~alpine/devel

Re: [alpine-devel] abuild -f should verify checksums, right?

Oliver Smith <ollieparanoid@bitmessage.ch>
Details
Message ID
<81958de2-c17e-07f6-cec7-825c8727f430@bitmessage.ch>
Sender timestamp
1512830340
DKIM signature
missing
Download raw message
6 years ago 
A. Wilcox:
> On 08/12/17 19:24, Oliver Smith wrote:
>> Hello Alpine devs,
> 
>> I have noted that abuild does not verify the checksums in the 
>> APKBUILD when the -f (force) flag gets passed. kaniini said "I
>> think this is intentional" and asked me to write here.
> 
>> So is this intentional (and if so, for which reasons)? See the
>> full bug report below.
> 
>> Best regards, Oliver
> 
> 
> To me: -f means force, which means ignore errors and keep going, which
> means checksum errors don't matter.
> 

For what it's worth, Arch Linux' makepkg *does* verify the checksums, even with the -f flag. I've just checked that. And it aborts the build when they do not match. I mention this, because abuild calls itself "light version of makepkg" (right at the top of abuild.in in the source code).

The only use case I can think of, where you might not want to abort the build with wrong checksums, is when you need to change the sources multiple times (i.e. because you develop the upstream software yourself) and want to see how it behaves when packaged for Alpine. For example when you're editing the mkinitfs scripts, and want to see if it boots properly when built and installed through abuild.

Downsides are, that people may pass the -f on the first build, even though they do not need it, and then the checksums do not get verified without them noticing (we don't even print a warning right now). This makes man in the middle attacks possible in theory (you would need to know that the user is using -f, but that might be the case in some scripted scenarios).

More realistically, people could build once, then change the source (let's say a supplied OpenRC service in the same folder), build again with -f (because the pkgver/pkgrel did not change), and forget to update the checksums because they assume that they have not been changed.

Thanks,
Oliver

> The help should definitely be written clearer.
> 
> This is one reason I am trying to document what abuild does, instead
> of what abuild says it will do.  That is also why it is taking me so
> long to actually write the manpages.
> 
> Best,
> --arw
> 
> 
> 
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:         alpine-devel+help@lists.alpinelinux.org
> ---
> 
> 



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)