1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

build: Extend getswdb.sh to allow a verified download

--
This commit is contained in:
Werner Koch 2024-02-29 15:35:27 +01:00
parent c27e5be50b
commit 233bf39323
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -28,9 +28,12 @@ cvtver () {
usage()
{
cat <<EOF
Usage: $(basename $0) [OPTIONS]
Usage: $(basename $0) [OPTIONS] [packages]
Get the online version of the GnuPG software version database
and optionally download packages and verify their signatures.
Options:
--info Print only infos about packages
--skip-download Assume download has already been done.
--skip-verify Do not check signatures
--skip-selfcheck Do not check GnuPG version
@ -38,6 +41,11 @@ Options:
--find-sha1sum Print the name of the sha1sum utility
--find-sha256sum Print the name of the sha256sum utility
--help Print this help.
Example:
getswdb.sh gnupg24 gpgme libksba libassuan
EOF
exit $1
}
@ -50,6 +58,9 @@ skip_verify=no
skip_selfcheck=no
find_sha1sum=no
find_sha256sum=no
info_mode=no
packages=
die=no
while test $# -gt 0; do
case "$1" in
# Set up `optarg'.
@ -80,13 +91,20 @@ while test $# -gt 0; do
--find-sha256sum)
find_sha256sum=yes
;;
*)
--info)
info_mode=yes
;;
--*)
usage 1 1>&2
;;
*)
packages="$packages $1"
;;
esac
shift
done
# Mac OSX has only a shasum and not sha1sum
if [ ${find_sha1sum} = yes ]; then
for i in sha1sum shasum ; do
@ -186,7 +204,7 @@ else
fi
fi
if [ $skip_verify = no ]; then
if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then
if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst 2>/dev/null; then
echo "list of software versions is not valid!" >&2
exit 1
fi
@ -210,3 +228,73 @@ if [ $skip_selfcheck = no ]; then
exit 1
fi
fi
# Download a package and check its signature.
download_pkg () {
local url="$1"
local file="${url##*/}"
if ! $WGET -q -O - "$url" >"${file}.tmp" ; then
echo "download of $file failed." >&2
[ -f "${file}.tmp" ] && rm "${file}.tmp"
return 1
fi
if [ $skip_verify = no ]; then
if ! $WGET -q -O - "${url}.sig" >"${file}.tmpsig" ; then
echo "download of $file.sig failed." >&2
[ -f "${file}.tmpsig" ] && rm "${file}.tmpsig"
return 1
fi
if ! $GPGV -q --keyring "$distsigkey" \
"${file}.tmpsig" "${file}.tmp" 2>/dev/null; then
echo "signature of $file is not valid!" >&2
return 1
fi
mv "${file}.tmpsig" "${file}.sig"
else
[ -f "${file}.sig" ] && rm "${file}.sig"
fi
mv "${file}.tmp" "${file}"
return 0
}
baseurl=$(awk '$1=="gpgorg_base" {print $2; exit 0}' swdb.lst)
for p in $packages; do
pver=$(awk '$1=="'"$p"'_ver" {print $2}' swdb.lst)
if [ -z "$pver" ]; then
echo "package '$p' not found" >&2
die=yes
else
pdir=$(awk '$1=="'"$p"'_dir" {print $2":"$3":"$4}' swdb.lst)
if [ -n "$pdir" ]; then
psuf=$(echo "$pdir" | cut -d: -f3)
pname=$(echo "$pdir" | cut -d: -f2)
pdir=$(echo "$pdir" | cut -d: -f1)
else
psuf=
pdir="$p"
pname="$p"
fi
if [ -z "$psuf" ]; then
psuf=$(awk 'BEGIN {suf="bz2"};
$1=="'"$p"'_sha1_gz" {suf="gz"; exit 0};
$1=="'"$p"'_sha1_xz" {suf"xz"; exit 0};
END {print suf}' swdb.lst)
fi
pfullname="$pname-$pver.tar.$psuf"
if [ $info_mode = yes ]; then
echo "$baseurl/$pdir/$pfullname"
else
echo "downloading $pfullname"
download_pkg "$baseurl/$pdir/$pfullname" || die=yes
fi
fi
done
if [ $die = yes ]; then
echo "errors found!" >&2
exit 1
fi
exit 0