1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • [gentoo-dev] [PATCH 0/3] verify-sig.eclass: `openssl dgst` format suppo

    From =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?@21:1/5 to All on Mon Sep 4 04:00:02 2023
    Hi,

    Here's a small patch series that adds support for `opendst dgst` format
    to verify-sig.eclass. This format uses roughly the following syntax:

    HASH-NAME(FILENAME)=CHECKSUM

    Since the function has gotten complex, I'm also adding tests for it,
    and fixing support for "duplicate" hashes. The latter primarily means
    `openssl dgst` files with multiple hashes but also could mean shaXsum
    files with actual duplicate entries.

    This is going to be used for wireshark: https://github.com/gentoo/gentoo/pull/32575

    --
    Best regards,
    Michał Górny


    Michał Górny (3):
    eclass/tests: Add initial tests for verify-sig
    verify-sig.eclass: Support `openssl dgst` format checksums
    verify-sig.eclass: Fix handling multiple/duplicate signatures

    eclass/tests/verify-sig.sh | 94 ++++++++++++++++++++++++++++++++++++++
    eclass/verify-sig.eclass | 56 +++++++++++++++--------
    2 files changed, 131 insertions(+), 19 deletions(-)
    create mode 100755 eclass/tests/verify-sig.sh

    --
    2.42.0

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?@21:1/5 to All on Mon Sep 4 04:00:02 2023
    Signed-off-by: Michał Górny <mgorny@gentoo.org>
    ---
    eclass/tests/verify-sig.sh | 11 +++++++++++
    eclass/verify-sig.eclass | 5 +++--
    2 files changed, 14 insertions(+), 2 deletions(-)

    diff --git a/eclass/tests/verify-sig.sh b/eclass/tests/verify-sig.sh
    index fb7f2cdb2a5d..a87e2c7703d7 100755
    --- a/eclass/tests/verify-sig.sh
    +++ b/eclass/tests/verify-sig.sh
    @@ -57,6 +57,9 @@ cat > checksums.txt <<-EOF || die
    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e empty
    020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec text
    020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec fail
    +
    + # duplicate checksum
    + e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 empty
    EOF

    test_verify_unsigned_checksums sha256
    @@ -70,11 +73,19 @@ eindent
    cat > checksums.txt <<-EOF || die
    junk text that ough
  • From =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?@21:1/5 to All on Mon Sep 4 04:00:02 2023
    Signed-off-by: Michał Górny <mgorny@gentoo.org>
    ---
    eclass/tests/verify-sig.sh | 65 ++++++++++++++++++++++++++++++++++++++
    1 file changed, 65 insertions(+)
    create mode 100755 eclass/tests/verify-sig.sh

    diff --git a/eclass/tests/verify-sig.sh b/eclass/tests/verify-sig.sh
    new file mode 100755
    index 000000000000..fcd2ee7480a2
    --- /dev/null
    +++ b/eclass/tests/verify-sig.sh
    @@ -0,0 +1,65 @@
    +#!/bin/bash
    +# Copyright 2023 Gentoo Authors
    +# Distributed under the terms of the GNU General Public License v2
    +
    +EAPI=8
    +source tests-common.sh || exit
    +
    +inherit verify-sig
    +
    +TMP=$(mktemp -d)
    +trap 'rm -rf "${TMP}"' EXIT
    +cd "${TMP}" || die
    empty || die
    fail || die
    +echo "The quick brown fox jumps over the lazy dog." > text || die
    +
    +testit() {
    + local expect=${1}
    + shift
    +
    + tbegin "${*@Q}"
    + ( "${@}" )
    + [[ ${?} -eq ${expect} ]]
    + tend "${?}"
    +}
    +
    +test_verify_unsigned_checksums() {
    + local format=${1}
    +
    + testit 0 verify-sig_verify_unsigned_checksums checksums.txt "${format}" empty
    + testit 0 verify-sig_verify_unsig