What do you all think about adding a Bash function to check for .sha1, .md5, or even .sign files? I have been doing this for a while and I enjoy it a lot. .patch files are important too. My script isn't perfect, but it works for me. I haven't honed it yet... this function breaks the ability to create tar files, but it provides the basic idea:
# Using '/bin/tar' is important, so this function doesn't loop calling itself.
function tar() {
if [ $1 == "xf" ] || [ $1 == "xvf" ] ; then
if [ -f ${2} ] ; then
if [ -f ${2}.sig ] ; then
gpg --verify ${2}.sig &&
/bin/tar $1 $2
elif [ -f ${2}.sign ] ; then
gpg --verify ${2}.sign &&
/bin/tar $1 $2
elif [ -f ${2}.asc ] ; then
gpg --verify ${2}.asc &&
/bin/tar $1 $2
elif [ -f ${2}.md5 ] ; then
md5sum --check ${2}.md5 &&
/bin/tar $1 $2
elif [ -f ${2}.sha1 ] ; then
sha1sum --check ${2}.sha1 &&
/bin/tar $1 $2
elif [ -f ${2}.sha ] ; then
sha1sum --check ${2}.sha &&
/bin/tar $1 $2
else
/bin/tar $1 $2
fi
fi
fi
}
All GNU packages have a .sig file, and all kernel.org files have a .sign file,
for gnupg. Almost everyone else has an md5 or sha checksum available from the
package maintainer.
It would be ideal to check a file's checksum every time it is used. In the
spirit of distrusting your OS vendor, package checksums should be checked
against the package maintainer's checksum and not the checksum HLFS created
(whenever possible). This means installing gnupg to check the majority of
packages.
I could use help in making a better Bash function for 'tar' and 'patch',
unless there is a logical objection to doing this in HLFS.
Gnupg would need to be installed in chap5, and checksum files would need to be
added to the needed package/patch files.
robert
pgparxKCwBlTe.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
