diff --git a/tool/download_hashver b/tool/download_hashver deleted file mode 100755 index 2d9fd1e998..0000000000 --- a/tool/download_hashver +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash -# -# \brief Hash verification tool -# \author Stephan Müller -# \date 2013-05-24 -# - -# Script to be invoked as -# $0 -# -# hash or hash file: The script checks whether the handed in value is a file -- -# if it is a file, it uses it with md5sum/sha1sum/sha256sum -c. -# Otherwise, the value is used as a direct hash value. -# -# Hash type can be either: md5 sha1 sha256 -# -# Script returns 0 on success. Any other value is a failure. - -FILE=$1 -HASH=$2 -HASHTYPE=$3 - -verify_hashfile() -{ - file=$1 - hashfile=$2 - hashtype=$3 - - dirfile=$(dirname $file) - dirhash=$(dirname $file) - basehash=$(basename $hashfile) - - # - # The tool is invoked with the file to be checked and the file holding the - # hashes. Thus, it cannot expect the hash file to be in the same directory - # as the file to be checked. But the problem is that the tools md5sum and - # Co expect the hash file in the local directory when you invoke the tool - # with -C. There is no way that you can provide a different location for - # the hash file. - # - # The code now tries to check whether the dirname of the file to be checked - # and the hash file are the same. If they are not, it creates a symlink to - # allow the tools to work. The trap ensures that in case of a termination - # (regular or otherwise), the symlink is removed such that there is no - # leftover from the script. - # - if [ "$dirfile" != "$dirhash" ]; - then - trap "rm -f $dirfile/$basehash" 0 1 2 3 15 - ln -s $hashfile $dirfile/ - fi - - cd $dirfile - ret=0 - case "$hashtype" in - md5) - md5sum -c $basehash - ret=$? - ;; - sha1) - sha1sum -c $basehash - ret=$? - ;; - sha256) - sha256sum -c $basehash - ret=$? - ;; - *) - echo "Wrong hash type $hashtype" - exit 1 - ;; - esac - - if [ "$ret" -ne 0 ] - then - echo "Hash verification for file $file failed" - exit 1 - fi - echo "Hash verification for file $file passed" - exit 0 -} - -# Verify the file -# \param file to be verified -# \param hash (file) -# -# function causes script to exit: -# return 0 implies all passed -# any other return code implies failure -verify_file() -{ - file=$1 - hash=$2 - hashtype=$3 - - if [ -f "$hash" ] - then - verify_hashfile $file $hash $hashtype - fi - case "$hashtype" in - md5) - calchash=$(md5sum $file | cut -f1 -d" ") - ;; - sha1) - calchash=$(sha1sum $file | cut -f1 -d" ") - ;; - sha256) - calchash=$(sha256sum $file | cut -f1 -d" ") - ;; - *) - echo "Wrong hash type $hashtype" - exit 1 - ;; - esac - if [ "$calchash" != "$hash" ] - then - echo -e "Hash verification for file $file failed:\ncalc hash: $calchash\nexp hash: $hash" - exit 1 - fi - - echo "Hash verification for file $file passed" - exit 0 -} - -verify_file $FILE $HASH $HASHTYPE diff --git a/tool/download_sigver b/tool/download_sigver deleted file mode 100755 index 859ba87055..0000000000 --- a/tool/download_sigver +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# -# \brief Signature verification tool -# \author Stephan Müller -# \date 2013-05-24 -# - -# Script to be invoked as -# $0 -# -# The source pubkey(s) is some ID that can be handled by gpg --search-keys -# or --recv-keys -# The special keyword of GNU as source pubkey implies the downloading of the GNU -# key ring. -# -# Script returns 0 on success. Any other value is a failure. - -FILE=$1 -SIGFILE=$2 -shift;shift; -PUBKEYSRC=$@ - -# -# Probe if a default keyserver is configured by the user. If not, fall back to -# a predefined key server. -# -KEYSERVER="" -if ! $(cat $HOME/.gnupg/gpg.conf | grep -v '^#.*' | grep -q keyserver); then - KEYSERVER="--keyserver hkp://keys.gnupg.net" -fi - -# Get a particular key -# \param key fingerprint to obtain -get_gpg_key() -{ - key=$1 - - # check if key is present - gpg --list-key $key > /dev/null 2>&1 - if [ $? -eq 0 ];then - return - fi - size=$(echo -n $key |wc -m) - if [ "$size" -eq 40 ] - then - # we have a full fingerprint - gpg $KEYSERVER --recv-keys $key - else - # we have some other ID - gpg $KEYSERVER --search-keys $key - fi -} - -GNUURL="ftp://ftp.gnu.org/gnu/gnu-keyring.gpg" -get_gnu_keys() -{ - sigfile=$1 - sigdir=$(dirname $sigfile) - - if [ ! -d "$sigdir" ] - then - echo "Directory $sigdir does not exist" - exit 1 - fi - - targetfile=$(basename $GNUURL) - if [ ! -f "$sigdir/$targetfile" ] - then - wget -c -P $sigdir $GNUURL - fi -} - -# Get all keys handed in -# \param array of keys to be searched -get_all_keys() -{ - keys=$@ - - for i in $keys - do - get_gpg_key $i - done -} - -# Verify the file -# \param file to be verified -# \param signature file -# -# function causes script to exit: -# return 0 implies all passed -# any other return code implies failure -verify_file() -{ - file=$1 - sigfile=$2 - - gpgargs="" - targetfile=$(basename $GNUURL) - sigdir=$(dirname $sigfile) - if [ -f "$sigdir/$targetfile" ] - then - gpgargs="--keyring $sigdir/$targetfile" - fi - - if [ -z "$file" -o ! -f "$file" ] - then - echo "File $file not found" - exit 1 - fi - if [ -z "$sigfile" -o ! -f "$sigfile" ] - then - echo "Signature file $sigfile not found" - exit 1 - fi - gpg --verify $gpgargs $sigfile $file - if [ $? -ne 0 ] - then - echo "Signature check of file $file failed" - exit 1 - fi - echo "Signature check of file $file passed" - exit 0 -} - -if [ "$PUBKEYSRC" = "GNU" ] -then - get_gnu_keys $SIGFILE -else - get_all_keys "$PUBKEYSRC" -fi -verify_file $FILE $SIGFILE