verify-digests.sh: cleanup for newer systems20231009T044248Z

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

1 files changed, 37 insertions, 14 deletions

diff --git a/verify-digests.sh b/verify-digests.sh
index bd0cfa8..b5f7682 100755
--- a/verify-digests.sh
+++ b/verify-digests.sh
@@ -39,9 +39,11 @@ transform_digest() {
 	| \
 	awk \
 		-e '/^# .* HASH$/{hash=$2}' \
+		-e '(hash=="BLAKE2B"){hash="BLAKE2b"}' \
+		-e '(hash=="BLAKE2S"){hash="BLAKE2s"}' \
 		-e '/^[[:xdigit:]]+[[:space:]]+.+/{if(hash != ""){printf "%s (%s) = %s\n",hash,$2,$1}}' \
-		-e '/^((SHA|MD|RIPEMD)[0-9]+|WHIRLPOOL) \(.*\) = [[:xdigit:]]+/{print $0}' \
-		-e '/^((SHA|MD|RIPEMD)[0-9]+|WHIRLPOOL) [[:xdigit:]]+ [^[:space:]]+$/{ printf "%s (%s) = %s\n",$1,$3,$2; }'
+		-e '/^([A-Z]+[0-9A-Za-z-]+) \(.*\) = [[:xdigit:]]+/{print $0}' \
+		-e '/^([A-Z]+[0-9A-Za-z-]+) [[:xdigit:]]+ [^[:space:]]+$/{ printf "%s (%s) = %s\n",$1,$3,$2; }'
 }
 
 # Pass all directory arguments to find
@@ -63,7 +65,7 @@ fi
 # Check if non-dir arguments were digest files or files that you want to get checked
 DIGESTS_ARGS2=( )
 for f in "${DIGESTS_ARGS[@]}" ; do
-	if [[ "${f/DIGEST}" != "$f" ]] || grep -sq -m 1 -e '# MD5 HASH' -e '# SHA[0-9]\+ HASH' -e ') = [0-9a-f]\+' $f; then
+	if [[ "${f/DIGEST}" != "$f" ]] || grep -sq -m 1 -E -e '# ([A-Z]+[0-9A-Za-z-]+) HASH' -e ') = [0-9a-f]\+' "$f"; then
 		DIGESTS_ARGS2+=( "$f" )
 	else
 		d=$( dirname "$f" )
@@ -85,11 +87,14 @@ DIGESTS=( "${DIGESTS_ARGS2[@]}" "${DIGESTS_FIND[@]}" )
 DIGESTS2="$(echo "${DIGESTS[@]}" | fmt -1 |sed '/.asc$/s/.asc$//' | sort | uniq)"
 DIGESTS=( )
 for d in ${DIGESTS2} ; do
-	if [ -e "${d}" -a -e "${d}.asc" ]; then
+	if [[ -e "${d}" ]] && [[ -e "${d}.asc" ]]; then
+		# split signed
 		DIGESTS+=( "${d}.asc" )
-	elif [ ! -e "${d}" -a -e "${d}.asc" ]; then
+	elif [[ ! -e "${d}" ]] && [[ -e "${d}.asc" ]]; then
+		# cleansigned, with extension
 		DIGESTS+=( "${d}.asc" )
-	elif [ -e "${d}" -a ! -e "${d}.asc" ]; then
+	elif [[ -e "${d}" ]] && [[ ! -e "${d}.asc" ]]; then
+		# cleansigned, no extension
 		DIGESTS+=( "${d}" )
 	fi
 done
@@ -99,8 +104,8 @@ done
 T=$(date -u +%Y%m%dT%H%M%SZ)
 tmp1=$(mktemp --tmpdir)
 tmp2=$(mktemp --tmpdir)
-failures=$(mktemp --tmpdir gentoo-failures.$T.XXXXXXXXXX)
-trap 'rm -f "${tmp1}"" "${tmp2}"' SIGINT SIGTERM EXIT
+failures=$(mktemp --tmpdir "gentoo-failures.$T.XXXXXXXXXX")
+trap 'rm -f "${tmp1}" "${tmp2}"' SIGINT SIGTERM EXIT
 
 # Now check them
 failed_digests=()
@@ -113,17 +118,35 @@ for d in $(echo "${DIGESTS[@]}" | fmt -1 | sort | uniq); do
   checked=0
   found=0
   # order by strength
-  for h in SHA512 SHA384 SHA256 SHA224 SHA1 MD5 ; do
+  for h in BLAKE2B SHA3-512 WHIRLPOOL SHA512 SHA384 SHA256 SHA224 ; do
 	  sleep 0.01
-	  [[ $found -eq 1 ]] && break
+	  [[ "$found" -eq 1 ]] && break
 	  if [[ "${hashes/$h}" != "${hashes}" ]]; then
 		  found=1
 		  echo "using $h"
-		  pushd $(dirname $d) >/dev/null
-		  cmd=$(echo ${h}sum | tr '[:upper:]' '[:lower:]')
-		  grep "^$h " $tmp1 | ionice -c 3 --ignore ${cmd} -c - | tee "$tmp2"
+		  pushd "$(dirname "$d")" >/dev/null
+		  cmd=${h}sum
+		  cmd=${cmd,,}
+		  # Special case, the tool name is different than the hash.
+		  case ${h,,} in
+			  blake2b) cmd='b2sum' ;;
+			  blake2s) cmd='b2sum' ;;
+		  esac
+		  # Check we have the tooling to validate
+		  if command -v "$cmd" >/dev/null; then
+			  :
+		  elif command -v rhash >/dev/null ; then
+			  cmd=rhash
+		  else
+			  echo "Could not find $cmd or rhash to verify ${h} hashes" 1>&2
+			  continue
+		  fi
+		  # Run the tooling now.
+		  # TODO: if we assume rhash is available always, it could check all the hashes at once
+		  # but that means rewriting this loop of strength-ordering
+		  grep "^$h " "$tmp1" | ionice -c 3 --ignore "${cmd}" -c - | tee "$tmp2"
 		  rc=${PIPESTATUS[1]}
-		  if [ $rc -ne 0 ]; then
+		  if [ "$rc" -ne 0 ]; then
 			  failed_digests+=("$d")
 			  cat "$tmp2" >> "$failures"
 		  fi