[Lunar-commits] r27033 - lunar/trunk/var/lib/lunar/plugins

Dennis Veatch dennisveatch at bellsouth.net
Fri May 15 23:54:02 CEST 2009 

On Friday 15 May 2009 2:56:03 am Stefan Wold wrote:
> Author: ratler
> Date: 2009-05-15 08:56:03 +0200 (Fri, 15 May 2009)
> New Revision: 27033
>
> Added:
>    lunar/trunk/var/lib/lunar/plugins/verify-sha256.plugin
> Log:
> Adding support for sha256 SOURCE_VFY. sha1 will soon be obsolete due to new
> attacks.
>
> Added: lunar/trunk/var/lib/lunar/plugins/verify-sha256.plugin
> ===================================================================
> --- lunar/trunk/var/lib/lunar/plugins/verify-sha256.plugin	                
>        (rev 0) +++
> lunar/trunk/var/lib/lunar/plugins/verify-sha256.plugin	2009-05-15 06:56:03
> UTC (rev 27033) @@ -0,0 +1,32 @@
> +#!/bin/bash
> +#############################################################
> +#                                                           #
> +# verify-sha256.plugin - plugin that performs sha256check   #
> +#                                                           #
> +#############################################################
> +#                                                           #
> +# Copyright 2005 by Auke Kok under GPLv2                    #
> +# Copyright 2009 by Stefan Wold under GPLv2                 #
> +#                                                           #
> +#############################################################
> +
> +
> +plugin_source_verify_sha256() {
> +  # check if we can handle this type of VFY:
> +  if [ "${2:0:7}" != "sha256:" ] ; then
> +    return 2
> +  fi
> +  debug_msg "plugin_source_verify_sha256 ($@)"
> +  TMP_SHA=$(sha256sum $SOURCE_CACHE/$1 | cut -d " " -f 1-1)
> +  if [ "${2:7}" != "$TMP_SHA" ] ; then
> +    message "${PROBLEM_COLOR}! sha256sum check failed for
> ${DEFAULT_COLOR}${FILE_COLOR}$1${DEFAULT_COLOR}" +    verbose_msg
> "offending sha256sum: $TMP_SHA"
> +    verbose_msg "should be sha256sum: ${2:7}"
> +    return 1
> +  else
> +    # always return 'continue' plugin value
> +    return 2
> +  fi
> +}
> +
> +plugin_register SOURCE_VERIFY plugin_source_verify_sha256
>

Something isn't quite right here. When testing the pwgen module, changed sha1 
to sha256: with a blank entry, and changed the version/dl link, etc. Tried to 
lin and it did not stop the build on a invalid sha256.

-- 
You can tuna piano but you can't tune a fish.

http://www.lunar-linux.org/
It's worth the spin.

More information about the Lunar-dev mailing list