From 310bf878fcdebbb34c4d68afa37e338c2ad34499 Mon Sep 17 00:00:00 2001
From: Allan McRae <allan@archlinux.org>
Date: Tue, 22 Nov 2022 18:17:56 +1000
Subject: [PATCH] repo-add: do not add md5sums to the repo dbs

Keeping md5sums in the repo databases no longer serves a real purpose.
md5sums are no longer considered  secure, and we already have sha256sums
in the repos (along with PGP verification).

Signed-off-by: Allan McRae <allan@archlinux.org>
---
 scripts/repo-add.sh.in | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 598698e3..62010ddc 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -209,7 +209,7 @@ db_write_entry() {
 	local -a _groups _licenses _replaces _depends _conflicts _provides \
 		_optdepends _makedepends _checkdepends
 	local pkgname pkgbase pkgver pkgdesc csize size url arch builddate packager \
-		md5sum sha256sum pgpsig pgpsigsize
+		sha256sum pgpsig pgpsigsize
 
 	# read info from the zipped package
 	local line var val
@@ -280,8 +280,6 @@ db_write_entry() {
 
 	# compute checksums
 	msg2 "$(gettext "Computing checksums...")"
-	md5sum=$(md5sum "$pkgfile")
-	md5sum=${md5sum%% *}
 	sha256sum=$(sha256sum "$pkgfile")
 	sha256sum=${sha256sum%% *}
 
@@ -306,7 +304,6 @@ db_write_entry() {
 		format_entry "ISIZE"     "$size"
 
 		# add checksums
-		format_entry "MD5SUM"    "$md5sum"
 		format_entry "SHA256SUM" "$sha256sum"
 
 		# add PGP sig