD5 or SHA1 */
+ struct apk_checksum {
+-	unsigned char data[20];
+	unsigned char data[40];
+ 	unsigned char type;
+ };
+ 
+diff --git a/src/package.c b/src/package.c
+index 24a4f94..14993b3 100644
+--- a/src/package.c
+++ b/src/package.c
+@@ -570,8 +570,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
+ 	if (ctx->keys_fd < 0)
+ 		return 0;
+ 
+-	if (strncmp(&fi->name[6], "RSA.", 4) == 0 ||
+-	    strncmp(&fi->name[6], "DSA.", 4) == 0) {
+	if (strncmp(&fi->name[6], "RSA.", 4) == 0) {
+ 		int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC);
+ 		BIO *bio;
+ 
+@@ -581,10 +580,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
+ 		bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE);
+ 		ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+ 		if (ctx->signature.pkey != NULL) {
+-			if (fi->name[6] == 'R')
+-				ctx->md = EVP_sha1();
+-			else
+-				ctx->md = EVP_dss1();
+			ctx->md = EVP_sha256();
+ 		}
+ 		BIO_free(bio);
+ 	} else
+-- 
+2.7.0
+