Bug#718225: live-build should authenticate files it downloads
Small additional patch attached.
I'm relatively new to unix shell scripting, and towards the end of
development I was having some issues with error return codes and set -e
in one or two places. I thought I had addressed the issue properly, but
running into the issue again now in other code, I've gained a better
understanding of it and realised that a small fix is in order here.
Testing this has also highlighted another issue, which I will provide as
a follow up once I've fully resolved it.
commit 326428b4bc4896ef98ef98efa2132bbe7fb2df97
Author: jnqnfe <jnqnfe@gmail.com>
Date: Thu Jan 8 03:46:33 2015 +0000
[Wget Security (#718225)] Fix handling of return codes
diff --git a/functions/cache.sh b/functions/cache.sh
index 4b3face..acf529f 100755
--- a/functions/cache.sh
+++ b/functions/cache.sh
@@ -196,6 +196,7 @@ Copy_file () {
local DEST_DIR
local ALLOW_HARDLINK
local CP_OPTIONS
+ local RET
if [ "${1}" = "--allow-hardlink" ]
then
@@ -220,7 +221,7 @@ Copy_file () {
CP_OPTIONS="${CP_OPTIONS} -l"
fi
- cp -f ${CP_OPTIONS} -- "${SOURCE}" "${DEST}"
+ cp -f ${CP_OPTIONS} -- "${SOURCE}" "${DEST}" && RET=0 || RET=${?}
- return ${?}
+ return ${RET}
}
diff --git a/functions/security.sh b/functions/security.sh
index ee04e17..60d384d 100644
--- a/functions/security.sh
+++ b/functions/security.sh
@@ -19,6 +19,7 @@ GPG_sig_is_valid ()
local KEYRINGS
local GPG_TOOL
local GPG_TOOL_SELECTED
+ local RET
FILE="${1}"
DETACHED_SIG="${2}"
@@ -39,9 +40,9 @@ GPG_sig_is_valid ()
exit 1
fi
- ${GPG_TOOL_SELECTED} --quiet ${KEYRINGS} "${DETACHED_SIG}" "${FILE}"
+ ${GPG_TOOL_SELECTED} --quiet ${KEYRINGS} "${DETACHED_SIG}" "${FILE}" && RET=0 || RET=${?}
- return ${?}
+ return ${RET}
}
# Check hash entry in basic hash sums file
@@ -66,9 +67,11 @@ Hashsum_check_hashsumfile ()
REGEX_PATTERN="^${HASH}[[:space:]]+\./${REL_URL}\$"
Echo_debug "Searching for pattern ${REGEX_PATTERN} in file ${HASH_FILE}"
- grep -q -i -m 1 -E "${REGEX_PATTERN}" "${HASH_FILE}"
-
- return ${?}
+ if grep -q -i -m 1 -E "${REGEX_PATTERN}" "${HASH_FILE}"
+ then
+ return 0
+ fi
+ return 1
}
# Check hash entry in archive dist-info Release file (Primary dist Release file only?)
@@ -93,9 +96,11 @@ Hashsum_check_Releasefile ()
REGEX_PATTERN="^[[:space:]]${HASH}[[:space:]]+[[:digit:]]+[[:space:]]${REL_URL}\$"
Echo_debug "Searching for pattern ${REGEX_PATTERN} in file ${HASH_FILE}"
- grep -q -i -m 1 -E "${REGEX_PATTERN}" "${HASH_FILE}"
-
- return ${?}
+ if grep -q -i -m 1 -E "${REGEX_PATTERN}" "${HASH_FILE}"
+ then
+ return 0
+ fi
+ return 1
}
# Check hash entry in archive dist-info Packages file
diff --git a/functions/wget.sh b/functions/wget.sh
index 7b731d4..bc1cc30 100644
--- a/functions/wget.sh
+++ b/functions/wget.sh
@@ -678,8 +678,7 @@ Main_dist_release_file_is_valid ()
Wget_copy_apt_keyring
fi
- GPG_sig_is_valid "${SAVE_PATH}" "${SAVE_PATH_SIG}" "--keyring ${WGET_GPG_KEYRING}"
- GPGV_RVAL=${?}
+ GPG_sig_is_valid "${SAVE_PATH}" "${SAVE_PATH_SIG}" "--keyring ${WGET_GPG_KEYRING}" && GPGV_RVAL=0 || GPGV_RVAL=${?}
if [ ${GPGV_RVAL} = 0 ]
then
@@ -1211,6 +1210,7 @@ Wget ()
local URL
local SAVE_TO
local WGET_OPTIONS
+ local RET
if [ "${1}" = "--quiet" ]
then
@@ -1237,9 +1237,9 @@ Wget ()
exit 1
fi
- wget ${WGET_OPTIONS} -O "${SAVE_TO}" "${URL}"
+ wget ${WGET_OPTIONS} -O "${SAVE_TO}" "${URL}" && RET=0 || RET=${?}
- return ${?}
+ return ${RET}
}
Wget_copy_apt_keyring ()
@@ -1336,6 +1336,7 @@ Wget_recently_verified ()
local ACTION
local FILE
+ local FOUND
#local WGET_RECENTLY_VERIFIED_FILES #See note above!
ACTION="${1}"
@@ -1367,8 +1368,8 @@ Wget_recently_verified ()
Echo_error "Only one recently verified item can be checked for at a time. Too many arguments supplied!"
exit 1
fi
- In_list "${1}" "${WGET_RECENTLY_VERIFIED_FILES}"
- return ${?}
+ In_list "${1}" "${WGET_RECENTLY_VERIFIED_FILES}" && FOUND=0 || FOUND=${?}
+ return ${FOUND}
;;
list)
Reply to: