From patchwork Fri Jul 22 21:40:21 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ben Westover <kwestover.kw@gmail.com>
X-Patchwork-Id: 2072
Return-Path: <pacman-dev-bounces@lists.archlinux.org>
Delivered-To: patchwork@archlinux.org
Received: from mail.archlinux.org [95.216.189.61]
	by patchwork.archlinux.org with IMAP (fetchmail-6.4.30)
	for <fetchmail@localhost> (single-drop);
 Fri, 22 Jul 2022 21:40:42 +0000 (UTC)
Received: from mail.archlinux.org
	by mail.archlinux.org with LMTP
	id yGvrNVkZ22IuwA0AK+/4rw
	(envelope-from <pacman-dev-bounces@lists.archlinux.org>)
	for <patchwork@archlinux.org>; Fri, 22 Jul 2022 21:40:41 +0000
Received: from lists.archlinux.org (lists.archlinux.org
 [IPv6:2a01:4f9:c010:9eb4::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail.archlinux.org (Postfix) with ESMTPS id 5EEDA125EEFA;
	Fri, 22 Jul 2022 21:40:40 +0000 (UTC)
Received: from lists.archlinux.org (localhost [IPv6:::1])
	by lists.archlinux.org (Postfix) with ESMTP id 1E3D01227E74;
	Fri, 22 Jul 2022 21:40:40 +0000 (UTC)
X-Original-To: pacman-dev@lists.archlinux.org
Delivered-To: pacman-dev@lists.archlinux.org
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com
 [IPv6:2607:f8b0:4864:20::530])
 by lists.archlinux.org (Postfix) with ESMTPS id 01B641227E61
 for <pacman-dev@lists.archlinux.org>; Fri, 22 Jul 2022 21:40:36 +0000 (UTC)
Received: by mail-pg1-x530.google.com with SMTP id f65so5383736pgc.12
 for <pacman-dev@lists.archlinux.org>; Fri, 22 Jul 2022 14:40:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=message-id:date:mime-version:user-agent:from:subject:to
 :content-language;
 bh=oymnkIbyLUvhhYjdFwLFxCVLBMvcLlb/Fzgy2wLwMV8=;
 b=OajNHAssck6ASFJFhT16prJCjN1grPrnLOTO6HypDCfS9sqNAUMLZks1Qg1GJ6wuk2
 PB3RLHiOlewqjsvxfyyfHmXjy8svx22QkTEdLINMpyokoOwWPm5Nax+2qlhQMCSvwC2F
 xTAH+1BZ+3z40C+PeSbgxXW8hkYdd3e+IjireJYynr22SBO/6vzV+c3xH38HTN+hJ0vX
 N87jyvtq59GX+gDbdYhBIQgpj/kowQrswWOvgObAGpX8IgC04gxkc2dnxxxLg9txXVQ5
 v8nuw39bFzwKbUS3k/aGFgkyuIwI+YOMX4z6Xm7q6DH242CiIuEtsHuy11KTKUTU0t2U
 Wb1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent:from
 :subject:to:content-language;
 bh=oymnkIbyLUvhhYjdFwLFxCVLBMvcLlb/Fzgy2wLwMV8=;
 b=WuG0QfZqPzHxVvEyQ1z2/zeCYOy3FYRFaJktQbZ4ERikAatQrkec2noPicqJBuy9sh
 TYsu6+CMmrqvaD20ijNcy9FYc8YMgKcl9xb/Y3JjV6xvboWuJtxQtfejb8gksi73a+QW
 twjU3bHFlskmuIcy0BMBWHU0DmMk9lGo32kgNMhltu0dF8kbEY3JcxU9OT1AqTHyinDS
 3j1RIYY7kykFAg2QJVOVL1mRS802leFFX65m0Nmpm/IbeDhvtvXX3NQAGKJwcOlcmNF4
 sDTmvaSzJc+yE2RmfaujFFFbaxBxe/rpbbviN2lf4NklTJX1P9j1XBjpBqv00IZQAMvR
 lA7g==
X-Gm-Message-State: AJIora93m1lwH/pKJAwCAbmDUKGXHyiP4IF29iU7Ty8krj9rtiwY5dwg
 Isz7KMDUQPfY2bd0v0DTY69WFxnqVK1tHg==
X-Google-Smtp-Source: 
 AGRyM1sNESu3xSPGn8SBjBh6d75qA2mA10WrfrQGjPjN22yBPOs+gANkBb2BsgLCnCFKyM6dATq5zA==
X-Received: by 2002:a05:6214:1c0f:b0:474:2a5d:7309 with SMTP id
 u15-20020a0562141c0f00b004742a5d7309mr533203qvc.91.1658526023611;
 Fri, 22 Jul 2022 14:40:23 -0700 (PDT)
Received: from [192.168.1.115] (static-95-221.sssnet.com. [24.140.95.221])
 by smtp.gmail.com with ESMTPSA id
 do48-20020a05620a2b3000b006b6328b794dsm1671491qkb.75.2022.07.22.14.40.22
 for <pacman-dev@lists.archlinux.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 22 Jul 2022 14:40:22 -0700 (PDT)
Message-ID: <d2b06b2e-4fb3-b37a-aba7-b6a1d3c73501@gmail.com>
Date: Fri, 22 Jul 2022 17:40:21 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.11.0
From: Ben Westover <kwestover.kw@gmail.com>
Subject: [PATCH] proto: Change the default checksum from md5 to sha256
To: pacman-dev@lists.archlinux.org
Content-Language: en-US
X-BeenThere: pacman-dev@lists.archlinux.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion list for pacman development
 <pacman-dev.lists.archlinux.org>
List-Unsubscribe: <https://lists.archlinux.org/options/pacman-dev>,
 <mailto:pacman-dev-request@lists.archlinux.org?subject=unsubscribe>
List-Archive: <https://lists.archlinux.org/pipermail/pacman-dev/>
List-Post: <mailto:pacman-dev@lists.archlinux.org>
List-Help: <mailto:pacman-dev-request@lists.archlinux.org?subject=help>
List-Subscribe: <https://lists.archlinux.org/listinfo/pacman-dev>,
 <mailto:pacman-dev-request@lists.archlinux.org?subject=subscribe>
Errors-To: pacman-dev-bounces@lists.archlinux.org
Sender: "pacman-dev" <pacman-dev-bounces@lists.archlinux.org>
X-Spamd-Result: default: False [-4.01 / 15.00];
	SIGNED_PGP(-2.00)[];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
	MAILLIST(-0.20)[mailman];
	RCVD_IN_DNSWL_MED(-0.20)[2a01:4f9:c010:9eb4::1:from];
	MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain];
	R_SPF_ALLOW(-0.20)[+ip6:2a01:4f9:c010:9eb4::1];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	HAS_LIST_UNSUB(-0.01)[];
	FROM_NEQ_ENVFROM(0.00)[kwestoverkw@gmail.com,pacman-dev-bounces@lists.archlinux.org];
	FROM_HAS_DN(0.00)[];
	RCVD_COUNT_FIVE(0.00)[5];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[pacman-dev@lists.archlinux.org];
	ARC_NA(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::530:received];
	RCPT_COUNT_ONE(0.00)[1];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	ASN(0.00)[asn:24940, ipnet:2a01:4f9::/32, country:DE];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_DN_NONE(0.00)[];
	HAS_ATTACHMENT(0.00)[];
	FREEMAIL_FROM(0.00)[gmail.com];
	TAGGED_FROM(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	MIME_TRACE(0.00)[0:+,1:+,2:+,3:~];
	RECEIVED_SPAMHAUS_PBL(0.00)[24.140.95.221:received];
	NEURAL_HAM(-0.00)[-1.000];
	RCVD_TLS_LAST(0.00)[];
	FORGED_SENDER_MAILLIST(0.00)[]
X-Rspamd-Server: mail.archlinux.org
X-Rspamd-Queue-Id: 5EEDA125EEFA
Authentication-Results: mail.archlinux.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=OajNHAss;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mail.archlinux.org: domain of
 pacman-dev-bounces@lists.archlinux.org designates 2a01:4f9:c010:9eb4::1 as
 permitted sender) smtp.mailfrom=pacman-dev-bounces@lists.archlinux.org

MD5 isn't a very good checksum, and the PKGBUILD page on the Arch Wiki
states that it should not be used, instead recommending sha256 or b2.
This patch changes the default from md5 to sha256 because that seems to
be the most commonly used checksum today.

Signed-off-by: Ben Westover <kwestover.kw@gmail.com>
---
 proto/PKGBUILD-split.proto | 2 +-
 proto/PKGBUILD-vcs.proto   | 2 +-
 proto/PKGBUILD.proto       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/proto/PKGBUILD-split.proto b/proto/PKGBUILD-split.proto
index 9898ef81..eea97e56 100644
--- a/proto/PKGBUILD-split.proto
+++ b/proto/PKGBUILD-split.proto
@@ -28,7 +28,7 @@ changelog=
 source=("$pkgbase-$pkgver.tar.gz"
         "$pkgname-$pkgver.patch")
 noextract=()
-md5sums=()
+sha256sums=()
 validpgpkeys=()
 
 prepare() {
diff --git a/proto/PKGBUILD-vcs.proto b/proto/PKGBUILD-vcs.proto
index ae9956a9..49c6759f 100644
--- a/proto/PKGBUILD-vcs.proto
+++ b/proto/PKGBUILD-vcs.proto
@@ -25,7 +25,7 @@ options=()
 install=
 source=('FOLDER::VCS+URL#FRAGMENT')
 noextract=()
-md5sums=('SKIP')
+sha256sums=('SKIP')
 
 # Please refer to the 'USING VCS SOURCES' section of the PKGBUILD man page for
 # a description of each element in the source array.
diff --git a/proto/PKGBUILD.proto b/proto/PKGBUILD.proto
index a2c600d5..9aff797c 100644
--- a/proto/PKGBUILD.proto
+++ b/proto/PKGBUILD.proto
@@ -27,7 +27,7 @@ changelog=
 source=("$pkgname-$pkgver.tar.gz"
         "$pkgname-$pkgver.patch")
 noextract=()
-md5sums=()
+sha256sums=()
 validpgpkeys=()
 
 prepare() {