diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2023-06-29 22:18:58 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2023-06-29 22:18:58 -0700 |
| commit | 6dd35cefc5fcaf0662708b5952038bce528979ff (patch) | |
| tree | a65119090f4992e3edc76bd62ef6de2797a51e1d | |
| parent | keyrings-export.bash: fixup export (diff) | |
| download | qa-scripts-6dd35cefc5fcaf0662708b5952038bce528979ff.tar.gz qa-scripts-6dd35cefc5fcaf0662708b5952038bce528979ff.tar.bz2 qa-scripts-6dd35cefc5fcaf0662708b5952038bce528979ff.zip | |
keyrings.inc.bash: ensure there is a checksum to verify the download for corruption (integrity only, not authenticity)
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
| -rw-r--r-- | keyrings.inc.bash | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/keyrings.inc.bash b/keyrings.inc.bash index cc89de0..32fc03f 100644 --- a/keyrings.inc.bash +++ b/keyrings.inc.bash @@ -96,7 +96,8 @@ export_keys() { DST="$1" shift setup_tmp - TMP="${GPG_TMPDIR}"/$(basename "${DST}") + BASENAME=$(basename "${DST}") + TMP="${GPG_TMPDIR}/${BASENAME}" # Must not exist, otherwise GPG will give error [[ -f "${TMP}" ]] && rm -f "${TMP}" # 'gpg --export' returns zero if there was no error with the command itself @@ -116,12 +117,17 @@ export_keys() { echo "Unable to export keys to $DST: GPG failed to list packets" exit 1 fi + + # Ensure we have a checksum to verify the file. + rhash --bsd --sha256 --sha512 --blake2b "${TMP}" |sed "s,${TMP},${BASENAME},g" >"${TMP}.DIGESTS" + # Check if the textual format has changed at all, and emit the new version # if there are ANY changes at all. if ! cmp -s "${DST}.packets.txt" "${TMP}.packets.txt"; then chmod a+r "${TMP}" mv -f "${TMP}" "${DST}" mv -f "${TMP}.packets.txt" "${DST}.packets.txt" + mv -f "${TMP}.DIGESTS" "${DST}.DIGESTS" fi # Cleanup anyway rm -f "${TMP}.packets.txt" "${TMP}" |