feat: Default file digest algorithm to SHA-256 and allow to override

This change allows to configure the digest algorithm used for files
inside the RPM file. Previously this defaulted to MD5. It is now also
possible to override this.

BREAKING CHANGE: By default, this will now create RPMs with a file
digest algorithm of SHA-256. It is possible to override this back to
MD5.

Closes: ctron#70

src/it/test15-default/verify.groovy

@@ -8,4 +8,5 @@ println "Verify: " + result
 
 def m1 = result =~ /MD5 digest\: OK/
 def m2 = result =~ /Header SHA1 digest\: OK/
-return m1.find() && m2.find()
+def m3 = result =~ /Payload SHA256 digest\: OK/
+return m1.find() && m2.find() && m3.find()

src/it/test15-md5-only/pom.xml

@@ -54,6 +54,7 @@
 							<version>1.0.0</version>
 							<outputFileName>test15.rpm</outputFileName>
 							<signatureConfiguration>md5-only</signatureConfiguration>
+							<fileDigestAlgorithm>MD5</fileDigestAlgorithm>
 
 							<signature>
 								<keyId>${keyId}</keyId>

src/main/java/de/dentrassi/rpm/builder/RpmMojo.java

@@ -62,12 +62,9 @@
 import org.eclipse.packager.rpm.RpmLead;
 import org.eclipse.packager.rpm.RpmTag;
 import org.eclipse.packager.rpm.RpmVersion;
-import org.eclipse.packager.rpm.build.BuilderContext;
-import org.eclipse.packager.rpm.build.BuilderOptions;
-import org.eclipse.packager.rpm.build.RpmBuilder;
+import org.eclipse.packager.rpm.build.*;
 import org.eclipse.packager.rpm.build.RpmBuilder.PackageInformation;
 import org.eclipse.packager.rpm.build.RpmBuilder.Version;
-import org.eclipse.packager.rpm.build.RpmFileNameProvider;
 import org.eclipse.packager.rpm.deps.RpmDependencyFlags;
 import org.eclipse.packager.rpm.signature.RsaHeaderSignatureProcessor;
 import org.eclipse.packager.rpm.signature.RsaSignatureProcessor;
@@ -716,6 +713,24 @@ public void setSignatureConfiguration(final String signatureConfiguration) {
     @Parameter(defaultValue = "${project.build.outputTimestamp}")
     String outputTimestamp;
 
+    /**
+     * Configure the digest algorithm for files.
+     *
+     * <p>
+     * This configures the algorithm which is used to calculate a digest for each file. This information is stored
+     * (per file) in the RPM header section.
+     * </p>
+     *
+     * <p>
+     *     <strong>NOTE:</strong> This used to be <code>MD5</code> in releases before <code>1.10.0</code>. Starting
+     *     with <code>1.10.0</code> this defaults to <code>SHA-256</code> and can be overridden using this setting.
+     * </p>
+     *
+     * @since 1.10.0
+     */
+    @Parameter(defaultValue = "SHA-256")
+    String fileDigestAlgorithm;
+
     private Instant outputTimestampInstant;
 
     @Component(role = SignatureConfiguration.class)
@@ -775,6 +790,7 @@ public void execute() throws MojoExecutionException, MojoFailureException {
         testLeadFlags();
 
         final BuilderOptions options = new BuilderOptions();
+        options.setFileDigestAlgorithm(evalDigestAlgorithm(this.fileDigestAlgorithm));
 
         // setup basic signature processors
 
@@ -848,6 +864,24 @@ public void execute() throws MojoExecutionException, MojoFailureException {
         }
     }
 
+    private DigestAlgorithm evalDigestAlgorithm(String algorithm) throws MojoFailureException {
+        try {
+            // try enum literal name first
+            return DigestAlgorithm.valueOf(algorithm);
+        }
+        catch (IllegalArgumentException ignored) {}
+
+        // try algorithm names next
+        for (DigestAlgorithm a : DigestAlgorithm.values()) {
+            if (a.getAlgorithm().equalsIgnoreCase(algorithm)) {
+                return a;
+            }
+        }
+
+        // fail
+        throw new MojoFailureException(String.format("Unknown file digest algorithm: %s", algorithm));
+    }
+
     private String makeTargetFilename() {
         String outputFileName = this.outputFileName;