Skip to content

Commit b48118b

Browse files
committed
Fix source verification
'verify-sources' target was broken - even when gpgv exited with failure, besides printing error message, it continued and didn't interrupted the buld (because "exit 1" inside subshell created by '(' interrupt only that subshell). Fix that by carefully verifying all the files just after downloading them and remove if verification have failed. The side effect of this change is not needed 'verify-sources' target at all - whenever sources are downloaded, are verified, no way to forget about that. Thanks obotobo@openmailbox.org for the report and the idea how to fix this!
1 parent e323546 commit b48118b

File tree

1 file changed

+11
-8
lines changed

1 file changed

+11
-8
lines changed

Makefile

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -93,21 +93,24 @@ endif
9393
get-sources: $(ALL_FILES)
9494
git submodule update --init --recursive
9595

96-
$(ALL_FILES):
97-
@wget -qN $(ALL_URLS)
98-
9996
import-keys:
10097
@if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/vmm-xen-trustedkeys.gpg"; fi
10198
@gpg --no-auto-check-trustdb --no-default-keyring --keyring vmm-xen-trustedkeys.gpg -q --import *-key.asc
10299

103-
verify-sources: import-keys verify-sources-sig verify-sources-sum
100+
verify-sources:
101+
@true
102+
103+
$(SIGN_FILE) $(GRUB_FILE)$(GRUB_SIGN_SUFF) $(LWIP_FILE)$(LWIP_SIGN_SUFF) $(GMP_FILE)$(GMP_SIGN_SUFF): %:
104+
@wget -qN $(filter %$@,$(ALL_URLS))
104105

105-
verify-sources-sig: $(SRC_FILE) $(GRUB_FILE) $(LWIP_FILE) $(GMP_FILE)
106-
@for f in $^; do gpgv --keyring vmm-xen-trustedkeys.gpg $$f.sig $$f 2>/dev/null || (echo "Wrong signature on $$f!"; exit 1); done
106+
$(SRC_FILE) $(GRUB_FILE) $(LWIP_FILE) $(GMP_FILE): %: %.sig import-keys
107+
@wget -qN $(filter %$@,$(ALL_URLS))
108+
@gpgv --keyring vmm-xen-trustedkeys.gpg $< $@ 2>/dev/null || { rm -f $@; echo "Wrong signature on $*!"; exit 1; }
107109

108-
verify-sources-sum: $(NEWLIB_FILE) $(ZLIB_FILE) $(OCAML_FILE) $(GC_FILE) $(VTPM_FILE) $(TBOOT_FILE) $(PCIUTILS_FILE) $(POLARSSL_FILE)
109-
@for f in $^; do sha1sum --quiet -c $$f.sha1sum || exit 1; done
110110

111+
$(NEWLIB_FILE) $(ZLIB_FILE) $(OCAML_FILE) $(GC_FILE) $(VTPM_FILE) $(TBOOT_FILE) $(PCIUTILS_FILE) $(POLARSSL_FILE): %: %.sha1sum
112+
@wget -qN $(filter %$@,$(ALL_URLS))
113+
@sha1sum --quiet -c $< || { rm -f $@; exit 1; }
111114

112115
.PHONY: clean-sources
113116
clean-sources:

0 commit comments

Comments
 (0)