diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2016-06-09 15:47:22 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2016-06-09 15:47:22 -0700 |
| commit | 0a15ee8c706fde9faa9fa04af35637dc1e220ae5 (patch) | |
| tree | 005148db73195449f6dc527f0028359f68aa30af /verify-digests.sh | |
| parent | verify-digests: add script to verify DIGESTS on mirrors. (diff) | |
| download | mastermirror-scripts-0a15ee8c706fde9faa9fa04af35637dc1e220ae5.tar.gz mastermirror-scripts-0a15ee8c706fde9faa9fa04af35637dc1e220ae5.tar.bz2 mastermirror-scripts-0a15ee8c706fde9faa9fa04af35637dc1e220ae5.zip | |
verify-digests: also be able to verify specific files easily.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Diffstat (limited to 'verify-digests.sh')
| -rwxr-xr-x | verify-digests.sh | 61 |
1 files changed, 41 insertions, 20 deletions
diff --git a/verify-digests.sh b/verify-digests.sh index be8102e..295e8cc 100755 --- a/verify-digests.sh +++ b/verify-digests.sh @@ -11,12 +11,16 @@ # GPG signatures. # # Usage: -# verify-digests.sh [DIGEST-FILES OR DIRECTORIES ...] +# verify-digests.sh [FILES-OR-DIRECTORIES...] # -# If passed a digest file, it will be checked. -# If passed a directory, it will be searched for digest files and those will be -# checked. -# If passed no arguments, it will act like the directory '.' was passed. +# If passed a digest file: +# - it will be checked. +# If passed a non-digest file: +# - that immediate directory will be checked for all digest files. +# If passed a directory: +# - it and all subdirs will be checked for all digest files. +# If passed no arguments: +# - it will act like the directory '.' was passed. # # Return value: # On success, exits zero. @@ -29,14 +33,15 @@ # - convert coreutils-format to BSD-format transform_digest() { sed -n -r \ - -e '/BEGIN PGP SIGNED MESSAGE/,/^$/d' \ - -e '/BEGIN PGP SIGNATURE/,/END PGP SIGNATURE/{d}' \ - -e 'p' \ + -e '/BEGIN (PGP|GPG) SIGNED MESSAGE/,/^$/d' \ + -e '/BEGIN (PGP|GPG) SIGNATURE/,/END (PGP|GPG) SIGNATURE/{d}' \ + -e 'p' \ | \ awk \ -e '/^# .* HASH$/{hash=$2}' \ -e '/^[[:xdigit:]]+[[:space:]]+.+/{if(hash != ""){printf "%s (%s) = %s\n",hash,$2,$1}}' \ - -e '/^((SHA|MD|RIPEMD)[0-9]+|WHIRLPOOL) \(.*\) = [[:xdigit:]]+/{print $0}' + -e '/^((SHA|MD|RIPEMD)[0-9]+|WHIRLPOOL) \(.*\) = [[:xdigit:]]+/{print $0}' \ + -e '/^((SHA|MD|RIPEMD)[0-9]+|WHIRLPOOL) [[:xdigit:]]+ [^[:space:]]+$/{ printf "%s (%s) = %s\n",$1,$3,$2; }' } # Pass all directory arguments to find @@ -54,16 +59,25 @@ else fi done fi + +# Check if non-dir arguments were digest files or files that you want to get checked +DIGESTS_ARGS2=( ) +for f in "${DIGESTS_ARGS[@]}" ; do + if [[ "${f/DIGEST}" != "$f" ]] || grep -sq -m 1 -e '# MD5 HASH' -e '# SHA[0-9]\+ HASH' -e ') = [0-9a-f]\+' $f; then + DIGESTS_ARGS2+=( "$f" ) + else + d=$( dirname "$f" ) + DIGESTS_FIND2=( ) + readarray -t DIGESTS_FIND2 <<< "$(find "$d" -maxdepth 1 ! -type d \( -name '*.DIGESTS' -o -name '*.DIGESTS.asc' \) |sort | uniq)" + DIGESTS_ARGS2+=( "${DIGESTS_FIND2[@]}" ) + DIGESTS_FIND2=( ) + fi +done if [[ "${#DIGESTS_FIND[@]}" -gt 0 ]]; then - readarray -t DIGESTS_FIND <<< "$(find "${DIGESTS_FIND[@]}" \( -name '*.DIGESTS' -o -name '*.DIGESTS.asc' \) )" + readarray -t DIGESTS_FIND <<< "$(find "${DIGESTS_FIND[@]}" ! -type d \( -name '*.DIGESTS' -o -name '*.DIGESTS.asc' \) |sort | uniq )" fi -DIGESTS=( "${DIGESTS_ARGS[@]}" "${DIGESTS_FIND[@]}" ) - -T=$(date -u +%Y%m%dT%H%M%SZ) -tmp1=$(mktemp --tmpdir) -tmp2=$(mktemp --tmpdir) -failures=$(mktemp --tmpdir gentoo-failures.$T.XXXXXXXXXX) -trap "rm -f $tmp1 $tmp2" SIGINT SIGTERM +# merge all items +DIGESTS=( "${DIGESTS_ARGS2[@]}" "${DIGESTS_FIND[@]}" ) # Prefer signed digests where possible, but sometimes they were in the original # .DIGESTS file, and other times there was a seperate .asc file. @@ -79,6 +93,13 @@ for d in ${DIGESTS2} ; do fi done +# Setup storage for digest conversion & results +T=$(date -u +%Y%m%dT%H%M%SZ) +tmp1=$(mktemp --tmpdir) +tmp2=$(mktemp --tmpdir) +failures=$(mktemp --tmpdir gentoo-failures.$T.XXXXXXXXXX) +trap "rm -f $tmp1 $tmp2" SIGINT SIGTERM + # Now check them failed_digests=() for d in "${DIGESTS[@]}" ; do @@ -98,8 +119,8 @@ for d in "${DIGESTS[@]}" ; do echo "using $h" pushd $(dirname $d) >/dev/null cmd=$(echo ${h}sum | tr '[:upper:]' '[:lower:]') - ionice -c 3 --ignore ${cmd} -c $tmp1 | tee "$tmp2" - rc=${PIPESTATUS[0]} + grep "^$h " $tmp1 | ionice -c 3 --ignore ${cmd} -c - | tee "$tmp2" + rc=${PIPESTATUS[1]} if [ $rc -ne 0 ]; then failed_digests+=("$d") cat "$tmp2" >> "$failures" @@ -119,7 +140,7 @@ if [[ "${#failed_digests[@]}" -eq 0 ]]; then else echo "----" echo "Failures detected in the following DIGESTS:" 1>&2 - for f in "${failures[@]}"; do + for f in "${failed_digests[@]}"; do echo "$f" 1>&2 done echo "----" 1>&2 |