[CentOS-devel] [PATCH] Allow get_sources.sh hash verification to work with hashes other than sha1

Thu Jun 26 20:58:06 UTC 2014
Tyler Parsons <tparsons at fnal.gov>

---
 get_sources.sh | 50 ++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 40 insertions(+), 10 deletions(-)

diff --git a/get_sources.sh b/get_sources.sh
index 33ef1aa..210d9ad 100755
--- a/get_sources.sh
+++ b/get_sources.sh
@@ -7,6 +7,7 @@
 #         Updates:
 #                  Mike McLean <mikem at redhat.com>
 #                  Pat Riehecky <riehecky at fnal.gov>
+#                  Tyler Parsons <tparsons at fnal.gov>
 
 
 #####################################################################
@@ -112,13 +113,28 @@ if [[ $? -ne 0 ]]; then
     exit 1
 fi
 
-if [[ ${CHECK} -eq 1 ]]; then
-    which sha1sum >/dev/null 2>&1
-    if [[ $? -ne 0 ]]; then
-        echo 'You need sha1sum in PATH' >&2
-        exit 1
-    fi
-fi
+# should go into a function section at some point
+weakHashDetection () {
+  strHash=${1};
+  case $((`echo ${strHash}|wc -m` - 1 )) in
+    128)
+      hashBin='sha512sum'
+      ;;
+    64)
+      hashBin='sha256sum'
+      ;;
+    40)
+      hashBin='sha1sum'
+      ;;
+    32)
+      hashBin='md5sum'
+      ;;
+    *)
+      hashBin='unknown'
+      ;;
+  esac
+  echo ${hashBin};
+}
 
 # check metadata file and extract package name
 shopt -s nullglob
@@ -171,6 +187,19 @@ while read -r fsha fname ; do
     # zero byte file
     touch ${fname}
   else
+    if [ ${CHECK} -eq 1 ]; then
+      hashType=$(weakHashDetection ${fsha})
+      if [ "${hashType}" == "unknown" ]; then
+        echo 'Failure: Hash type unknown.' >&2
+        exit 1;
+      else
+        which ${hashType} >/dev/null 2>&1
+        if [[ $? -ne 0 ]]; then
+          echo "Failure: You need ${hashType} in PATH." >&2
+          exit 1;
+        fi
+      fi
+    fi
     if [ ! -e "${fname}" ]; then
       for br in "${branches[@]}"
       do
@@ -181,10 +210,11 @@ while read -r fsha fname ; do
       echo "${fname} exists. skipping"
     fi
     if [ ${CHECK} -eq 1 ]; then
-        downsum=$(sha1sum ${fname} | awk '{print $1}')
-        if [ ${fsha} != ${downsum} ]; then
+        downsum=$(${hashType} ${fname} | awk '{print $1}')
+        if [ "${fsha}" != "${downsum}" ]; then
             rm -f ${fname}
-            echo "failed to download ${fname}" >&2
+            echo "Failure: ${fname} hash does not match hash from the .metadata file" >&2
+            exit 1;
         fi
     fi
   fi
-- 
1.8.4