Enable build-time configuration of non-MD5 file checksum digest algorithms

- if not specified (or 0), quietly assume MD5
- otherwise check for supported digest type, complain and fall back to
  md5 on invalid
- if non-md5 algorithm is used, add rpmlib() feature dependency to package

diff --git a/build/files.c b/build/files.c
index 2e6cc57..9dc5281 100644 (file)
--- a/build/files.c
+++ b/build/files.c
@@ -971,6 +971,24 @@ static void genCpioListAndHeader(FileList fl,
     FileListRec flp;
     char buf[BUFSIZ];
     int i;
+    pgpHashAlgo defaultalgo = PGPHASHALGO_MD5, digestalgo;
+
+    /*
+     * See if non-md5 file checksum algorithm is requested. If not
+     * specified, quietly assume md5. Otherwise check if supported type.
+     */
+    digestalgo = rpmExpandNumeric(isSrc ? "%{_source_filedigest_algorithm}" :
+                                         "%{_binary_filedigest_algorithm}");
+    if (digestalgo == 0) {
+       digestalgo = defaultalgo;
+    }
+
+    if (rpmDigestLength(digestalgo) == 0) {
+       rpmlog(RPMLOG_WARNING,
+               _("Unknown file digest algorithm %u, falling back to MD5\n"), 
+               digestalgo);
+       digestalgo = defaultalgo;
+    }
     
     /* Sort the big list */
     qsort(fl->fileList, fl->fileListRecsUsed,
@@ -1119,7 +1137,7 @@ static void genCpioListAndHeader(FileList fl,
        
        buf[0] = '\0';
        if (S_ISREG(flp->fl_mode))
-           (void) rpmDoDigest(PGPHASHALGO_MD5, flp->diskPath, 1, 
+           (void) rpmDoDigest(digestalgo, flp->diskPath, 1, 
                               (unsigned char *)buf, NULL);
        s = buf;
        (void) headerAddOrAppendEntry(h, RPMTAG_FILEDIGESTS, 
@@ -1163,6 +1181,12 @@ static void genCpioListAndHeader(FileList fl,
     (void) headerAddEntry(h, RPMTAG_SIZE, RPM_INT32_TYPE,
                   &(fl->totalFileSize), 1);
 
+    if (digestalgo != defaultalgo) {
+       headerAddEntry(h, RPMTAG_FILEDIGESTALGO, RPM_INT32_TYPE,
+                       &digestalgo, 1);
+       rpmlibNeedsFeature(h, "FileDigests", "4.4.90-1");
+    }
+
     if (_addDotSlash)
        (void) rpmlibNeedsFeature(h, "PayloadFilesHavePrefix", "4.0-1");
 

diff --git a/lib/rpmds.c b/lib/rpmds.c
index 557ff34..565dace 100644 (file)
--- a/lib/rpmds.c
+++ b/lib/rpmds.c
@@ -1037,6 +1037,9 @@ static const struct rpmlibProvides_s rpmlibProvides[] = {
        (                RPMSENSE_EQUAL),
     N_("internal support for lua scripts.") },
 #endif
+    { "rpmlib(FileDigests)",           "4.4.90-1",
+       (                RPMSENSE_EQUAL),
+    N_("file checksum digest algorithm is per package configurable") },
     { NULL,                            NULL, 0,        NULL }
 };
 

diff --git a/macros.in b/macros.in
index 7058787..884b2ae 100644 (file)
--- a/macros.in
+++ b/macros.in
@@ -324,6 +324,20 @@ package or when debugging this package.\
 #%_source_payload      w9.gzdio
 #%_binary_payload      w9.gzdio
 
+#      Algorithm to use for generating file checksum digests on build.
+#      If not specified or 0, MD5 is used.
+#      WARNING: non-MD5 is backwards incompatible, don't enable lightly!
+#      The supported algorithms may depend on NSS version, as of NSS
+#      3.11.99.5 the following are supported:
+#      1       MD5 (default)
+#      2       SHA1
+#      8       SHA256
+#      9       SHA384
+#      10      SHA512
+#
+#%_source_filedigest_algorithm 1
+#%_binary_filedigest_algorithm 1
+
 #      The signature to use and the location of configuration files for
 #      signing packages with PGP.
 #