[CentOS-devel] [PATCH] Allow get_sources.sh hash verification to work with hashes other than sha1
Tyler Parsons
tparsons at fnal.gov
Thu Jun 26 20:58:06 UTC 2014
---
get_sources.sh | 50 ++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 40 insertions(+), 10 deletions(-)
diff --git a/get_sources.sh b/get_sources.sh
index 33ef1aa..210d9ad 100755
--- a/get_sources.sh
+++ b/get_sources.sh
@@ -7,6 +7,7 @@
# Updates:
# Mike McLean <mikem at redhat.com>
# Pat Riehecky <riehecky at fnal.gov>
+# Tyler Parsons <tparsons at fnal.gov>
#####################################################################
@@ -112,13 +113,28 @@ if [[ $? -ne 0 ]]; then
exit 1
fi
-if [[ ${CHECK} -eq 1 ]]; then
- which sha1sum >/dev/null 2>&1
- if [[ $? -ne 0 ]]; then
- echo 'You need sha1sum in PATH' >&2
- exit 1
- fi
-fi
+# should go into a function section at some point
+weakHashDetection () {
+ strHash=${1};
+ case $((`echo ${strHash}|wc -m` - 1 )) in
+ 128)
+ hashBin='sha512sum'
+ ;;
+ 64)
+ hashBin='sha256sum'
+ ;;
+ 40)
+ hashBin='sha1sum'
+ ;;
+ 32)
+ hashBin='md5sum'
+ ;;
+ *)
+ hashBin='unknown'
+ ;;
+ esac
+ echo ${hashBin};
+}
# check metadata file and extract package name
shopt -s nullglob
@@ -171,6 +187,19 @@ while read -r fsha fname ; do
# zero byte file
touch ${fname}
else
+ if [ ${CHECK} -eq 1 ]; then
+ hashType=$(weakHashDetection ${fsha})
+ if [ "${hashType}" == "unknown" ]; then
+ echo 'Failure: Hash type unknown.' >&2
+ exit 1;
+ else
+ which ${hashType} >/dev/null 2>&1
+ if [[ $? -ne 0 ]]; then
+ echo "Failure: You need ${hashType} in PATH." >&2
+ exit 1;
+ fi
+ fi
+ fi
if [ ! -e "${fname}" ]; then
for br in "${branches[@]}"
do
@@ -181,10 +210,11 @@ while read -r fsha fname ; do
echo "${fname} exists. skipping"
fi
if [ ${CHECK} -eq 1 ]; then
- downsum=$(sha1sum ${fname} | awk '{print $1}')
- if [ ${fsha} != ${downsum} ]; then
+ downsum=$(${hashType} ${fname} | awk '{print $1}')
+ if [ "${fsha}" != "${downsum}" ]; then
rm -f ${fname}
- echo "failed to download ${fname}" >&2
+ echo "Failure: ${fname} hash does not match hash from the .metadata file" >&2
+ exit 1;
fi
fi
fi
--
1.8.4
More information about the CentOS-devel
mailing list