--- get_sources.sh | 50 ++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 40 insertions(+), 10 deletions(-)

diff --git a/get_sources.sh b/get_sources.sh index 33ef1aa..210d9ad 100755 --- a/get_sources.sh +++ b/get_sources.sh @@ -7,6 +7,7 @@ # Updates: # Mike McLean mikem@redhat.com # Pat Riehecky riehecky@fnal.gov +# Tyler Parsons tparsons@fnal.gov

##################################################################### @@ -112,13 +113,28 @@ if [[ $? -ne 0 ]]; then exit 1 fi

-if [[ ${CHECK} -eq 1 ]]; then - which sha1sum >/dev/null 2>&1 - if [[ $? -ne 0 ]]; then - echo 'You need sha1sum in PATH' >&2 - exit 1 - fi -fi +# should go into a function section at some point +weakHashDetection () { + strHash=${1}; + case $((`echo ${strHash}|wc -m` - 1 )) in + 128) + hashBin='sha512sum' + ;; + 64) + hashBin='sha256sum' + ;; + 40) + hashBin='sha1sum' + ;; + 32) + hashBin='md5sum' + ;; + *) + hashBin='unknown' + ;; + esac + echo ${hashBin}; +}

# check metadata file and extract package name shopt -s nullglob @@ -171,6 +187,19 @@ while read -r fsha fname ; do # zero byte file touch ${fname} else + if [ ${CHECK} -eq 1 ]; then + hashType=$(weakHashDetection ${fsha}) + if [ "${hashType}" == "unknown" ]; then + echo 'Failure: Hash type unknown.' >&2 + exit 1; + else + which ${hashType} >/dev/null 2>&1 + if [[ $? -ne 0 ]]; then + echo "Failure: You need ${hashType} in PATH." >&2 + exit 1; + fi + fi + fi if [ ! -e "${fname}" ]; then for br in "${branches[@]}" do @@ -181,10 +210,11 @@ while read -r fsha fname ; do echo "${fname} exists. skipping" fi if [ ${CHECK} -eq 1 ]; then - downsum=$(sha1sum ${fname} | awk '{print $1}') - if [ ${fsha} != ${downsum} ]; then + downsum=$(${hashType} ${fname} | awk '{print $1}') + if [ "${fsha}" != "${downsum}" ]; then rm -f ${fname} - echo "failed to download ${fname}" >&2 + echo "Failure: ${fname} hash does not match hash from the .metadata file" >&2 + exit 1; fi fi fi