aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Crispin <blogic@openwrt.org>2015-04-14 19:00:14 +0000
committerJohn Crispin <blogic@openwrt.org>2015-04-14 19:00:14 +0000
commitdcc0f0aacdfbf90c510041063419997ae9ea3d5d (patch)
tree9c36d296610c06bf995ed22267b4a8677a06ded9
parente470997e7c8a346db30b85491b64a697537d7e73 (diff)
downloadmaster-187ad058-dcc0f0aacdfbf90c510041063419997ae9ea3d5d.tar.gz
master-187ad058-dcc0f0aacdfbf90c510041063419997ae9ea3d5d.tar.bz2
master-187ad058-dcc0f0aacdfbf90c510041063419997ae9ea3d5d.zip
opkg: drop md5 in favour of sha256
Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45437 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--include/image.mk6
-rw-r--r--package/system/opkg/Makefile4
-rw-r--r--package/system/opkg/patches/220-drop-release-support.patch812
-rw-r--r--package/system/opkg/patches/230-drop_md5_support.patch161
4 files changed, 979 insertions, 4 deletions
diff --git a/include/image.mk b/include/image.mk
index 31689c7e6b..165bf72f78 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -258,8 +258,7 @@ endef
define Image/Checksum
( cd ${BIN_DIR} ; \
- $(FIND) -maxdepth 1 -type f \! -name 'md5sums' -printf "%P\n" | sort | xargs \
- md5sum --binary > md5sums \
+ $(FIND) -maxdepth 1 -type f \! -name 'md5sums' -printf "%P\n" | sort | xargs $1 > $2 \
)
endef
@@ -461,6 +460,7 @@ define BuildImage
$(call Image/Build,$(fs))
)
$(call Image/mkfs/ubifs)
- $(call Image/Checksum)
+ $(call Image/Checksum,md5sum --binary,md5sums)
+ $(call Image/Checksum,openssl dgst -sha256,sha256sums)
endef
diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile
index 4f30ec2114..1b1f3f19e4 100644
--- a/package/system/opkg/Makefile
+++ b/package/system/opkg/Makefile
@@ -89,11 +89,12 @@ EXTRA_CFLAGS += $(TARGET_CPPFLAGS)
CONFIGURE_ARGS += \
--disable-curl \
--disable-gpg \
+ --enable-sha256 \
--with-opkgetcdir=/etc \
--with-opkglockfile=/var/lock/opkg.lock
ifeq ($(BUILD_VARIANT),smime)
- CONFIGURE_ARGS += --enable-openssl --enable-sha256 --disable-usign
+ CONFIGURE_ARGS += --enable-openssl --disable-usign
else
ifndef CONFIG_SIGNED_PACKAGES
CONFIGURE_ARGS += --disable-usign
@@ -151,6 +152,7 @@ endef
HOST_CONFIGURE_ARGS+= \
--disable-curl \
--disable-gpg \
+ --enable-sha256 \
--with-opkgetcdir=/etc \
--with-opkglockfile=/tmp/opkg.lock
diff --git a/package/system/opkg/patches/220-drop-release-support.patch b/package/system/opkg/patches/220-drop-release-support.patch
new file mode 100644
index 0000000000..41f271f184
--- /dev/null
+++ b/package/system/opkg/patches/220-drop-release-support.patch
@@ -0,0 +1,812 @@
+--- a/libopkg/Makefile.am
++++ b/libopkg/Makefile.am
+@@ -15,7 +15,6 @@
+ opkg_upgrade.c opkg_upgrade.h \
+ opkg_remove.c opkg_remove.h
+ opkg_db_sources = opkg_conf.c opkg_conf.h \
+- release.c release.h release_parse.c release_parse.h \
+ opkg_utils.c opkg_utils.h pkg.c pkg.h hash_table.h \
+ pkg_depends.c pkg_depends.h pkg_extract.c pkg_extract.h \
+ hash_table.c pkg_hash.c pkg_hash.h pkg_parse.c pkg_parse.h \
+@@ -28,7 +27,6 @@
+ active_list.c active_list.h list.h
+ opkg_util_sources = file_util.c file_util.h opkg_message.h opkg_message.c md5.c md5.h \
+ parse_util.c parse_util.h \
+- cksum_list.c cksum_list.h \
+ sprintf_alloc.c sprintf_alloc.h \
+ xregex.c xregex.h xsystem.c xsystem.h
+ if HAVE_PATHFINDER
+--- a/libopkg/cksum_list.c
++++ /dev/null
+@@ -1,87 +0,0 @@
+-/* cksum_lis.c - the opkg package management system
+-
+- Copyright (C) 2010,2011 Javier Palacios
+-
+- This program is free software; you can redistribute it and/or
+- modify it under the terms of the GNU General Public License as
+- published by the Free Software Foundation; either version 2, or (at
+- your option) any later version.
+-
+- This program is distributed in the hope that it will be useful, but
+- WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- General Public License for more details.
+-*/
+-
+-#include "config.h"
+-
+-#include <stdio.h>
+-
+-#include "cksum_list.h"
+-#include "libbb/libbb.h"
+-
+-
+-int cksum_init(cksum_t *cksum, char **itemlist)
+-{
+- cksum->value = xstrdup(*itemlist++);
+- cksum->size = atoi(*itemlist++);
+- cksum->name = xstrdup(*itemlist++);
+-
+- return 0;
+-}
+-
+-void cksum_deinit(cksum_t *cksum)
+-{
+- free (cksum->name);
+- cksum->name = NULL;
+-
+- free (cksum->value);
+- cksum->value = NULL;
+-}
+-
+-void cksum_list_init(cksum_list_t *list)
+-{
+- void_list_init((void_list_t *) list);
+-}
+-
+-void cksum_list_deinit(cksum_list_t *list)
+-{
+- cksum_list_elt_t *iter, *n;
+- cksum_t *cksum;
+-
+- list_for_each_entry_safe(iter, n, &list->head, node) {
+- cksum = (cksum_t *)iter->data;
+- cksum_deinit(cksum);
+-
+- /* malloced in cksum_list_append */
+- free(cksum);
+- iter->data = NULL;
+- }
+- void_list_deinit((void_list_t *) list);
+-}
+-
+-cksum_t *cksum_list_append(cksum_list_t *list, char **itemlist)
+-{
+- /* freed in cksum_list_deinit */
+- cksum_t *cksum = xcalloc(1, sizeof(cksum_t));
+- cksum_init(cksum, itemlist);
+-
+- void_list_append((void_list_t *) list, cksum);
+-
+- return cksum;
+-}
+-
+-const cksum_t *cksum_list_find(cksum_list_t *list, const char *name)
+-{
+- cksum_list_elt_t *iter;
+- cksum_t *cksum;
+-
+- list_for_each_entry(iter, &list->head, node) {
+- cksum = (cksum_t *)iter->data;
+- if (strcmp(cksum->name, name) == 0) {
+- return cksum;
+- }
+- }
+- return NULL;
+-}
+-
+--- a/libopkg/cksum_list.h
++++ /dev/null
+@@ -1,46 +0,0 @@
+-/* cksum_list.h - the opkg package management system
+-
+- Copyright (C) 2010,2011 Javier Palacios
+-
+- This program is free software; you can redistribute it and/or
+- modify it under the terms of the GNU General Public License as
+- published by the Free Software Foundation; either version 2, or (at
+- your option) any later version.
+-
+- This program is distributed in the hope that it will be useful, but
+- WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- General Public License for more details.
+-*/
+-
+-#ifndef CKSUM_LIST_H
+-#define CKSUM_LIST_H
+-
+-typedef struct
+-{
+- char *name;
+- char *value;
+- int size;
+-} cksum_t;
+-
+-int cksum_init(cksum_t *cksum, char **itemlist);
+-void cksum_deinit(cksum_t *cksum);
+-
+-#include "void_list.h"
+-
+-typedef struct void_list_elt cksum_list_elt_t;
+-
+-typedef struct void_list cksum_list_t;
+-
+-static inline int cksum_list_empty(cksum_list_t *list)
+-{
+- return void_list_empty ((void_list_t *)list);
+-}
+-
+-void cksum_list_init(cksum_list_t *list);
+-void cksum_list_deinit(cksum_list_t *list);
+-
+-cksum_t *cksum_list_append(cksum_list_t *list, char **itemlist);
+-const cksum_t *cksum_list_find(cksum_list_t *list, const char *name);
+-
+-#endif
+--- a/libopkg/release.c
++++ /dev/null
+@@ -1,342 +0,0 @@
+-/* release.c - the opkg package management system
+-
+- Copyright (C) 2010,2011 Javier Palacios
+-
+- This program is free software; you can redistribute it and/or
+- modify it under the terms of the GNU General Public License as
+- published by the Free Software Foundation; either version 2, or (at
+- your option) any later version.
+-
+- This program is distributed in the hope that it will be useful, but
+- WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- General Public License for more details.
+-*/
+-
+-#include <unistd.h>
+-#include <ctype.h>
+-
+-#include "release.h"
+-#include "opkg_utils.h"
+-#include "libbb/libbb.h"
+-
+-#include "opkg_download.h"
+-#include "sprintf_alloc.h"
+-
+-#include "release_parse.h"
+-
+-#include "parse_util.h"
+-#include "file_util.h"
+-
+-static void
+-release_init(release_t *release)
+-{
+- release->name = NULL;
+- release->datestring = NULL;
+- release->architectures = NULL;
+- release->architectures_count = 0;
+- release->components = NULL;
+- release->components_count = 0;
+- release->complist = NULL;
+- release->complist_count = 0;
+-}
+-
+-release_t *
+-release_new(void)
+-{
+- release_t *release;
+-
+- release = xcalloc(1, sizeof(release_t));
+- release_init(release);
+-
+- return release;
+-}
+-
+-void
+-release_deinit(release_t *release)
+-{
+- int i;
+-
+- free(release->name);
+- free(release->datestring);
+-
+- for(i = 0; i < release->architectures_count; i++){
+- free(release->architectures[i]);
+- }
+- free(release->architectures);
+-
+- for(i = 0; i < release->components_count; i++){
+- free(release->components[i]);
+- }
+- free(release->components);
+-
+- for(i = 0; i < release->complist_count; i++){
+- free(release->complist[i]);
+- }
+- free(release->complist);
+-
+-}
+-
+-int
+-release_init_from_file(release_t *release, const char *filename)
+-{
+- int err = 0;
+- FILE *release_file;
+-
+- release_file = fopen(filename, "r");
+- if (release_file == NULL) {
+- opkg_perror(ERROR, "Failed to open %s", filename);
+- return -1;
+- }
+-
+- err=release_parse_from_stream(release, release_file);
+- if (!err) {
+- if (!release_arch_supported(release)) {
+- opkg_msg(ERROR, "No valid architecture found on Release file.\n");
+- err = -1;
+- }
+- }
+-
+- return err;
+-}
+-
+-const char *
+-item_in_list(const char *comp, char **complist, const unsigned int count)
+-{
+- int i;
+-
+- if (!complist)
+- return comp;
+-
+- for(i = 0; i < count; i++){
+- if (strcmp(comp, complist[i]) == 0)
+- return complist[i];
+- }
+-
+- return NULL;
+-}
+-
+-int
+-release_arch_supported(release_t *release)
+-{
+- nv_pair_list_elt_t *l;
+-
+- list_for_each_entry(l , &conf->arch_list.head, node) {
+- nv_pair_t *nv = (nv_pair_t *)l->data;
+- if (item_in_list(nv->name, release->architectures, release->architectures_count)) {
+- opkg_msg(DEBUG, "Arch %s (priority %s) supported for dist %s.\n",
+- nv->name, nv->value, release->name);
+- return 1;
+- }
+- }
+-
+- return 0;
+-}
+-
+-int
+-release_comps_supported(release_t *release, const char *complist)
+-{
+- int ret = 1;
+- int i;
+-
+- if (complist) {
+- release->complist = parse_list(complist, &release->complist_count, ' ', 1);
+- for(i = 0; i < release->complist_count; i++){
+- if (!item_in_list(release->complist[i], release->components, release->components_count)) {
+- opkg_msg(ERROR, "Component %s not supported for dist %s.\n",
+- release->complist[i], release->name);
+- ret = 0;
+- }
+- }
+- }
+-
+- return ret;
+-}
+-
+-const char **
+-release_comps(release_t *release, unsigned int *count)
+-{
+- char **comps = release->complist;
+-
+- if (!comps) {
+- comps = release->components;
+- *count = release->components_count;
+- } else {
+- *count = release->complist_count;
+- }
+-
+- return (const char **)comps;
+-}
+-
+-int
+-release_download(release_t *release, pkg_src_t *dist, char *lists_dir, char *tmpdir)
+-{
+- int ret = 0;
+- unsigned int ncomp;
+- const char **comps = release_comps(release, &ncomp);
+- nv_pair_list_elt_t *l;
+- int i;
+-
+- for(i = 0; i < ncomp; i++){
+- int err = 0;
+- char *prefix;
+-
+- sprintf_alloc(&prefix, "%s/dists/%s/%s/binary", dist->value, dist->name,
+- comps[i]);
+-
+- list_for_each_entry(l , &conf->arch_list.head, node) {
+- char *url;
+- char *tmp_file_name, *list_file_name;
+- char *subpath = NULL;
+-
+- nv_pair_t *nv = (nv_pair_t *)l->data;
+-
+- sprintf_alloc(&list_file_name, "%s/%s-%s-%s", lists_dir, dist->name, comps[i], nv->name);
+-
+- sprintf_alloc(&tmp_file_name, "%s/%s-%s-%s%s", tmpdir, dist->name, comps[i], nv->name, ".gz");
+-
+- sprintf_alloc(&subpath, "%s/binary-%s/%s", comps[i], nv->name, dist->gzip ? "Packages.gz" : "Packages");
+-
+- if (dist->gzip) {
+- sprintf_alloc(&url, "%s-%s/Packages.gz", prefix, nv->name);
+- err = opkg_download(url, tmp_file_name, NULL, NULL, 1);
+- if (!err) {
+- err = release_verify_file(release, tmp_file_name, subpath);
+- if (err) {
+- unlink (tmp_file_name);
+- unlink (list_file_name);
+- }
+- }
+- if (!err) {
+- FILE *in, *out;
+- opkg_msg(NOTICE, "Inflating %s.\n", url);
+- in = fopen (tmp_file_name, "r");
+- out = fopen (list_file_name, "w");
+- if (in && out) {
+- err = unzip (in, out);
+- if (err)
+- opkg_msg(INFO, "Corrumpt file at %s.\n", url);
+- } else
+- err = 1;
+- if (in)
+- fclose (in);
+- if (out)
+- fclose (out);
+- unlink (tmp_file_name);
+- }
+- free(url);
+- }
+-
+- if (err) {
+- sprintf_alloc(&url, "%s-%s/Packages", prefix, nv->name);
+- err = opkg_download(url, list_file_name, NULL, NULL, 1);
+- if (!err) {
+- err = release_verify_file(release, tmp_file_name, subpath);
+- if (err)
+- unlink (list_file_name);
+- }
+- free(url);
+- }
+-
+- free(tmp_file_name);
+- free(list_file_name);
+- }
+-
+- if(err)
+- ret = 1;
+-
+- free(prefix);
+- }
+-
+- return ret;
+-}
+-
+-int
+-release_get_size(release_t *release, const char *pathname)
+-{
+- const cksum_t *cksum;
+-
+- if (release->md5sums) {
+- cksum = cksum_list_find(release->md5sums, pathname);
+- return cksum->size;
+- }
+-
+-#ifdef HAVE_SHA256
+- if (release->sha256sums) {
+- cksum = cksum_list_find(release->sha256sums, pathname);
+- return cksum->size;
+- }
+-#endif
+-
+- return -1;
+-}
+-
+-const char *
+-release_get_md5(release_t *release, const char *pathname)
+-{
+- const cksum_t *cksum;
+-
+- if (release->md5sums) {
+- cksum = cksum_list_find(release->md5sums, pathname);
+- return cksum->value;
+- }
+-
+- return '\0';
+-}
+-
+-#ifdef HAVE_SHA256
+-const char *
+-release_get_sha256(release_t *release, const char *pathname)
+-{
+- const cksum_t *cksum;
+-
+- if (release->sha256sums) {
+- cksum = cksum_list_find(release->sha256sums, pathname);
+- return cksum->value;
+- }
+-
+- return '\0';
+-}
+-#endif
+-
+-int
+-release_verify_file(release_t *release, const char* file_name, const char *pathname)
+-{
+- struct stat f_info;
+- char *f_md5 = NULL;
+- const char *md5 = release_get_md5(release, pathname);
+-#ifdef HAVE_SHA256
+- char *f_sha256 = NULL;
+- const char *sha256 = release_get_sha256(release, pathname);
+-#endif
+- int ret = 0;
+-
+- if (stat(file_name, &f_info) || (f_info.st_size!=release_get_size(release, pathname))) {
+- opkg_msg(ERROR, "Size verification failed for %s - %s.\n", release->name, pathname);
+- ret = 1;
+- } else {
+-
+- f_md5 = file_md5sum_alloc(file_name);
+-#ifdef HAVE_SHA256
+- f_sha256 = file_sha256sum_alloc(file_name);
+-#endif
+-
+- if (md5 && strcmp(md5, f_md5)) {
+- opkg_msg(ERROR, "MD5 verification failed for %s - %s.\n", release->name, pathname);
+- ret = 1;
+-#ifdef HAVE_SHA256
+- } else if (sha256 && strcmp(sha256, f_sha256)) {
+- opkg_msg(ERROR, "SHA256 verification failed for %s - %s.\n", release->name, pathname);
+- ret = 1;
+-#endif
+- }
+-
+- }
+-
+- free(f_md5);
+-#ifdef HAVE_SHA256
+- free(f_sha256);
+-#endif
+-
+- return ret;
+-}
+--- a/libopkg/release.h
++++ /dev/null
+@@ -1,53 +0,0 @@
+-/* release.h - the opkg package management system
+-
+- Copyright (C) 2010,2011 Javier Palacios
+-
+- This program is free software; you can redistribute it and/or
+- modify it under the terms of the GNU General Public License as
+- published by the Free Software Foundation; either version 2, or (at
+- your option) any later version.
+-
+- This program is distributed in the hope that it will be useful, but
+- WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- General Public License for more details.
+-*/
+-
+-#ifndef RELEASE_H
+-#define RELEASE_H
+-
+-#include <stdio.h>
+-#include "pkg.h"
+-#include "cksum_list.h"
+-
+-struct release
+-{
+- char *name;
+- char *datestring;
+- char **architectures;
+- unsigned int architectures_count;
+- char **components;
+- unsigned int components_count;
+- cksum_list_t *md5sums;
+-#ifdef HAVE_SHA256
+- cksum_list_t *sha256sums;
+-#endif
+- char **complist;
+- unsigned int complist_count;
+-};
+-
+-typedef struct release release_t;
+-
+-release_t *release_new(void);
+-void release_deinit(release_t *release);
+-int release_init_from_file(release_t *release, const char *filename);
+-
+-int release_arch_supported(release_t *release);
+-int release_comps_supported(release_t *release, const char *complist);
+-int release_download(release_t *release, pkg_src_t *dist, char *lists_dir, char *tmpdir);
+-
+-const char **release_comps(release_t *release, unsigned int *count);
+-
+-int release_verify_file(release_t *release, const char *filename, const char *pathname);
+-
+-#endif
+--- a/libopkg/release_parse.c
++++ /dev/null
+@@ -1,126 +0,0 @@
+-/* release_parse.c - the opkg package management system
+-
+- Copyright (C) 2010,2011 Javier Palacios
+-
+- This program is free software; you can redistribute it and/or
+- modify it under the terms of the GNU General Public License as
+- published by the Free Software Foundation; either version 2, or (at
+- your option) any later version.
+-
+- This program is distributed in the hope that it will be useful, but
+- WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- General Public License for more details.
+-*/
+-
+-#include "config.h"
+-
+-#include <stdio.h>
+-
+-#include "release.h"
+-#include "release_parse.h"
+-#include "libbb/libbb.h"
+-#include "parse_util.h"
+-
+-static int
+-release_parse_line(void *ptr, const char *line, uint mask)
+-{
+- release_t *release = (release_t *) ptr;
+-
+- int ret = 0;
+- unsigned int count = 0;
+- char **list = 0;
+- static int reading_md5sums = 0;
+-#ifdef HAVE_SHA256
+- static int reading_sha256sums = 0;
+-#endif
+-
+- switch (*line) {
+- case 'A':
+- if (is_field("Architectures", line)) {
+- release->architectures = parse_list(line, &release->architectures_count, ' ', 0);
+- }
+- break;
+-
+- case 'C':
+- if (is_field("Codename", line)) {
+- release->name = parse_simple("Codename", line);
+- }
+- else if (is_field("Components", line)) {
+- release->components = parse_list(line, &release->components_count, ' ', 0);
+- }
+- break;
+-
+- case 'D':
+- if (is_field("Date", line)) {
+- release->datestring = parse_simple("Date", line);
+- }
+- break;
+-
+- case 'M':
+- if (is_field("MD5sum", line)) {
+- reading_md5sums = 1;
+- if (release->md5sums == NULL) {
+- release->md5sums = xcalloc(1, sizeof(cksum_list_t));
+- cksum_list_init(release->md5sums);
+- }
+- goto dont_reset_flags;
+- }
+- break;
+-
+-#ifdef HAVE_SHA256
+- case 'S':
+- if (is_field("SHA256", line)) {
+- reading_sha256sums = 1;
+- if (release->sha256sums == NULL) {
+- release->sha256sums = xcalloc(1, sizeof(cksum_list_t));
+- cksum_list_init(release->sha256sums);
+- }
+- goto dont_reset_flags;
+- }
+- break;
+-#endif
+-
+- case ' ':
+- if (reading_md5sums) {
+- list = parse_list(line, &count, ' ', 1);
+- cksum_list_append(release->md5sums, list);
+- goto dont_reset_flags;
+- }
+-#ifdef HAVE_SHA256
+- else if (reading_sha256sums) {
+- list = parse_list(line, &count, ' ', 1);
+- cksum_list_append(release->sha256sums, list);
+- goto dont_reset_flags;
+- }
+-#endif
+- break;
+-
+- default:
+- ret = 1;
+- }
+-
+- reading_md5sums = 0;
+-#ifdef HAVE_SHA256
+- reading_sha256sums = 0;
+-#endif
+-
+-dont_reset_flags:
+-
+- return ret;
+-}
+-
+-int
+-release_parse_from_stream(release_t *release, FILE *fp)
+-{
+- int ret;
+- char *buf;
+- const size_t len = 4096;
+-
+- buf = xmalloc(len);
+- ret = parse_from_stream_nomalloc(release_parse_line, release, fp, 0, &buf, len);
+- free(buf);
+-
+- return ret;
+-}
+-
+--- a/libopkg/release_parse.h
++++ /dev/null
+@@ -1,21 +0,0 @@
+-/* release_parse.h - the opkg package management system
+-
+- Copyright (C) 2010,2011 Javier Palacios
+-
+- This program is free software; you can redistribute it and/or
+- modify it under the terms of the GNU General Public License as
+- published by the Free Software Foundation; either version 2, or (at
+- your option) any later version.
+-
+- This program is distributed in the hope that it will be useful, but
+- WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- General Public License for more details.
+-*/
+-
+-#ifndef RELEASE_PARSE_H
+-#define RELEASE_PARSE_H
+-
+-int release_parse_from_stream(release_t *release, FILE *fp);
+-
+-#endif
+--- a/libopkg/opkg_cmd.c
++++ b/libopkg/opkg_cmd.c
+@@ -27,7 +27,6 @@
+ #include "opkg_conf.h"
+ #include "opkg_cmd.h"
+ #include "opkg_message.h"
+-#include "release.h"
+ #include "pkg.h"
+ #include "pkg_dest.h"
+ #include "pkg_parse.h"
+@@ -114,39 +113,6 @@
+ }
+
+
+- for (iter = void_list_first(&conf->dist_src_list); iter; iter = void_list_next(&conf->dist_src_list, iter)) {
+- char *url, *list_file_name;
+-
+- src = (pkg_src_t *)iter->data;
+-
+- sprintf_alloc(&url, "%s/dists/%s/Release", src->value, src->name);
+-
+- sprintf_alloc(&list_file_name, "%s/%s", lists_dir, src->name);
+- err = opkg_download(url, list_file_name, NULL, NULL, 0);
+- if (!err) {
+- opkg_msg(NOTICE, "Downloaded release files for dist %s.\n",
+- src->name);
+- release_t *release = release_new();
+- err = release_init_from_file(release, list_file_name);
+- if (!err) {
+- if (!release_comps_supported(release, src->extra_data))
+- err = -1;
+- }
+- if (!err) {
+- err = release_download(release, src, lists_dir, tmp);
+- }
+- release_deinit(release);
+- if (err)
+- unlink(list_file_name);
+- }
+-
+- if (err)
+- failures++;
+-
+- free(list_file_name);
+- free(url);
+- }
+-
+ for (iter = void_list_first(&conf->pkg_src_list); iter; iter = void_list_next(&conf->pkg_src_list, iter)) {
+ char *url, *list_file_name;
+
+--- a/libopkg/pkg_hash.c
++++ b/libopkg/pkg_hash.c
+@@ -18,7 +18,6 @@
+ #include <stdio.h>
+
+ #include "hash_table.h"
+-#include "release.h"
+ #include "pkg.h"
+ #include "opkg_message.h"
+ #include "pkg_vec.h"
+@@ -183,40 +182,6 @@
+ lists_dir = conf->restrict_to_default_dest ?
+ conf->default_dest->lists_dir : conf->lists_dir;
+
+- for (iter = void_list_first(&conf->dist_src_list); iter;
+- iter = void_list_next(&conf->dist_src_list, iter)) {
+-
+- src = (pkg_src_t *)iter->data;
+-
+- sprintf_alloc(&list_file, "%s/%s", lists_dir, src->name);
+-
+- if (file_exists(list_file)) {
+- int i;
+- release_t *release = release_new();
+- if(release_init_from_file(release, list_file)) {
+- free(list_file);
+- return -1;
+- }
+-
+- unsigned int ncomp;
+- const char **comps = release_comps(release, &ncomp);
+- subdist = (pkg_src_t *) xmalloc(sizeof(pkg_src_t));
+- memcpy(subdist, src, sizeof(pkg_src_t));
+-
+- for(i = 0; i < ncomp; i++){
+- subdist->name = NULL;
+- sprintf_alloc(&subdist->name, "%s-%s", src->name, comps[i]);
+- if (dist_hash_add_from_file(lists_dir, subdist)) {
+- free(subdist->name); free(subdist);
+- free(list_file);
+- return -1;
+- }
+- }
+- free(subdist->name); free(subdist);
+- }
+- free(list_file);
+- }
+-
+ for (iter = void_list_first(&conf->pkg_src_list); iter;
+ iter = void_list_next(&conf->pkg_src_list, iter)) {
+
diff --git a/package/system/opkg/patches/230-drop_md5_support.patch b/package/system/opkg/patches/230-drop_md5_support.patch
new file mode 100644
index 0000000000..98522880e0
--- /dev/null
+++ b/package/system/opkg/patches/230-drop_md5_support.patch
@@ -0,0 +1,161 @@
+--- a/libopkg/conffile.c
++++ b/libopkg/conffile.c
+@@ -36,7 +36,7 @@
+
+ int conffile_has_been_modified(conffile_t *conffile)
+ {
+- char *md5sum;
++ char *chksum;
+ char *filename = conffile->name;
+ char *root_filename;
+ int ret = 1;
+@@ -48,16 +48,19 @@
+
+ root_filename = root_filename_alloc(filename);
+
+- md5sum = file_md5sum_alloc(root_filename);
+-
+- if (md5sum && (ret = strcmp(md5sum, conffile->value))) {
+- opkg_msg(INFO, "Conffile %s:\n\told md5=%s\n\tnew md5=%s\n",
+- conffile->name, md5sum, conffile->value);
++#ifdef HAVE_MD5
++ chksum = file_md5sum_alloc(root_filename);
++#else
++ chksum = file_sha256sum_alloc(root_filename);
++#endif
++ if (chksum && (ret = strcmp(chksum, conffile->value))) {
++ opkg_msg(INFO, "Conffile %s:\n\told chk=%s\n\tnew chk=%s\n",
++ conffile->name, chksum, conffile->value);
+ }
+
+ free(root_filename);
+- if (md5sum)
+- free(md5sum);
++ if (chksum)
++ free(chksum);
+
+ return ret;
+ }
+--- a/libopkg/file_util.c
++++ b/libopkg/file_util.c
+@@ -26,7 +26,9 @@
+
+ #include "sprintf_alloc.h"
+ #include "file_util.h"
++#ifdef HAVE_SHA256
+ #include "md5.h"
++#endif
+ #include "libbb/libbb.h"
+
+ #if defined HAVE_SHA256
+@@ -135,6 +137,7 @@
+ return make_directory(path, mode, FILEUTILS_RECUR);
+ }
+
++#ifdef HAVE_MD5
+ char *file_md5sum_alloc(const char *file_name)
+ {
+ static const int md5sum_bin_len = 16;
+@@ -180,6 +183,7 @@
+
+ return md5sum_hex;
+ }
++#endif
+
+ #ifdef HAVE_SHA256
+ char *file_sha256sum_alloc(const char *file_name)
+--- a/libopkg/opkg_install.c
++++ b/libopkg/opkg_install.c
+@@ -1082,7 +1082,7 @@
+ conffile_list_elt_t *iter;
+ conffile_t *cf;
+ char *cf_backup;
+- char *md5sum;
++ char *chksum;
+
+ if (conf->noaction) return 0;
+
+@@ -1093,7 +1093,11 @@
+
+ /* Might need to initialize the md5sum for each conffile */
+ if (cf->value == NULL) {
++#ifdef HAVE_MD5
+ cf->value = file_md5sum_alloc(root_filename);
++#else
++ cf->value = file_sha256sum_alloc(root_filename);
++#endif
+ }
+
+ if (!file_exists(root_filename)) {
+@@ -1105,8 +1109,12 @@
+
+ if (file_exists(cf_backup)) {
+ /* Let's compute md5 to test if files are changed */
+- md5sum = file_md5sum_alloc(cf_backup);
+- if (md5sum && cf->value && strcmp(cf->value,md5sum) != 0 ) {
++#ifdef HAVE_MD5
++ chksum = file_md5sum_alloc(cf_backup);
++#else
++ chksum = file_sha256sum_alloc(cf_backup);
++#endif
++ if (chksum && cf->value && strcmp(cf->value,chksum) != 0 ) {
+ if (conf->force_maintainer) {
+ opkg_msg(NOTICE, "Conffile %s using maintainer's setting.\n",
+ cf_backup);
+@@ -1123,8 +1131,8 @@
+ }
+ }
+ unlink(cf_backup);
+- if (md5sum)
+- free(md5sum);
++ if (chksum)
++ free(chksum);
+ }
+
+ free(cf_backup);
+@@ -1323,6 +1331,7 @@
+ }
+ #endif
+
++#ifdef HAVE_MD5
+ /* Check for md5 values */
+ if (pkg->md5sum)
+ {
+@@ -1346,6 +1355,7 @@
+ if (file_md5)
+ free(file_md5);
+ }
++#endif
+
+ #ifdef HAVE_SHA256
+ /* Check for sha256 value */
+--- a/libopkg/Makefile.am
++++ b/libopkg/Makefile.am
+@@ -25,13 +25,16 @@
+ pkg_src.c pkg_src.h pkg_src_list.c pkg_src_list.h \
+ str_list.c str_list.h void_list.c void_list.h \
+ active_list.c active_list.h list.h
+-opkg_util_sources = file_util.c file_util.h opkg_message.h opkg_message.c md5.c md5.h \
++opkg_util_sources = file_util.c file_util.h opkg_message.h opkg_message.c \
+ parse_util.c parse_util.h \
+ sprintf_alloc.c sprintf_alloc.h \
+ xregex.c xregex.h xsystem.c xsystem.h
+ if HAVE_PATHFINDER
+ opkg_util_sources += opkg_pathfinder.c opkg_pathfinder.h
+ endif
++if HAVE_MD5
++opkg_util_sources += md5.c md5.h
++endif
+ if HAVE_SHA256
+ opkg_util_sources += sha256.c sha256.h
+ endif
+--- a/configure.ac
++++ b/configure.ac
+@@ -72,6 +72,7 @@
+ AC_DEFINE(HAVE_SHA256, 1, [Define if you want sha256 support])
+ fi
+ AM_CONDITIONAL(HAVE_SHA256, test "x$want_sha256" = "xyes")
++AM_CONDITIONAL(HAVE_MD5, test "x$want_sha256" = "xno")
+
+ # check for openssl
+ AC_ARG_ENABLE(openssl,