/pidgin/main: fb9fe934688e: Use the gpg signature, if available ...
Daniel Atallah
datallah at pidgin.im
Thu Sep 27 00:48:36 EDT 2012
Changeset: fb9fe934688eeb5b244feb0ad0ee0aa60c91878b
Author: Daniel Atallah <datallah at pidgin.im>
Date: 2012-09-27 00:23 -0400
Branch: release-2.x.y
URL: http://hg.pidgin.im/pidgin/main/rev/fb9fe934688e
Description:
Use the gpg signature, if available to validate downloaded GTK+ components
diffstat:
pidgin/win32/nsis/generate_gtk_zip.sh | 55 +++++++++++++++++++++++-----------
1 files changed, 37 insertions(+), 18 deletions(-)
diffs (87 lines):
diff --git a/pidgin/win32/nsis/generate_gtk_zip.sh b/pidgin/win32/nsis/generate_gtk_zip.sh
--- a/pidgin/win32/nsis/generate_gtk_zip.sh
+++ b/pidgin/win32/nsis/generate_gtk_zip.sh
@@ -8,7 +8,7 @@ if [ ! -e $PIDGIN_BASE/ChangeLog ]; then
exit 1
fi
-STAGE_DIR=$PIDGIN_BASE/pidgin/win32/nsis/gtk_runtime_stage
+STAGE_DIR=`readlink -f $PIDGIN_BASE/pidgin/win32/nsis/gtk_runtime_stage`
#Subdirectory of $STAGE_DIR
INSTALL_DIR=Gtk
CONTENTS_FILE=$INSTALL_DIR/CONTENTS
@@ -16,19 +16,19 @@ CONTENTS_FILE=$INSTALL_DIR/CONTENTS
#This needs to be changed every time there is any sort of change.
BUNDLE_VERSION=2.16.6.1
-ATK="http://ftp.gnome.org/pub/gnome/binaries/win32/atk/1.32/atk_1.32.0-2_win32.zip ATK 1.32.0-2 3c31c9d6b19af840e2bd8ccbfef4072a6548dc4e"
+ATK="http://ftp.gnome.org/pub/gnome/binaries/win32/atk/1.32/atk_1.32.0-2_win32.zip ATK 1.32.0-2 sha1sum:3c31c9d6b19af840e2bd8ccbfef4072a6548dc4e"
#Cairo 1.10.2 has a bug that can be seen when selecting text
-#CAIRO="http://ftp.gnome.org/pub/GNOME/binaries/win32/dependencies/cairo_1.10.2-2_win32.zip Cairo 1.10.2-2 d44cd66a9f4d7d29a8f2c28d1c1c5f9b0525ba44"
-CAIRO="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/cairo_1.8.10-1_win32.zip Cairo 1.8.10-1 a08476cccd807943958610977a138c4d6097c7b8"
-EXPAT="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/expat_2.1.0-1_win32.zip Expat 2.1.0-1 607ba00b8c7c4be5f1701f914b972c2b12005062"
-FONTCONFIG="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/fontconfig_2.8.0-2_win32.zip Fontconfig 2.8.0-2 37a3117ea6cc50c8a88fba9b6018f35a04fa71ce"
-FREETYPE="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/freetype_2.4.10-1_win32.zip Freetype 2.4.10-1 e4655cf2a590fd5fbe8861a9fcbfd32131e61cac"
-GETTEXT="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/gettext-runtime_0.18.1.1-2_win32.zip Gettext 0.18.1.1-2 a7cc1ce2b99b408d1bbea9a3b4520fcaf26783b3"
-GLIB="http://ftp.gnome.org/pub/gnome/binaries/win32/glib/2.28/glib_2.28.8-1_win32.zip Glib 2.28.8-1 5d158f4c77ca0b5508e1042955be573dd940b574"
-GTK="http://ftp.acc.umu.se/pub/gnome/binaries/win32/gtk+/2.16/gtk+_2.16.6-2_win32.zip GTK+ 2.16.6-2 012853e6de814ebda0cc4459f9eed8ae680e6d17"
-LIBPNG="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/libpng_1.4.12-1_win32.zip libpng 1.4.12-1 64f271ca9ae5dc6e5fc0a8129b9ef4297df7959f"
-PANGO="http://ftp.gnome.org/pub/gnome/binaries/win32/pango/1.29/pango_1.29.4-1_win32.zip Pango 1.29.4-1 3959319bd04fbce513458857f334ada279b8cdd4"
-ZLIB="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/zlib_1.2.5-2_win32.zip zlib 1.2.5-2 568907188761df2d9309196e447d91bbc5555d2b"
+#CAIRO="http://ftp.gnome.org/pub/GNOME/binaries/win32/dependencies/cairo_1.10.2-2_win32.zip Cairo 1.10.2-2 sha1sum:d44cd66a9f4d7d29a8f2c28d1c1c5f9b0525ba44"
+CAIRO="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/cairo_1.8.10-1_win32.zip Cairo 1.8.10-1 sha1sum:a08476cccd807943958610977a138c4d6097c7b8"
+EXPAT="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/expat_2.1.0-1_win32.zip Expat 2.1.0-1 gpg:0x71D4DDE53F188CBE"
+FONTCONFIG="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/fontconfig_2.8.0-2_win32.zip Fontconfig 2.8.0-2 sha1sum:37a3117ea6cc50c8a88fba9b6018f35a04fa71ce"
+FREETYPE="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/freetype_2.4.10-1_win32.zip Freetype 2.4.10-1 gpg:0x71D4DDE53F188CBE"
+GETTEXT="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/gettext-runtime_0.18.1.1-2_win32.zip Gettext 0.18.1.1-2 sha1sum:a7cc1ce2b99b408d1bbea9a3b4520fcaf26783b3"
+GLIB="http://ftp.gnome.org/pub/gnome/binaries/win32/glib/2.28/glib_2.28.8-1_win32.zip Glib 2.28.8-1 sha1sum:5d158f4c77ca0b5508e1042955be573dd940b574"
+GTK="http://ftp.acc.umu.se/pub/gnome/binaries/win32/gtk+/2.16/gtk+_2.16.6-2_win32.zip GTK+ 2.16.6-2 sha1sum:012853e6de814ebda0cc4459f9eed8ae680e6d17"
+LIBPNG="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/libpng_1.4.12-1_win32.zip libpng 1.4.12-1 gpg:0x71D4DDE53F188CBE"
+PANGO="http://ftp.gnome.org/pub/gnome/binaries/win32/pango/1.29/pango_1.29.4-1_win32.zip Pango 1.29.4-1 sha1sum:3959319bd04fbce513458857f334ada279b8cdd4"
+ZLIB="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/zlib_1.2.5-2_win32.zip zlib 1.2.5-2 sha1sum:568907188761df2d9309196e447d91bbc5555d2b"
ALL="ATK CAIRO EXPAT FONTCONFIG FREETYPE GETTEXT GLIB GTK LIBPNG PANGO ZLIB"
@@ -43,7 +43,7 @@ echo Bundle Version $BUNDLE_VERSION > $C
function download_and_extract {
URL=${1%%\ *}
- SHA1SUM=${1##*\ }
+ VALIDATION=${1##*\ }
NAME=${1%\ *}
NAME=${NAME#*\ }
FILE=$(basename $URL)
@@ -51,10 +51,29 @@ function download_and_extract {
echo Downloading $NAME
wget $URL || exit 1
fi
- CHECK_SHA1SUM=`sha1sum $FILE`
- CHECK_SHA1SUM=${CHECK_SHA1SUM%%\ *}
- if [ "$CHECK_SHA1SUM" != "$SHA1SUM" ]; then
- echo "sha1sum ($CHECK_SHA1SUM) for $FILE doesn't match expected value of $SHA1SUM"
+ VALIDATION_TYPE=${VALIDATION%%:*}
+ VALIDATION_VALUE=${VALIDATION##*:}
+ if [ $VALIDATION_TYPE == 'sha1sum' ]; then
+ CHECK_SHA1SUM=`sha1sum $FILE`
+ CHECK_SHA1SUM=${CHECK_SHA1SUM%%\ *}
+ if [ "$CHECK_SHA1SUM" != "$VALIDATION_VALUE" ]; then
+ echo "sha1sum ($CHECK_SHA1SUM) for $FILE doesn't match expected value of $VALIDATION_VALUE"
+ exit 1
+ fi
+ elif [ $VALIDATION_TYPE == 'gpg' ]; then
+ if [ ! -e "$FILE.asc" ]; then
+ echo Downloading GPG key for $NAME
+ wget "$URL.asc" || exit 1
+ fi
+ #Use our own keyring to avoid adding stuff to the main keyring
+ GPG="gpg -q --keyring $VALIDATION_VALUE-keyring.gpg"
+ $GPG --list-keys "$VALIDATION_VALUE" > /dev/null
+ if [ $? -ne 0 ]; then
+ $GPG --keyserver pgp.mit.edu --recv-key "$VALIDATION_VALUE" || exit 1
+ fi
+ $GPG --verify "$FILE.asc" || (echo "$FILE failed signature verification"; exit 1) || exit 1
+ else
+ echo "Unrecognized validation type of $VALIDATION_TYPE"
exit 1
fi
EXTENSION=${FILE##*.}
More information about the Commits
mailing list