Skip to content


Browse files Browse the repository at this point in the history
Fix source verification
'verify-sources' target was broken - even when gpgv exited with failure,
besides printing error message, it continued and didn't interrupted the
buld (because "exit 1" inside subshell created by '(' interrupt only
that subshell).

Fix that by carefully verifying all the files just after downloading
them and remove if verification have failed. The side effect of this
change is not needed 'verify-sources' target at all - whenever sources
are downloaded, are verified, no way to forget about that.

Thanks for the report and the idea how to fix
  • Loading branch information
marmarek committed May 18, 2016
1 parent e323546 commit b48118b
Showing 1 changed file with 11 additions and 8 deletions.
19 changes: 11 additions & 8 deletions Makefile
Expand Up @@ -93,21 +93,24 @@ endif
get-sources: $(ALL_FILES)
git submodule update --init --recursive

@wget -qN $(ALL_URLS)

@if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/vmm-xen-trustedkeys.gpg"; fi
@gpg --no-auto-check-trustdb --no-default-keyring --keyring vmm-xen-trustedkeys.gpg -q --import *-key.asc

verify-sources: import-keys verify-sources-sig verify-sources-sum

@wget -qN $(filter %$@,$(ALL_URLS))

verify-sources-sig: $(SRC_FILE) $(GRUB_FILE) $(LWIP_FILE) $(GMP_FILE)
@for f in $^; do gpgv --keyring vmm-xen-trustedkeys.gpg $$f.sig $$f 2>/dev/null || (echo "Wrong signature on $$f!"; exit 1); done
$(SRC_FILE) $(GRUB_FILE) $(LWIP_FILE) $(GMP_FILE): %: %.sig import-keys
@wget -qN $(filter %$@,$(ALL_URLS))
@gpgv --keyring vmm-xen-trustedkeys.gpg $< $@ 2>/dev/null || { rm -f $@; echo "Wrong signature on $*!"; exit 1; }

@for f in $^; do sha1sum --quiet -c $$f.sha1sum || exit 1; done

@wget -qN $(filter %$@,$(ALL_URLS))
@sha1sum --quiet -c $< || { rm -f $@; exit 1; }

.PHONY: clean-sources
Expand Down

0 comments on commit b48118b

Please sign in to comment.