[Lunar-commits] CVS: theedge/var/lib/lunar/plugins verify-gpg.plugin, NONE, 1.1 verify-md5.plugin, NONE, 1.1 verify-sha1.plugin, NONE, 1.1 download-generic.plugin, 1.1, 1.2

Auke Kok sofar at lunar-linux.org
Thu Mar 24 16:39:02 UTC 2005


Update of /var/cvs/lunar/theedge/var/lib/lunar/plugins
In directory espresso.foo-projects.org:/home/sofar/active/theedge/var/lib/lunar/plugins

Modified Files:
	download-generic.plugin 
Added Files:
	verify-gpg.plugin verify-md5.plugin verify-sha1.plugin 
Log Message:
Mega merge:

* source verification is now a plugin too
* rewrote gpg verification a bit
* removed versioned modules (only one remains: gcc/3.4.3)
* Implemented nested sections: moonbase/gnome/apps is now possible


--- NEW FILE: verify-gpg.plugin ---
#!/bin/bash
#############################################################
#                                                           #
# verify-gpg.plugin - plugin that performs gpg signature    #
#                     checking                              #
#                                                           #
#############################################################
#                                                           #
# Copyright 2005 by Auke Kok under GPLv2                    #
#                                                           #
#############################################################


plugin_source_verify_gpg() {
  # check if we can handle this type of VFY:
  if [ "${2:0:4}" != "gpg:" ] ; then
    return 2
  fi
  debug_msg "plugin_source_verify_gpg ($@)"

  if [ ! -x /usr/bin/gpg ] ; then
    # warn but don't fail
    message "${PROBLEM_COLOR}! Cannot verify sources without ${MODULE_COLOR}gpg${DEFAULT_COLOR}${PROBLEM_COLOR} installed${DEFAULT_COLOR}"
    return 2
  fi
  if [ ! -d /var/state/lunar/gpg ]; then
    mkdir -p /var/state/lunar/gpg
    chmod 700 /var/state/lunar/gpg
  fi

  GPG_SIG=$(echo $2 | sed 's/^gpg://' | cut -d, -f1)
  GPG_KEY=$(echo $2 | sed 's/^gpg://' | cut -d, -f2-)
  
  # do we need to download a keyset?
  if [ -n "$GPG_KEY" ] ; then
    TMP_GPG_KEYS=$(temp_create "gpg-pubkeys")
    verbose_msg "Downloading pub keys from \"$GPG_KEY\""
    # TODO calling wget is a hack... we should accept file: urls too
    if download_url $GPG_KEY $TMP_GPG_KEYS -q ; then
	  TMP_GPG_OUTPUT=$(temp_create "gpg-output")
      GNUPGHOME=/var/state/lunar/gpg/ gpg --import $TMP_GPG_KEYS > $TMP_GPG_OUTPUT 2>&1
	  grep -v 'not changed$' $TMP_GPG_OUTPUT | while read LINE; do
        message "${MESSAGE_COLOR}$LINE${DEFAULT_COLOR}"
	  done
	  temp_destroy $TMP_GPG_OUTPUT
    fi
  fi

  # try to get the required key
  TMP_GPG_SIG=$(temp_create "gpg-signature")
  verbose_msg "Downloading signature \"$GPG_SIG\""
  # TODO calling wget is a hack... we should accept file: urls too
  if download_url $GPG_SIG $TMP_GPG_SIG -q ; then
    verbose_msg "Verifying signature of \"$SOURCE_CACHE/$1\""
    verbose_msg "GNUPGHOME=/var/state/lunar/gpg/ gpg --verify $TMP_GPG_SIG $SOURCE_CACHE/$1"
	  TMP_GPG_OUTPUT=$(temp_create "gpg-output")
    if ! GNUPGHOME=/var/state/lunar/gpg/ gpg --verify $TMP_GPG_SIG $SOURCE_CACHE/$1 > $TMP_GPG_OUTPUT 2>&1 ; then
      verbose_msg "gpg exited with \"$?\""
      RESULT=1
    fi
	cat $TMP_GPG_OUTPUT | while read LINE; do
	  if echo $LINE | grep -qw 'WARNING' ; then
        message "${LRM_COLOR}$LINE${DEFAULT_COLOR}"
      else
        message "${MESSAGE_COLOR}$LINE${DEFAULT_COLOR}"
      fi
	done
	temp_destroy $TMP_GPG_OUTPUT
  else
    message "cannot download key!"
    RESULT=1
  fi
  temp_destroy $TMP_GPG_SIG
  temp_destroy $TMP_GPG_KEYS

  if [ "$RESULT" == 1 ]; then
    message "${PROBLEM_COLOR}! gpg signature check failed for ${DEFAULT_COLOR}${FILE_COLOR}$SRC1${DEFAULT_COLOR}"
    return 1
  else
    # always return 'continue' plugin value
    return 2
  fi  
}


plugin_register SOURCE_VERIFY plugin_source_verify_gpg

--- NEW FILE: verify-md5.plugin ---
#!/bin/bash
#############################################################
#                                                           #
# verify-md5.plugin - plugin that performs md5check         #
#                                                           #
#############################################################
#                                                           #
# Copyright 2005 by Auke Kok under GPLv2                    #
#                                                           #
#############################################################


plugin_source_verify_md5() {
  # check if we can handle this type of VFY:
  if [ "${2:0:4}" != "md5:" ] ; then
    return 2
  fi
  debug_msg "plugin_source_verify_md5 ($@)"
  TMP_MD5=$(md5sum $SOURCE_CACHE/$1 | cut -d " " -f 1-1)
  if [ "${2:4}" != "$TMP_MD5" ] ; then
    message "${PROBLEM_COLOR}! md5sum check failed for ${DEFAULT_COLOR}${FILE_COLOR}$1${DEFAULT_COLOR}"
    verbose_msg "offending md5sum: $TMP_MD5"
    verbose_msg "should be md5sum: ${2:4}"
    return 1
  else
    # always return 'continue' plugin value
    return 2
  fi  
}


plugin_register SOURCE_VERIFY plugin_source_verify_md5

--- NEW FILE: verify-sha1.plugin ---
#!/bin/bash
#############################################################
#                                                           #
# verify-sha1.plugin - plugin that performs sha1check       #
#                                                           #
#############################################################
#                                                           #
# Copyright 2005 by Auke Kok under GPLv2                    #
#                                                           #
#############################################################


plugin_source_verify_sha1() {
  # check if we can handle this type of VFY:
  if [ "${2:0:5}" != "sha1:" ] ; then
    return 2
  fi
  debug_msg "plugin_source_verify_sha1 ($@)"
  TMP_MD5=$(sha1sum $SOURCE_CACHE/$1 | cut -d " " -f 1-1)
  if [ "${2:5}" != "$TMP_MD5" ] ; then
    message "${PROBLEM_COLOR}! sha1sum check failed for ${DEFAULT_COLOR}${FILE_COLOR}$1${DEFAULT_COLOR}"
    verbose_msg "offending sha1sum: $TMP_MD5"
    verbose_msg "should be sha1sum: ${2:5}"
    return 1
  else
    # always return 'continue' plugin value
    return 2
  fi  
}


plugin_register SOURCE_VERIFY plugin_source_verify_sha1

Index: download-generic.plugin
===================================================================
RCS file: /var/cvs/lunar/theedge/var/lib/lunar/plugins/download-generic.plugin,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- download-generic.plugin	23 Mar 2005 16:18:13 -0000	1.1
+++ download-generic.plugin	24 Mar 2005 16:38:59 -0000	1.2
@@ -50,8 +50,10 @@
   if erase $TMP_FILE && wget $WGET_CACHE $WGET_RATE $WGET_FTP_CONNECTION $WGET_RETRIES $WGET_PARTIAL "$1" --output-document "$TMP_FILE" ; then
     # looks like it worked
     if testpack $TMP_FILE ; then
-      install -m644 $TMP_FILE $(dirname $2)/$(basename $TMP_FILE)
-      rm $TMP_FILE
+      if [ "$TMP_FILE" != "$(dirname $2)/$(basename $TMP_FILE)" ]; then
+        install -m644 $TMP_FILE $(dirname $2)/$(basename $TMP_FILE)
+        rm $TMP_FILE
+      fi
       verbose_msg "download of \"$1\" successful"
     else
       rm -f $TMP_FILE



More information about the Lunar-commits mailing list