diff options
| author | Werner Koch <wk@gnupg.org> | 2024-02-29 15:35:27 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2024-02-29 15:35:27 +0100 |
| commit | 233bf39323ef48b362488175bb655c4020ce2d39 (patch) | |
| tree | a95c97acf1f0e8073d46da1f270ea65b24adadca | |
| parent | build: Make getswdb.sh usable outside the GniPG tree. (diff) | |
| download | gnupg2-233bf39323ef48b362488175bb655c4020ce2d39.tar.xz gnupg2-233bf39323ef48b362488175bb655c4020ce2d39.zip | |
build: Extend getswdb.sh to allow a verified download
--
| -rwxr-xr-x | build-aux/getswdb.sh | 96 |
1 files changed, 92 insertions, 4 deletions
diff --git a/build-aux/getswdb.sh b/build-aux/getswdb.sh index 6ec931c25..0b97f0de5 100755 --- a/build-aux/getswdb.sh +++ b/build-aux/getswdb.sh @@ -28,9 +28,12 @@ cvtver () { usage() { cat <<EOF -Usage: $(basename $0) [OPTIONS] +Usage: $(basename $0) [OPTIONS] [packages] Get the online version of the GnuPG software version database +and optionally download packages and verify their signatures. + Options: + --info Print only infos about packages --skip-download Assume download has already been done. --skip-verify Do not check signatures --skip-selfcheck Do not check GnuPG version @@ -38,6 +41,11 @@ Options: --find-sha1sum Print the name of the sha1sum utility --find-sha256sum Print the name of the sha256sum utility --help Print this help. + +Example: + + getswdb.sh gnupg24 gpgme libksba libassuan + EOF exit $1 } @@ -50,6 +58,9 @@ skip_verify=no skip_selfcheck=no find_sha1sum=no find_sha256sum=no +info_mode=no +packages= +die=no while test $# -gt 0; do case "$1" in # Set up `optarg'. @@ -80,13 +91,20 @@ while test $# -gt 0; do --find-sha256sum) find_sha256sum=yes ;; - *) + --info) + info_mode=yes + ;; + --*) usage 1 1>&2 ;; + *) + packages="$packages $1" + ;; esac shift done + # Mac OSX has only a shasum and not sha1sum if [ ${find_sha1sum} = yes ]; then for i in sha1sum shasum ; do @@ -186,10 +204,10 @@ else fi fi if [ $skip_verify = no ]; then - if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then + if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst 2>/dev/null; then echo "list of software versions is not valid!" >&2 exit 1 - fi + fi fi # @@ -210,3 +228,73 @@ if [ $skip_selfcheck = no ]; then exit 1 fi fi + + +# Download a package and check its signature. +download_pkg () { + local url="$1" + local file="${url##*/}" + + if ! $WGET -q -O - "$url" >"${file}.tmp" ; then + echo "download of $file failed." >&2 + [ -f "${file}.tmp" ] && rm "${file}.tmp" + return 1 + fi + if [ $skip_verify = no ]; then + if ! $WGET -q -O - "${url}.sig" >"${file}.tmpsig" ; then + echo "download of $file.sig failed." >&2 + [ -f "${file}.tmpsig" ] && rm "${file}.tmpsig" + return 1 + fi + if ! $GPGV -q --keyring "$distsigkey" \ + "${file}.tmpsig" "${file}.tmp" 2>/dev/null; then + echo "signature of $file is not valid!" >&2 + return 1 + fi + mv "${file}.tmpsig" "${file}.sig" + else + [ -f "${file}.sig" ] && rm "${file}.sig" + fi + mv "${file}.tmp" "${file}" + return 0 +} + + + +baseurl=$(awk '$1=="gpgorg_base" {print $2; exit 0}' swdb.lst) +for p in $packages; do + pver=$(awk '$1=="'"$p"'_ver" {print $2}' swdb.lst) + if [ -z "$pver" ]; then + echo "package '$p' not found" >&2 + die=yes + else + pdir=$(awk '$1=="'"$p"'_dir" {print $2":"$3":"$4}' swdb.lst) + if [ -n "$pdir" ]; then + psuf=$(echo "$pdir" | cut -d: -f3) + pname=$(echo "$pdir" | cut -d: -f2) + pdir=$(echo "$pdir" | cut -d: -f1) + else + psuf= + pdir="$p" + pname="$p" + fi + if [ -z "$psuf" ]; then + psuf=$(awk 'BEGIN {suf="bz2"}; + $1=="'"$p"'_sha1_gz" {suf="gz"; exit 0}; + $1=="'"$p"'_sha1_xz" {suf"xz"; exit 0}; + END {print suf}' swdb.lst) + fi + pfullname="$pname-$pver.tar.$psuf" + if [ $info_mode = yes ]; then + echo "$baseurl/$pdir/$pfullname" + else + echo "downloading $pfullname" + download_pkg "$baseurl/$pdir/$pfullname" || die=yes + fi + fi +done +if [ $die = yes ]; then + echo "errors found!" >&2 + exit 1 +fi +exit 0 |