summaryrefslogtreecommitdiff
path: root/scripts/libmakepkg/integrity
AgeCommit message (Collapse)Author
2017-01-04makepkg: Verify git signaturesEli Schwartz
A git repository is marked as signed if it contains the query "signed" as defined by https://tools.ietf.org/html/rfc3986 Adds two utility functions in util/source.sh.in to extract fragments and queries, and modifies source/git.sh.in to use them. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04libmakepkg/integrity: Verify file signatures in a separate functionEli Schwartz
This makes it easier to add signature verification for new protos. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Use coreutils binaries for checking/generating checksumsAllan McRae
If pacman is build against a crypto library other than openssl, it makes no sense to require makepkg to use it. The only currently considered alternative to openssl is nettle, which has no binary for base64 encode/decode. This means that we could replace the hashing cacluations with nettle-hash, but would require base64 from coreutils. Given makepkg already relies heavily on coreutils, we might as well use all the coreutils hashing binaries too. This patch also improves the checking of required binaries for hashing operations. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18libmakepkg: extract functions for integrity checkingAshley Whetter
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>