Permalink
Browse files

Fix source verification

'verify-sources' target was broken - even when gpgv exited with failure,
besides printing error message, it continued and didn't interrupted the
buld (because "exit 1" inside subshell created by '(' interrupt only
that subshell).

Fix that by carefully verifying all the files just after downloading
them and remove if verification have failed. The side effect of this
change is not needed 'verify-sources' target at all - whenever sources
are downloaded, are verified, no way to forget about that.

Thanks obotobo@openmailbox.org for the report and the idea how to fix
this!
  • Loading branch information...
1 parent e323546 commit b48118b8ca59f1bd4208560adf044d35c10fa50b @marmarek marmarek committed May 16, 2016
Showing with 11 additions and 8 deletions.
  1. +11 −8 Makefile
View
@@ -93,21 +93,24 @@ endif
get-sources: $(ALL_FILES)
git submodule update --init --recursive
-$(ALL_FILES):
- @wget -qN $(ALL_URLS)
-
import-keys:
@if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/vmm-xen-trustedkeys.gpg"; fi
@gpg --no-auto-check-trustdb --no-default-keyring --keyring vmm-xen-trustedkeys.gpg -q --import *-key.asc
-verify-sources: import-keys verify-sources-sig verify-sources-sum
+verify-sources:
+ @true
+
+$(SIGN_FILE) $(GRUB_FILE)$(GRUB_SIGN_SUFF) $(LWIP_FILE)$(LWIP_SIGN_SUFF) $(GMP_FILE)$(GMP_SIGN_SUFF): %:
+ @wget -qN $(filter %$@,$(ALL_URLS))
-verify-sources-sig: $(SRC_FILE) $(GRUB_FILE) $(LWIP_FILE) $(GMP_FILE)
- @for f in $^; do gpgv --keyring vmm-xen-trustedkeys.gpg $$f.sig $$f 2>/dev/null || (echo "Wrong signature on $$f!"; exit 1); done
+$(SRC_FILE) $(GRUB_FILE) $(LWIP_FILE) $(GMP_FILE): %: %.sig import-keys
+ @wget -qN $(filter %$@,$(ALL_URLS))
+ @gpgv --keyring vmm-xen-trustedkeys.gpg $< $@ 2>/dev/null || { rm -f $@; echo "Wrong signature on $*!"; exit 1; }
-verify-sources-sum: $(NEWLIB_FILE) $(ZLIB_FILE) $(OCAML_FILE) $(GC_FILE) $(VTPM_FILE) $(TBOOT_FILE) $(PCIUTILS_FILE) $(POLARSSL_FILE)
- @for f in $^; do sha1sum --quiet -c $$f.sha1sum || exit 1; done
+$(NEWLIB_FILE) $(ZLIB_FILE) $(OCAML_FILE) $(GC_FILE) $(VTPM_FILE) $(TBOOT_FILE) $(PCIUTILS_FILE) $(POLARSSL_FILE): %: %.sha1sum
+ @wget -qN $(filter %$@,$(ALL_URLS))
+ @sha1sum --quiet -c $< || { rm -f $@; exit 1; }
.PHONY: clean-sources
clean-sources:

0 comments on commit b48118b

Please sign in to comment.