首頁 探索 說明
登入
PUBLIC_REPOS
/
buildroot
镜像来自 git://git.buildroot.net/buildroot
2
1
複刻 0
Files
目錄樹: 31221b964e
分支列表 標籤列表
buildroot
/
support
/
download
/
check-hash

check-hash 2.2 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. #!/usr/bin/env bash
    2. 

  2. set -e
    3. 

  3. 

  4. # Helper to check a file matches its known hash
    5. 

  5. # Call it with:
    6. 

  6. #   $1: the path of the file containing all the the expected hashes
    7. 

  7. #   $2: the full path to the temporary file that was downloaded, and
    8. 

  8. #       that is to be checked
    9. 

  9. #   $3: the final basename of the file, to which it will be ultimately
    10. 

  10. #       saved as, to be able to match it to the corresponding hashes
    11. 

  11. #       in the .hash file
    12. 

  12. 

  13. h_file="${1}"
    14. 

  14. file="${2}"
    15. 

  15. base="${3}"
    16. 

  16. 

  17. # Does the hash-file exist?
    18. 

  18. if [ ! -f "${h_file}" ]; then
    19. 

  19.     exit 0
    20. 

  20. fi
    21. 

  21. 

  22. # Check one hash for a file
    23. 

  23. # $1: known hash
    24. 

  24. # $2: file (full path)
    25. 

  25. check_one_hash() {
    26. 

  26.     _h="${1}"
    27. 

  27.     _known="${2}"
    28. 

  28.     _file="${3}"
    29. 

  29. 

  30.     # Note: md5 is supported, but undocumented on purpose.
    31. 

  31.     # Note: sha3 is not supported, since there is currently no implementation
    32. 

  32.     #       (the NIST has yet to publish the parameters).
    33. 

  33.     case "${_h}" in
    34. 

  34.         md5|sha1)                       ;;
    35. 

  35.         sha224|sha256|sha384|sha512)    ;;
    36. 

  36.         *) # Unknown hash, exit with error
    37. 

  37.             printf "ERROR: unknown hash '%s' for '%s'\n"  \
    38. 

  38.                    "${_h}" "${base}" >&2
    39. 

  39.             exit 1
    40. 

  40.             ;;
    41. 

  41.     esac
    42. 

  42. 

  43.     # Do the hashes match?
    44. 

  44.     _hash=$( ${_h}sum "${_file}" |cut -d ' ' -f 1 )
    45. 

  45.     if [ "${_hash}" = "${_known}" ]; then
    46. 

  46.         printf "%s: OK (%s: %s)\n" "${base}" "${_h}" "${_hash}"
    47. 

  47.         return 0
    48. 

  48.     fi
    49. 

  49. 

  50.     printf "ERROR: %s has wrong %s hash:\n" "${base}" "${_h}" >&2
    51. 

  51.     printf "ERROR: expected: %s\n" "${_known}" >&2
    52. 

  52.     printf "ERROR: got     : %s\n" "${_hash}" >&2
    53. 

  53.     printf "ERROR: Incomplete download, or man-in-the-middle (MITM) attack\n" >&2
    54. 

  54. 

  55.     exit 1
    56. 

  56. }
    57. 

  57. 

  58. # Do we know one or more hashes for that file?
    59. 

  59. nb_checks=0
    60. 

  60. while read t h f; do
    61. 

  61.     case "${t}" in
    62. 

  62.         ''|'#'*)
    63. 

  63.             # Skip comments and empty lines
    64. 

  64.             continue
    65. 

  65.             ;;
    66. 

  66.         *)
    67. 

  67.             if [ "${f}" = "${base}" ]; then
    68. 

  68.                 check_one_hash "${t}" "${h}" "${file}"
    69. 

  69.                 : $((nb_checks++))
    70. 

  70.             fi
    71. 

  71.             ;;
    72. 

  72.     esac
    73. 

  73. done <"${h_file}"
    74. 

  74. 

  75. if [ ${nb_checks} -eq 0 ]; then
    76. 

  76.     if [ -n "${BR2_ENFORCE_CHECK_HASH}" ]; then
    77. 

  77.         printf "ERROR: No hash found for %s\n" "${base}" >&2
    78. 

  78.         exit 1
    79. 

  79.     else
    80. 

  80.         printf "WARNING: No hash found for %s\n" "${base}" >&2
    81. 

  81.     fi
    82. 

  82. fi
    83.