summaryrefslogtreecommitdiff
path: root/scripts/libmakepkg/integrity
Commit message (Collapse)AuthorAge
* makepkg: Verify git signaturesEli Schwartz2017-01-04
| | | | | | | | | | | A git repository is marked as signed if it contains the query "signed" as defined by https://tools.ietf.org/html/rfc3986 Adds two utility functions in util/source.sh.in to extract fragments and queries, and modifies source/git.sh.in to use them. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
* libmakepkg/integrity: Verify file signatures in a separate functionEli Schwartz2017-01-04
| | | | | | | This makes it easier to add signature verification for new protos. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
* Update copyright yearsAllan McRae2017-01-04
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* Use coreutils binaries for checking/generating checksumsAllan McRae2016-10-22
| | | | | | | | | | | | | | | | | If pacman is build against a crypto library other than openssl, it makes no sense to require makepkg to use it. The only currently considered alternative to openssl is nettle, which has no binary for base64 encode/decode. This means that we could replace the hashing cacluations with nettle-hash, but would require base64 from coreutils. Given makepkg already relies heavily on coreutils, we might as well use all the coreutils hashing binaries too. This patch also improves the checking of required binaries for hashing operations. Signed-off-by: Allan McRae <allan@archlinux.org>
* libmakepkg: extract functions for integrity checkingAshley Whetter2016-05-18
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>