mirror of
https://github.com/rbenv/ruby-build.git
synced 2025-10-27 23:31:09 +01:00
Replace MD5 commands with SHA2 equivalents
A more secure hashing algorithm makes it less feasible to serve up a modified tarball that matches the same checksum. See the discussion in #548
This commit is contained in:
Thomas Johansen
Mislav Marohnić
parent
846cad88ee
commit
fb5e2b1ae6
6 changed files with 75 additions and 58 deletions
|
|
@ -166,14 +166,31 @@ make_package() {
|
|||
popd >&4
|
||||
}
|
||||
|
||||
compute_sha2() {
|
||||
local output
|
||||
if type shasum &>/dev/null; then
|
||||
output="$(shasum -a 256 -b)" || return 1
|
||||
echo "${output% *}"
|
||||
elif type openssl &>/dev/null; then
|
||||
output="$(openssl dgst -sha256)" || return 1
|
||||
echo "${output##* }"
|
||||
elif type sha256sum &>/dev/null; then
|
||||
output="$(sha256sum --quiet)" || return 1
|
||||
echo "${output% *}"
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
compute_md5() {
|
||||
local output
|
||||
if type md5 &>/dev/null; then
|
||||
md5 -q
|
||||
elif type openssl &>/dev/null; then
|
||||
local output="$(openssl md5)"
|
||||
output="$(openssl md5)" || return 1
|
||||
echo "${output##* }"
|
||||
elif type md5sum &>/dev/null; then
|
||||
local output="$(md5sum -b)"
|
||||
output="$(md5sum -b)" || return 1
|
||||
echo "${output% *}"
|
||||
else
|
||||
return 1
|
||||
|
|
@ -181,8 +198,8 @@ compute_md5() {
|
|||
}
|
||||
|
||||
verify_checksum() {
|
||||
# If there's no MD5 support, return success
|
||||
[ -n "$HAS_MD5_SUPPORT" ] || return 0
|
||||
# If there's no SHA2 support, return success
|
||||
[ -n "$HAS_SHA2_SUPPORT" ] || return 0
|
||||
|
||||
# If the specified filename doesn't exist, return success
|
||||
local filename="$1"
|
||||
|
|
@ -193,7 +210,7 @@ verify_checksum() {
|
|||
[ -n "$expected_checksum" ] || return 0
|
||||
|
||||
# If the computed checksum is empty, return failure
|
||||
local computed_checksum=`echo "$(compute_md5 < "$filename")" | tr [A-Z] [a-z]`
|
||||
local computed_checksum=`echo "$(compute_sha2 < "$filename")" | tr [A-Z] [a-z]`
|
||||
[ -n "$computed_checksum" ] || return 1
|
||||
|
||||
if [ "$expected_checksum" != "$computed_checksum" ]; then
|
||||
|
|
@ -983,10 +1000,10 @@ if [ -n "$RUBY_BUILD_SKIP_MIRROR" ]; then
|
|||
unset RUBY_BUILD_MIRROR_URL
|
||||
fi
|
||||
|
||||
if echo test | compute_md5 >/dev/null; then
|
||||
HAS_MD5_SUPPORT=1
|
||||
if echo test | compute_sha2 >/dev/null; then
|
||||
HAS_SHA2_SUPPORT=1
|
||||
else
|
||||
unset HAS_MD5_SUPPORT
|
||||
unset HAS_SHA2_SUPPORT
|
||||
unset RUBY_BUILD_MIRROR_URL
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue