Skip to content
Browse files

Fix source verification

'verify-sources' target was broken - even when gpgv exited with failure,
besides printing error message, it continued and didn't interrupted the
buld (because "exit 1" inside subshell created by '(' interrupt only
that subshell).

Fix that by carefully verifying all the files just after downloading
them and remove if verification have failed. The side effect of this
change is not needed 'verify-sources' target at all - whenever sources
are downloaded, are verified, no way to forget about that.

Thanks for the report and the idea how to fix
  • Loading branch information
marmarek committed May 18, 2016
1 parent e323546 commit b48118b8ca59f1bd4208560adf044d35c10fa50b
Showing with 11 additions and 8 deletions.
  1. +11 −8 Makefile
@@ -93,21 +93,24 @@ endif
get-sources: $(ALL_FILES)
git submodule update --init --recursive

@wget -qN $(ALL_URLS)

@if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/vmm-xen-trustedkeys.gpg"; fi
@gpg --no-auto-check-trustdb --no-default-keyring --keyring vmm-xen-trustedkeys.gpg -q --import *-key.asc

verify-sources: import-keys verify-sources-sig verify-sources-sum

@wget -qN $(filter %$@,$(ALL_URLS))

verify-sources-sig: $(SRC_FILE) $(GRUB_FILE) $(LWIP_FILE) $(GMP_FILE)
@for f in $^; do gpgv --keyring vmm-xen-trustedkeys.gpg $$f.sig $$f 2>/dev/null || (echo "Wrong signature on $$f!"; exit 1); done
$(SRC_FILE) $(GRUB_FILE) $(LWIP_FILE) $(GMP_FILE): %: %.sig import-keys
@wget -qN $(filter %$@,$(ALL_URLS))
@gpgv --keyring vmm-xen-trustedkeys.gpg $< $@ 2>/dev/null || { rm -f $@; echo "Wrong signature on $*!"; exit 1; }

@for f in $^; do sha1sum --quiet -c $$f.sha1sum || exit 1; done

@wget -qN $(filter %$@,$(ALL_URLS))
@sha1sum --quiet -c $< || { rm -f $@; exit 1; }

.PHONY: clean-sources

0 comments on commit b48118b

Please sign in to comment.