Package: pristine-tar Version: 1.10 Severity: wishlist Tags: patch Hi, attached patch makes "pristine_tar commit tarball" store a sha256 hash of the orig tarball in the form:
sha256: <sha256> in a file called tarball.checksum in git. This makes it easy for third party tools like git-buildpackage to verify that the tarball found is the one we want. The form chosen makes it easy to add more hash types in the future without adding more files. I'm not much of a perl hacker so please don't excuse my bad perl coding habits. Cheers, -- Guido -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (50, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pristine-tar depends on: ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii perl-modules 5.10.1-16 Core Perl modules ii xdelta 1.1.3-9 A diff utility which works with bi ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages pristine-tar recommends: ii bzip2 1.0.5-6 high-quality block-sorting file co ii pbzip2 1.1.1-1 parallel bzip2 implementation pristine-tar suggests no packages. -- no debconf information
>From 2674487790b3ae59d5b97431953c90d06e2f56d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= <a...@sigxcpu.org> Date: Thu, 30 Dec 2010 17:24:02 +0100 Subject: [PATCH] Calculate and store sha256 checksum of the orig tarball this makes it possible for third party tools git-buildpackage to verify that the checked out tarball is the one expected. --- debian/control | 3 ++- pristine-tar | 19 +++++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/debian/control b/debian/control index decdd75..11cb54b 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,8 @@ Homepage: http://kitenet.net/~joey/code/pristine-tar/ Package: pristine-tar Architecture: any Section: utils -Depends: xdelta, ${shlibs:Depends}, ${misc:Depends}, perl-modules +Depends: xdelta, ${shlibs:Depends}, ${misc:Depends}, perl-modules, + libdigest-sha-perl Recommends: pbzip2, bzip2 Description: regenerate pristine tarballs pristine-tar can regenerate a pristine upstream tarball using only a small diff --git a/pristine-tar b/pristine-tar index 1aae144..69b41a6 100755 --- a/pristine-tar +++ b/pristine-tar @@ -171,6 +171,7 @@ use Pristine::Tar::Formats; use File::Path; use File::Basename; use Cwd qw{getcwd abs_path}; +use Digest::SHA qw(sha256); # Force locale to C since tar may output utf-8 filenames differently # depending on the locale. @@ -498,6 +499,13 @@ sub gendelta { }); } +sub genchecksum { + my $tarball=shift; + my $sha256=Digest::SHA->new("SHA-256"); + $sha256->addfile($tarball); + return ($sha256->hexdigest, 'sha256'); +} + sub vcstype { if (-d ".git" || (exists $ENV{GIT_DIR} && length $ENV{GIT_DIR})) { @@ -636,11 +644,14 @@ sub checkoutdelta { sub commitdelta { my $delta=shift; my $id=shift; + my $checksum=shift; + my $digest=shift; my $tarball=shift; my $branch="pristine-tar"; my $deltafile=basename($tarball).".delta"; my $idfile=basename($tarball).".id"; + my $csfile=basename($tarball).".checksum"; my $commit_message=defined $message ? $message : "pristine-tar data for ".basename($tarball); @@ -653,6 +664,9 @@ sub commitdelta { open(OUT, ">$tempdir/$idfile") || die "$tempdir/$idfile: $!"; print OUT "$id\n"; close OUT; + open(OUT, ">$tempdir/$csfile") || die "$tempdir/$csfile: $!"; + print OUT "$digest: $checksum\n"; + close OUT; # Commit the delta to a branch in git without affecting the # index, and without touching the working tree. Aka deep @@ -678,7 +692,7 @@ sub commitdelta { if ($branch_exists) { doit("git ls-tree -r --full-name $branch | git update-index --index-info"); } - doit("git", "update-index", "--add", $deltafile, $idfile); + doit("git", "update-index", "--add", $deltafile, $idfile, $csfile); my $sha=`git write-tree`; if ($?) { error("git write-tree failed"); @@ -737,7 +751,8 @@ sub commit { local $/=undef; my $delta=<GENDELTA>; close GENDELTA || error "failed to generate delta"; - commitdelta($delta, $id, $tarball); + my ($checksum, $digest)=genchecksum($tarball); + commitdelta($delta, $id, $checksum, $digest, $tarball); } sub checkout { -- 1.7.2.3
