diff --git a/bootstrap_sdk b/bootstrap_sdk index 747ddeb1c3..197ad47105 100755 --- a/bootstrap_sdk +++ b/bootstrap_sdk @@ -78,17 +78,7 @@ if [[ "$STAGES" =~ stage4 ]]; then "$BUILDS/${build_name}.DIGESTS" > "$BUILDS/${release_name}.DIGESTS" # Validate we didn't break the DIGESTS with sed - for hash_type in md5 sha1 sha512; do - info "Validating ${hash_type} DIGESTS" - # shash is what's used to generate these multi-hash digests but it - # doesn't exit with non-zero on failure. I mean seriously... - #shash -c "$BUILDS/${release_name}.DIGESTS" -a "${hash_type}" - # So we do it the hard way... - grep -qi "^# ${hash_type} HASH$" "$BUILDS/${release_name}.DIGESTS" - (cd "$BUILDS" && grep -A1 -i "^# ${hash_type} HASH$" \ - "${release_name}.DIGESTS" | grep -v '^--$' | \ - ${hash_type}sum -c - --strict) - done + verify_digests "$BUILDS/${release_name}" "$BUILDS/${release_name}.CONTENTS" info "SDK ready: $BUILDS/${release_name}" diff --git a/build_library/release_util.sh b/build_library/release_util.sh index 8ca5fd7589..fad1936cfd 100644 --- a/build_library/release_util.sh +++ b/build_library/release_util.sh @@ -85,23 +85,6 @@ upload_packages() { upload_files packages ${def_upload_path} "pkgs/" "${board_packages}"/* } -make_digests() { - local dirname=$(dirname "$1") - local basename=$(basename "$1") - - cd "${dirname}" - echo -n > "${basename}.DIGESTS" - for filename in "$@"; do - filename=$(basename "$filename") - info "Computing DIGESTS for ${filename}" - for hash in md5 sha1 sha512; do - echo "# $hash HASH" | tr "a-z" "A-Z" >> "${basename}.DIGESTS" - ${hash}sum "${filename}" >> "${basename}.DIGESTS" - done - done - cd - -} - # Upload a image along with optional supporting files # The image file must be the first argument upload_image() { diff --git a/common.sh b/common.sh index 0e6242a72a..e398350011 100644 --- a/common.sh +++ b/common.sh @@ -746,6 +746,50 @@ enable_rw_mount() { conv=notrunc count=1 bs=1 } +# Generate a DIGESTS file, as normally used by Gentoo. +# This is an alternative to shash which doesn't know how to report errors. +# Usage: make_digests file1 [file2...] +# Output: file1.DIGESTS +# Any extra files be hashed and listed in file1.DIGESTS +_digest_types="md5 sha1 sha512" +make_digests() { + local dirname=$(dirname "$1") + local basename=$(basename "$1") + + pushd "${dirname}" >/dev/null + echo -n > "${basename}.DIGESTS" + for filename in "$@"; do + filename=$(basename "$filename") + info "Computing DIGESTS for ${filename}" + for hash_type in $_digest_types; do + echo "# $hash_type HASH" | tr "a-z" "A-Z" >> "${basename}.DIGESTS" + ${hash_type}sum "${filename}" >> "${basename}.DIGESTS" + done + done + popd >/dev/null +} + +# Validate a DIGESTS file. Essentially the inverse of make_digests. +# Usage: verify_digests file1 [file2...] +# Checks the hash of all given files using file1.DIGESTS +verify_digests() { + local dirname=$(dirname "$1") + local basename=$(basename "$1") + + pushd "${dirname}" >/dev/null + for filename in "$@"; do + filename=$(basename "$filename") + info "Validating DIGESTS for ${filename}" + for hash_type in $_digest_types; do + grep -A1 -i "^# ${hash_type} HASH$" "${basename}.DIGESTS" | \ + grep "$filename$" | ${hash_type}sum -c - --strict || return 1 + # Also check that none of the greps failed in the above pipeline + [[ -z ${PIPESTATUS[*]#0} ]] || return 1 + done + done + popd >/dev/null +} + # Get current timestamp. Assumes common.sh runs at startup. start_time=$(date +%s)