From e239964bacc9d5e73fb7fdb3250deccc43ea6996 Mon Sep 17 00:00:00 2001
From: Fredrik Fornwall <fredrik@fornwall.net>
Date: Wed, 24 Aug 2016 06:34:43 -0400
Subject: [PATCH] Make it possible to specify checksum for src

---
 build-package.sh                  | 43 ++++++++++++++++++++++++---------------
 packages/ca-certificates/build.sh | 20 +++++++++---------
 packages/ldns/build.sh            |  1 +
 packages/less/build.sh            |  1 +
 packages/openssh/build.sh         |  1 +
 packages/openssl/build.sh         |  3 ++-
 6 files changed, 42 insertions(+), 27 deletions(-)

diff --git a/build-package.sh b/build-package.sh
index eb9a59ac..0efbc545 100755
--- a/build-package.sh
+++ b/build-package.sh
@@ -242,6 +242,7 @@ TERMUX_PKG_CACHEDIR=$TERMUX_TOPDIR/$TERMUX_PKG_NAME/cache
 TERMUX_PKG_MASSAGEDIR=$TERMUX_TOPDIR/$TERMUX_PKG_NAME/massage
 TERMUX_PKG_PACKAGEDIR=$TERMUX_TOPDIR/$TERMUX_PKG_NAME/package
 TERMUX_PKG_SRCDIR=$TERMUX_TOPDIR/$TERMUX_PKG_NAME/src
+TERMUX_PKG_SHA256=""
 TERMUX_PKG_TMPDIR=$TERMUX_TOPDIR/$TERMUX_PKG_NAME/tmp
 TERMUX_PKG_HOSTBUILD_DIR=$TERMUX_TOPDIR/$TERMUX_PKG_NAME/host-build
 TERMUX_PKG_PLATFORM_INDEPENDENT=""
@@ -298,21 +299,30 @@ echo $TERMUX_ARCH > $TERMUX_ARCH_FILE
 mkdir -p $TERMUX_PKG_BUILDDIR $TERMUX_PKG_PACKAGEDIR $TERMUX_PKG_TMPDIR $TERMUX_PKG_CACHEDIR $TERMUX_PKG_MASSAGEDIR $PKG_CONFIG_LIBDIR $TERMUX_PREFIX/{bin,etc,lib,libexec,share,tmp,include}
 
 termux_download() {
-        URL="$1"
-        DESTINATION="$2"
-
-        TMPFILE=`mktemp $TERMUX_PKG_TMPDIR/download.XXXXXXXXX`
-        for i in 1 2 3 4 5 6; do
-                if curl -L --fail --retry 2 -o "$TMPFILE" "$URL"; then
-                        mv "$TMPFILE" "$DESTINATION"
-                        return
-                else
-                        echo "Download of $1 failed (attempt $i/3)" 1>&2
-                        sleep 45
-                fi
-        done
-        echo "Failed to download $1 - exiting" 1>&2
-        exit 1
+	URL="$1"
+	DESTINATION="$2"
+
+	TMPFILE=`mktemp $TERMUX_PKG_TMPDIR/download.$TERMUX_PKG_NAME.XXXXXXXXX`
+	echo "Downloading ${URL}"
+	for i in 1 2 3 4 5 6; do
+		if curl -L --fail --retry 2 -o "$TMPFILE" "$URL"; then
+			if [ $# = 3 ]; then
+				# Optional checksum argument:
+				echo $3  "$TMPFILE" | sha256sum --check --strict --quiet
+			else
+				echo "Note: No checksum of file"
+				sha256sum $TMPFILE
+			fi
+			mv "$TMPFILE" "$DESTINATION"
+			return
+		else
+			echo "Download of $1 failed (attempt $i/3)" 1>&2
+			sleep 45
+		fi
+	done
+
+	echo "Failed to download $1 - exiting" 1>&2
+	exit 1
 }
 
 # Get fresh versions of config.sub and config.guess
@@ -378,7 +388,8 @@ termux_step_extract_package () {
 	cd $TERMUX_PKG_TMPDIR
 	filename=`basename $TERMUX_PKG_SRCURL`
 	file=$TERMUX_PKG_CACHEDIR/$filename
-	test ! -f $file && termux_download $TERMUX_PKG_SRCURL $file
+	test ! -f $file && termux_download $TERMUX_PKG_SRCURL $file $TERMUX_PKG_SHA256
+
 	if [ "x$TERMUX_PKG_FOLDERNAME" = "x" ]; then
 		folder=`basename $filename .tar.bz2` && folder=`basename $folder .tar.gz` && folder=`basename $folder .tar.xz` && folder=`basename $folder .tar.lz` && folder=`basename $folder .tgz` && folder=`basename $folder .zip`
 		folder=`echo $folder | sed 's/_/-/'` # dpkg uses _ in tar filename, but - in folder
diff --git a/packages/ca-certificates/build.sh b/packages/ca-certificates/build.sh
index 7c5ccd2c..3fa4dc27 100644
--- a/packages/ca-certificates/build.sh
+++ b/packages/ca-certificates/build.sh
@@ -4,14 +4,14 @@ TERMUX_PKG_VERSION=20160429
 TERMUX_PKG_PLATFORM_INDEPENDENT=yes
 
 termux_step_make_install () {
-	CERTFILE=$TERMUX_PKG_TMPDIR/cert.pem
-	termux_download https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt $CERTFILE
-	if grep -q 'SHA1: 5df367cda83086392e1acdf22bfef00c48d5eba6' $CERTFILE; then
-		CERT_DIR=$TERMUX_PREFIX/etc/tls
-		mkdir -p $CERT_DIR
-		mv $CERTFILE $CERT_DIR/cert.pem
-	else
-		echo "Have https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt been updated?"
-		exit 1
-	fi
+	local CERTDIR=$TERMUX_PREFIX/etc/tls
+	local CERTFILE=$CERTDIR/cert.pem
+	# If the checksum has changed, it may be time to update the package version..
+	local CERTFILE_SHA256=40f7c492be077f486df440b2497d2f68ae796619c57c1d32b82db18db853fb15
+
+	mkdir -p $CERTDIR
+
+	termux_download https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt \
+		$CERTFILE \
+		$CERTFILE_SHA256
 }
diff --git a/packages/ldns/build.sh b/packages/ldns/build.sh
index 63b390ea..25d15c25 100755
--- a/packages/ldns/build.sh
+++ b/packages/ldns/build.sh
@@ -3,5 +3,6 @@ TERMUX_PKG_DESCRIPTION="Library for simplifying DNS programming and supporting r
 TERMUX_PKG_DEPENDS="openssl"
 TERMUX_PKG_VERSION=1.6.17
 TERMUX_PKG_SRCURL=http://www.nlnetlabs.nl/downloads/ldns/ldns-${TERMUX_PKG_VERSION}.tar.gz
+TERMUX_PKG_SHA256=8b88e059452118e8949a2752a55ce59bc71fa5bc414103e17f5b6b06f9bcc8cd
 TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--with-ssl=$TERMUX_PREFIX"
 TERMUX_PKG_RM_AFTER_INSTALL="bin/ldns-config share/man/man1/ldns-config.1"
diff --git a/packages/less/build.sh b/packages/less/build.sh
index bad59580..8920c665 100755
--- a/packages/less/build.sh
+++ b/packages/less/build.sh
@@ -3,3 +3,4 @@ TERMUX_PKG_DESCRIPTION="Terminal pager program used to view the contents of a te
 TERMUX_PKG_DEPENDS="ncurses"
 TERMUX_PKG_VERSION=481
 TERMUX_PKG_SRCURL=http://www.greenwoodsoftware.com/less/less-${TERMUX_PKG_VERSION}.tar.gz
+TERMUX_PKG_SHA256=3fa38f2cf5e9e040bb44fffaa6c76a84506e379e47f5a04686ab78102090dda5
diff --git a/packages/openssh/build.sh b/packages/openssh/build.sh
index 2a8998a3..90002ace 100755
--- a/packages/openssh/build.sh
+++ b/packages/openssh/build.sh
@@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=http://www.openssh.com/
 TERMUX_PKG_DESCRIPTION="Secure shell for logging into a remote machine"
 TERMUX_PKG_VERSION=7.3p1
 TERMUX_PKG_SRCURL=http://mirrors.mit.edu/pub/OpenBSD/OpenSSH/portable/openssh-${TERMUX_PKG_VERSION}.tar.gz
+TERMUX_PKG_SHA256=3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc
 TERMUX_PKG_DEPENDS="libandroid-support, ldns, openssl"
 # --disable-strip to prevent host "install" command to use "-s", which won't work for target binaries:
 TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--with-cflags=-Dfd_mask=int --with-ldns --disable-etc-default-login --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-libutil --disable-pututline --disable-pututxline --without-stackprotect --with-pid-dir=$TERMUX_PREFIX/var/run --disable-strip --sysconfdir=$TERMUX_PREFIX/etc/ssh --without-ssh1"
diff --git a/packages/openssl/build.sh b/packages/openssl/build.sh
index 3f561010..73b73fbf 100755
--- a/packages/openssl/build.sh
+++ b/packages/openssl/build.sh
@@ -3,7 +3,8 @@ TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well a
 TERMUX_PKG_DEPENDS="ca-certificates"
 TERMUX_PKG_VERSION=1.0.2h
 TERMUX_PKG_BUILD_REVISION=1
-TERMUX_PKG_SRCURL="http://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION}.tar.gz"
+TERMUX_PKG_SRCURL=https://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION}.tar.gz
+TERMUX_PKG_SHA256=1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
 TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/ssl/misc"
 TERMUX_PKG_BUILD_IN_SRC=yes
 
-- 
2.11.0