From 86416b25b3593e3b413a2012c5190f5e39593187 Mon Sep 17 00:00:00 2001 From: Evangelos Foutras Date: Fri, 25 Sep 2009 11:02:32 +0300 Subject: Move package verification into a separate function Also switch to openssl and sha1 checksums. Signed-off-by: Aaron Griffin --- commitpkg | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/commitpkg b/commitpkg index 7221825..7fb54dc 100755 --- a/commitpkg +++ b/commitpkg @@ -5,6 +5,18 @@ abort() { exit 1 } +# Verify that a remote file exists and is identical to a local one +# Usage: package_verify +package_verify() { + local remote_checksum=$(ssh $2 openssl sha1 "'$3'" 2>/dev/null | + grep -o '[0-9a-f]\{40\}$') + local local_checksum=$(openssl sha1 "$1" | grep -o '[0-9a-f]\{40\}$') + if [ -n "$remote_checksum" -a "$remote_checksum" == "$local_checksum" ]; then + return 0 + fi + return 1 +} + # Source makepkg.conf; fail if it is not found if [ -r "/etc/makepkg.conf" ]; then source "/etc/makepkg.conf" @@ -71,10 +83,10 @@ for CARCH in ${arch[@]}; do # combine what we know into a variable uploadto="staging/${repo}/$(basename ${pkgfile})" # don't re-upload the same package (useful for -any sub packages) - if [ "$(md5sum "${pkgfile}" | cut -d' ' -f1)" != "$(ssh ${server} md5sum "${uploadto}" | cut -d' ' -f1)" ]; then + if ! package_verify "${pkgfile}" ${server} "${uploadto}"; then scp ${scpopts} "${pkgfile}" "${server}:${uploadto}" || abort fi - if [ "$(md5sum "${pkgfile}" | cut -d' ' -f1)" != "$(ssh ${server} md5sum "${uploadto}" | cut -d' ' -f1)" ]; then + if ! package_verify "${pkgfile}" ${server} "${uploadto}"; then abort "File got corrupted during upload, cancelled." else echo "File integrity okay." -- cgit v1.2.3-70-g09d2