blob: 7087fbad0d3a7d787e5fd11af1e603a3f803b5bb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#!/bin/sh
validate_checksum () {
local file=$1
local checksum=$2
[ ! -f $file ] && return 1
[ "$(sha512sum $file | awk '{ print $1; }')" = "$checksum" ] ||
[ "$(md5sum $file | awk '{ print $1; }')" = "$checksum" ]
# allow md5sum for backwards compatibility
# TODO remove once all repos have sha512 sums
}
validate_sig () {
local pkg_file=$1
local info_file=$2
local keychain
local sig_encoded=$(sed -rn "s/^SIGNATURE=(.*)/\1/p" $info_file)
local sig_file="${pkg_file}.sig"
echo $sig_encoded | tr ' ' '\n' | base64 -d > $sig_file
for key in ${KEYCHAIN_DIR}/*.pub; do
${VERBOSE} && printf "${LIGHT_BLACK}Checking verification against $(basename $key) for $(basename $pkg_file)\n${RESET}"
openssl dgst -verify $key -signature $sig_file $pkg_file | grep -q "OK" && return 0
done
return 1
}
keyimport () {
local keychain=${SYSROOT}${KEYCHAIN_DIR}
mkdir -p $keychain
case "$#" in
"2")
local name=$1
local url=$2
local keyfile=$keychain/$name.pub
printf "${BLUE}Importing $name...${GREEN}"
download_file $keyfile $url &&
printf "${CHECKMARK}\n" ||
printf "${RED}Error occured!\n"
;;
"1")
local keyname=$1
# account for a glob input
set +o noglob
for key in ${KEYCHAIN_DIR}/$keyname.pub; do
name=$(basename -s .pub $key)
cp $key $keychain
printf "${GREEN}Imported ${LIGHT_GREEN}$name ${GREEN}to ${SYSROOT}\n"
done
;;
*)
ls $keychain
;;
esac
set +o noglob
}
validate_files () {
local package=$1
local ret=0
# TODO ensure that all checksums are the same
for file in $(files $package); do
if [ -f "${SYSROOT}$file" ]; then
${VERBOSE} && printf "${GREEN}%s is present\n" $file
else
ret=$((ret+1))
${QUIET} || printf "${RED}%s is missing\n" $file
fi
done
${QUIET} || printf "${RESET}"
return $ret
}
|
