commit: 89076704440410a8f87d8278363051856a91f88e Author: Michał Górny <mgorny <AT> gentoo <DOT> org> AuthorDate: Sun Sep 3 15:02:22 2023 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Thu Sep 14 05:30:11 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89076704
verify-sig.eclass: Fix handling multiple/duplicate signatures Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> eclass/tests/verify-sig.sh | 11 +++++++++++ eclass/verify-sig.eclass | 5 +++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/eclass/tests/verify-sig.sh b/eclass/tests/verify-sig.sh index fb7f2cdb2a5d..a87e2c7703d7 100755 --- a/eclass/tests/verify-sig.sh +++ b/eclass/tests/verify-sig.sh @@ -57,6 +57,9 @@ cat > checksums.txt <<-EOF || die cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e empty 020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec text 020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec fail + + # duplicate checksum + e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 empty EOF test_verify_unsigned_checksums sha256 @@ -70,11 +73,19 @@ eindent cat > checksums.txt <<-EOF || die junk text that ought to be ignored + SHA1(empty)=da39a3ee5e6b4b0d3255bfef95601890afd80709 + SHA1(text)= 9c04cd6372077e9b11f70ca111c9807dc7137e4b + SHA1(fail)=9c04cd6372077e9b11f70ca111c9807dc7137e4b + SHA256(empty)=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SHA256(text)= b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380 SHA256(fail)=b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380 SHA256(annoying ( filename )= yes )= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + + SHA512(empty)=cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e + SHA512(text)= 020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec + SHA512(fail)=020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec EOF test_verify_unsigned_checksums openssl-dgst diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index 815299b419ed..010361bfbc98 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -252,6 +252,7 @@ verify-sig_verify_unsigned_checksums() { [[ ${checksum_file} == - ]] && checksum_file=/dev/stdin local line checksum filename junk ret=0 count=0 + local -A verified while read -r line; do if [[ ${line} == "-----BEGIN"* ]]; then die "${FUNCNAME}: PGP armor found, use verify-sig_verify_signed_checksums instead" @@ -278,7 +279,7 @@ verify-sig_verify_unsigned_checksums() { fi if "${algo,,}sum" -c --strict - <<<"${checksum} ${filename}"; then - (( count++ )) + verified["${filename}"]=1 else ret=1 fi @@ -286,7 +287,7 @@ verify-sig_verify_unsigned_checksums() { [[ ${ret} -eq 0 ]] || die "${FUNCNAME}: at least one file did not verify successfully" - [[ ${count} -eq ${#files[@]} ]] || + [[ ${#verified[@]} -eq ${#files[@]} ]] || die "${FUNCNAME}: checksums for some of the specified files were missing" }