>>>>> On Mon, 04 Sep 2023, Michał Górny wrote: > --- a/eclass/verify-sig.eclass > +++ b/eclass/verify-sig.eclass > @@ -214,12 +214,15 @@ verify-sig_verify_message() { > } > # @FUNCTION: verify-sig_verify_unsigned_checksums > -# @USAGE: <checksum-file> <algo> <files> > +# @USAGE: <checksum-file> <format> <files>
Below, verify-sig_verify_signed_checksums() still says "algo", change that too for consistency? > # @DESCRIPTION: > # Verify the checksums for all files listed in the space-separated list > -# <files> (akin to ${A}) using a <checksum-file>. <algo> specifies > -# the checksum algorithm (e.g. sha256). <checksum-file> can be "-" > -# for stdin. > +# <files> (akin to ${A}) using a <checksum-file>. <format> specifies > +# the checksum file format. <checksum-file> can be "-" for stdin. > +# > +# The following formats are supported: > +# - sha256 -- sha256sum (<hash> <filename>) > +# - openssl-dgst -- openssl dgst (<algo>(<filename>)=<hash>) This won't be rendered as a list in the man page, but will be rewrapped as a paragraph. (Putting a space before the "-" will help.) The existing variable documentation of VERIFY_SIG_METHOD suffers from the same problem, BTW. > # > # The function dies if one of the files does not match checksums or > # is missing from the checksum file. > @@ -234,32 +237,46 @@ verify-sig_verify_unsigned_checksums() { > local algo=${2} Maybe rename the variable to "format", when the documentation now says that the second parameter specifies the format? > local files=() > read -r -d '' -a files <<<"${3}" > - local chksum_prog chksum_len > + local chksum_prog chksum_len format=coreutils And rename this one too. (I don't find it intuitive for a checksum format to be named "coreutils", when coreutils provides cksum, md5sum, b2sum, etc.) > > case ${algo} in > sha256) > - chksum_prog=sha256sum > chksum_len=64 > ;; > + openssl-dgst) > + format=${algo} > + ;; > *) > - die "${FUNCNAME}: unknown checksum algo ${algo}" > + die "${FUNCNAME}: unknown checksum format ${algo}" > ;; > esac > > [[ ${checksum_file} == - ]] && checksum_file=/dev/stdin > - local checksum filename junk ret=0 count=0 > - while read -r checksum filename junk; do > - if [[ ${checksum} == "-----BEGIN" ]]; then > + local line checksum filename junk ret=0 count=0 > + while read -r line; do > + if [[ ${line} == "-----BEGIN"* ]]; then > die "${FUNCNAME}: PGP armor found, use > verify-sig_verify_signed_checksums instead" > fi > > - [[ ${#checksum} -eq ${chksum_len} ]] || continue > - [[ -z ${checksum//[0-9a-f]} ]] || continue > - has "${filename}" "${files[@]}" || continue > - [[ -z ${junk} ]] || continue > - > - "${chksum_prog}" -c --strict - <<<"${checksum} ${filename}" > - if [[ ${?} -eq 0 ]]; then > + case ${format} in > + coreutils) > + read -r checksum filename junk <<<"${line}" > + [[ ${#checksum} -ne ${chksum_len} ]] && continue > + [[ -n ${checksum//[0-9a-f]} ]] && continue > + [[ -n ${junk} ]] && continue > + ;; > + openssl-dgst) > + [[ ${line} != *"("*")="* ]] && continue > + checksum=${line##*)=} > + algo=${line%%(*} > + filename=${line#*(} > + filename=${filename%)=*} > + ;; > + esac > + > + ! has "${filename}" "${files[@]}" && continue This might be clearer if it was written as: has "${filename}" "${files[@]}" || continue > + > + if "${algo,,}sum" -c --strict - <<<"${checksum} ${filename}"; > then > (( count++ )) > else > ret=1
signature.asc
Description: PGP signature