Skip to content

Commit

Permalink
verify-sig.eclass: Fix handling multiple/duplicate signatures
Browse files Browse the repository at this point in the history 
Signed-off-by: Michał Górny <[email protected]>
  • Loading branch information
@mgorny
mgorny committed Sep 14, 2023
1 parent e111329 commit 8907670
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
11 changes: 11 additions & 0 deletions eclass/tests/verify-sig.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ cat > checksums.txt <<-EOF || die
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e empty
020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec text
020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec fail
# duplicate checksum
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 empty
EOF

test_verify_unsigned_checksums sha256
Expand All @@ -70,11 +73,19 @@ eindent
cat > checksums.txt <<-EOF || die
junk text that ought to be ignored
SHA1(empty)=da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA1(text)= 9c04cd6372077e9b11f70ca111c9807dc7137e4b
SHA1(fail)=9c04cd6372077e9b11f70ca111c9807dc7137e4b
SHA256(empty)=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256(text)= b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380
SHA256(fail)=b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380
SHA256(annoying ( filename )= yes )= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512(empty)=cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
SHA512(text)= 020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec
SHA512(fail)=020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec
EOF

test_verify_unsigned_checksums openssl-dgst
Expand Down
5 changes: 3 additions & 2 deletions eclass/verify-sig.eclass
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,7 @@ verify-sig_verify_unsigned_checksums() {

[[ ${checksum_file} == - ]] && checksum_file=/dev/stdin
local line checksum filename junk ret=0 count=0
local -A verified
while read -r line; do
if [[ ${line} == "-----BEGIN"* ]]; then
die "${FUNCNAME}: PGP armor found, use verify-sig_verify_signed_checksums instead"
Expand All @@ -278,15 +279,15 @@ verify-sig_verify_unsigned_checksums() {
fi

if "${algo,,}sum" -c --strict - <<<"${checksum} ${filename}"; then
(( count++ ))
verified["${filename}"]=1
else
ret=1
fi
done < "${checksum_file}"

[[ ${ret} -eq 0 ]] ||
die "${FUNCNAME}: at least one file did not verify successfully"
[[ ${count} -eq ${#files[@]} ]] ||
[[ ${#verified[@]} -eq ${#files[@]} ]] ||
die "${FUNCNAME}: checksums for some of the specified files were missing"
}

Expand Down

0 comments on commit 8907670

Please sign in to comment.