contrib: Use SHA256 instead of MD5 for contrib archive checksums.

Closes #356.
author: Justin Scholz <[email protected]> 2016-10-15 13:51:47 +0200
committer: Bradley Sepos <[email protected]> 2016-12-15 12:26:20 -0500
commit: 72bf6f7be77fe7f7443a4ef45a808b9131750b6b (patch)
tree: 9a47d4e6e439ac48931b04861a12b57564faa870 /make
parent: 010837e1fb1dd259261eb7f760dd6623c539fea1 (diff)
3 files changed, 20 insertions, 20 deletions
diff --git a/make/df-fetch.py b/make/df-fetch.py
index 93b639cd0..633ffdf07 100644
--- a/make/df-fetch.py
+++ b/make/df-fetch.py
@@ -75,7 +75,7 @@ class Tool(hb_distfile.Tool):
         self.parser.description = 'Fetch and verify distfile data integrity.'
         self.parser.add_option('--disable', default=False, action='store_true', help='do nothing and exit with error')
         self.parser.add_option('--jobs', default=1, action='store', metavar='N', type='int', help='allow N download jobs at once')
-        self.parser.add_option('--md5', default=None, action='store', metavar='HASH', help='verify MD5 HASH against data')
+        self.parser.add_option('--sha256', default=None, action='store', metavar='HASH', help='verify sha256 HASH against data')
         self.parser.add_option('--accept-url', default=[], action='append', metavar='SPEC', help='accept URL regex pattern')
         self.parser.add_option('--deny-url', default=[], action='append', metavar='SPEC', help='deny URL regex pattern')
         self.parser.add_option('--exhaust-url', default=None, action='store_true', help='try all active distfiles')
@@ -172,7 +172,7 @@ class URL(object):
 
     def _download(self, error, ensure):
         filename = tool.options.output
-        hasher = hashlib.md5()
+        hasher = hashlib.sha256()
         if filename:
             tool.infof('downloading %s to %s\n' % (self.url,filename))
             ftmp = tool.mktmpname(filename)
@@ -209,19 +209,19 @@ class URL(object):
             raise error('expected %d bytes, got %d bytes' % (content_length,data_total))
         s = 'download total: %9d bytes\n' % data_total
         if filename:
-            s += 'MD5 (%s) = %s' % (filename,hasher.hexdigest())
+            s += 'sha256 (%s) = %s' % (filename,hasher.hexdigest())
         else:
-            s += 'MD5 = %s' % (hasher.hexdigest())
-        if tool.options.md5:
-            md5_pass = tool.options.md5 == hasher.hexdigest()
-            s += ' (%s)' % ('pass' if md5_pass else 'fail; expecting %s' % tool.options.md5)
+            s += 'sha256 = %s' % (hasher.hexdigest())
+        if tool.options.sha256:
+            sha256_pass = tool.options.sha256 == hasher.hexdigest()
+            s += ' (%s)' % ('pass' if sha256_pass else 'fail; expecting %s' % tool.options.sha256)
         tool.infof('%s\n' % s)
-        if filename and tool.options.md5:
-            if md5_pass:
+        if filename and tool.options.sha256:
+            if sha256_pass:
                 if os.access(filename, os.F_OK) and not os.access(filename, os.W_OK):
                     raise error("permission denied: '%s'" % filename)
             else:
-                raise error("expected MD5 hash '%s', got '%s'" % (tool.options.md5, hasher.hexdigest()))
+                raise error("expected sha256 hash '%s', got '%s'" % (tool.options.sha256, hasher.hexdigest()))
             os.rename(ftmp,filename)
             del ensure.unlink_ftmp
 
diff --git a/make/df-verify.py b/make/df-verify.py
index 51cbf5bdb..8af3bee9c 100644
--- a/make/df-verify.py
+++ b/make/df-verify.py
@@ -41,7 +41,7 @@ class Tool(hb_distfile.Tool):
         self.parser.usage = '%prog [OPTIONS] FILE'
         self.parser.description = 'Verify distfile data integrity.'
         self.parser.add_option('--disable', default=False, action='store_true', help='do nothing and exit without error')
-        self.parser.add_option('--md5', default=None, action='store', metavar='HASH', help='verify MD5 HASH against data')
+        self.parser.add_option('--sha256', default=None, action='store', metavar='HASH', help='verify sha256 HASH against data')
         self._parse()
 
     def _load_config2(self, parser, data):
@@ -49,7 +49,7 @@ class Tool(hb_distfile.Tool):
 
     def _scan(self, filename):
         self.verbosef('scanning %s\n' % filename)
-        hasher = hashlib.md5()
+        hasher = hashlib.sha256()
         with open(filename, 'r') as o:
             data_total = 0
             while True:
@@ -60,14 +60,14 @@ class Tool(hb_distfile.Tool):
                 data_total += len(data)
         self.verbosef('scanned %d bytes\n' % data_total)
         r = Struct()
-        r.md5 = hasher.hexdigest()
+        r.sha256 = hasher.hexdigest()
         r.size = data_total
         return r
 
     def _verify(self, filename):
         r = Struct()
         r.scan = self._scan(filename)
-        r.status = self.options.md5 == r.scan.md5
+        r.status = self.options.sha256 == r.scan.sha256
         return r
 
     def _run(self, error):
@@ -77,14 +77,14 @@ class Tool(hb_distfile.Tool):
         if len(self.args) != 1:
             raise error('no file specified')
         filename = self.args[0]
-        if self.options.md5:
+        if self.options.sha256:
             error.op = 'verify'
             r = self._verify(filename)
-            self.infof('MD5 (%s) = %s (%s)\n', filename, r.scan.md5, 'pass' if r.status else 'fail; expecting %s' % self.options.md5)
+            self.infof('sha256 (%s) = %s (%s)\n', filename, r.scan.sha256, 'pass' if r.status else 'fail; expecting %s' % self.options.sha256)
         else:
             error.op = 'scan'
             r = self._scan(filename)
-            self.infof('MD5 (%s) = %s (%d bytes)\n', filename, r.md5, r.size)
+            self.infof('sha256 (%s) = %s (%d bytes)\n', filename, r.sha256, r.size)
 
     def run(self):
         error = hb_distfile.ToolError(self.name)
diff --git a/make/include/contrib.defs b/make/include/contrib.defs
index face4be2e..b57593297 100644
--- a/make/include/contrib.defs
+++ b/make/include/contrib.defs
@@ -31,10 +31,10 @@ define import.CONTRIB.defs
     $(1).FETCH.distfile = $$(CONTRIB.download/)$$($(1).FETCH.basename)
     $(1).FETCH.target   = $$($(1).FETCH.distfile)
     define $(1).FETCH
-        $$(DF.FETCH.exe) --config $(BUILD/)distfile.cfg $$(if $$($(1).FETCH.md5),--md5 $$($(1).FETCH.md5)) --output $$@ $$($(1).FETCH.url)
+        $$(DF.FETCH.exe) --config $(BUILD/)distfile.cfg $$(if $$($(1).FETCH.sha256),--sha256 $$($(1).FETCH.sha256)) --output $$@ $$($(1).FETCH.url)
     endef
     define $(1).FETCH.test
-        $$(DF.FETCH.exe) --config $(BUILD/)distfile.cfg $$(if $$($(1).FETCH.md5),--md5 $$($(1).FETCH.md5)) --exhaust-url $$($(1).FETCH.url)
+        $$(DF.FETCH.exe) --config $(BUILD/)distfile.cfg $$(if $$($(1).FETCH.sha256),--sha256 $$($(1).FETCH.sha256)) --exhaust-url $$($(1).FETCH.url)
     endef
 
     ##
@@ -42,7 +42,7 @@ define import.CONTRIB.defs
     ##
     $(1).VERIFY.target = $$($(1).build/).stamp.verify
     define $(1).VERIFY
-        $$(DF.VERIFY.exe) --config $(BUILD/)distfile.cfg $$(if $$($(1).FETCH.md5),--md5 $$($(1).FETCH.md5)) $$($(1).FETCH.distfile)
+        $$(DF.VERIFY.exe) --config $(BUILD/)distfile.cfg $$(if $$($(1).FETCH.sha256),--sha256 $$($(1).FETCH.sha256)) $$($(1).FETCH.distfile)
         $$(TOUCH.exe) $$@
     endef
author	Justin Scholz <[email protected]>	2016-10-15 13:51:47 +0200
committer	Bradley Sepos <[email protected]>	2016-12-15 12:26:20 -0500
commit	72bf6f7be77fe7f7443a4ef45a808b9131750b6b (patch)
tree	9a47d4e6e439ac48931b04861a12b57564faa870 /make
parent	010837e1fb1dd259261eb7f760dd6623c539fea1 (diff)