src/validate.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

#!/bin/sh

validate_checksum () {
    local file=$1
    local checksum=$2
    [ ! -f $file ] && return 1
    [ "$(md5sum $file | awk '{ print $1; }')" = "$checksum" ]
}

validate_sig () {
    local pkg_file=$1
    local info_file=$2
    local keychain

    local sig_encoded=$(sed -rn "s/^SIGNATURE=(.*)/\1/p" $info_file)
    local sig_file="${pkg_file}.sig"

    echo $sig_encoded | tr ' ' '\n' | base64 -d > $sig_file

    for key in ${KEYCHAIN_DIR}/*.pub; do
        ${VERBOSE} && printf "${LIGHT_BLACK}Checking verification against $(basename $key) for $(basename $pkg_file)\n${RESET}"
        openssl dgst -verify $key -signature $sig_file $pkg_file | grep -q "OK" && return 0
    done
    return 1
}


keyimport () {
    local keychain=${SYSROOT}${KEYCHAIN_DIR}
    mkdir -p $keychain
    case "$#" in 
        "2")
            local name=$1
            local url=$2
            
            local keyfile=$keychain/$name.pub
            printf "${BLUE}Importing $name...${GREEN}"
            download_file $keyfile $url && 
                printf "${CHECKMARK}\n" || 
                printf "${RED}Error occured!\n"      
            ;;
        "1")
            local keyname=$1

            # account for a glob input
            set +o noglob
            for key in ${KEYCHAIN_DIR}/$keyname.pub; do 
                name=$(basename -s .pub $key)
                cp $key $keychain
                printf "${GREEN}Imported ${LIGHT_GREEN}$name ${GREEN}to ${SYSROOT}\n" 
            done
            ;;
        *)
            ls $keychain
            ;;
    esac
    set +o noglob
}