Re: dscverify, program to check PGP/MD5 from .dsc file
On 09 Dec 1998 00:37:06 -0500, Roderick Schertler <roderick@argon.org> said:
>
> Here's what I use to verify that files I download from Incoming are
> valid.
Oops, this only worked for checking source packages, which is probably
not what people were talking about. Here is a small change which allows
it to work with .changes files, too.
#!/bin/sh
# $Id: dscverify,v 1.3 1998-12-09 00:50:45-05 roderick Exp $
#
# Roderick Schertler <roderick@argon.org>
# This program takes .changes or .dsc files as arguments and verifies
# that they're properly signed by a Debian developer, and that the local
# copies of the files mentioned in them match the MD5 sums given in the
# file.
# Copyright (C) 1998 Roderick Schertler
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# For a copy of the GNU General Public License write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
script=`basename "$0"`
exit=0
warn() { echo "$script:" "$@" >&2; exit=1; }
die() { warn "$@"; exit $exit; }
[ $# = 0 ] && die "no .changes or .dsc files specified"
pubring=
for file in \
~maor/dinstall/debian-keyring.pgp \
/usr/share/keyrings/debian-keyring.pgp
do
[ -f "$file" ] && { pubring=$file; break; }
done
[ -n "$pubring" ] || die "can't find debian-keyring.pgp"
tmp=`tempfile` || die "return $? from tempfile"
stderr=`tempfile` || die "return $? from tempfile"
for file
do
pgp +pubring="$pubring" -f <$file >$tmp 2>$stderr || {
warn "return $? from pgp for $file"
continue
}
grep '^File has signature.' $stderr >/dev/null || {
warn "no signature in $file"
continue
}
grep '^Good signature from user' $stderr || {
warn "invalid signature in $file"
continue
}
perl -we '
$on = $any = 0;
while (<>) {
chomp;
if (/^Files:\s*$/) {
$on = 1;
}
elsif (/^$/ || /^\S/) {
$on = 0;
}
elsif ($on) {
$any = 1;
/^\s+(\S+)\s+(\d+)\s+(?:\S+\s+\S+\s+)?(\S+)\s*$/
or die qq/Invalid file line "$_"\n/;
my ($md5, $size, $file) = ($1, $2, $3);
length($md5) == 32 or die qq/Invalid MD5 hash "$md5"\n/;
unless (-e $file) {
print "skipping $file\n";
next;
}
print "validating $file\n";
defined($this_size = -s $file)
or die "Can'\''t stat $file: $!\n";
$this_size == $size
or die "Invalid file length for $file (wanted $size)\n";
chomp($output = `md5sum < $file`);
$? and die "Return $? from md5 for $file\n";
$output eq $md5
or die "MD5 mismatch for $file ($md5 vs $output)\n";
}
}
$any or die "Did not see any files\n"' $tmp || {
warn "return $? from perl"
continue
}
done
rm $tmp $stderr || warn "return $? removing $tmp and $stderr"
exit $exit
--
Roderick Schertler
roderick@argon.org
Reply to: