/pidgin/main: fb9fe934688e: Use the gpg signature, if available ...

Daniel Atallah datallah at pidgin.im
Thu Sep 27 00:48:36 EDT 2012


Changeset: fb9fe934688eeb5b244feb0ad0ee0aa60c91878b
Author:	 Daniel Atallah <datallah at pidgin.im>
Date:	 2012-09-27 00:23 -0400
Branch:	 release-2.x.y
URL: http://hg.pidgin.im/pidgin/main/rev/fb9fe934688e

Description:

Use the gpg signature, if available to validate downloaded GTK+ components

diffstat:

 pidgin/win32/nsis/generate_gtk_zip.sh |  55 +++++++++++++++++++++++-----------
 1 files changed, 37 insertions(+), 18 deletions(-)

diffs (87 lines):

diff --git a/pidgin/win32/nsis/generate_gtk_zip.sh b/pidgin/win32/nsis/generate_gtk_zip.sh
--- a/pidgin/win32/nsis/generate_gtk_zip.sh
+++ b/pidgin/win32/nsis/generate_gtk_zip.sh
@@ -8,7 +8,7 @@ if [ ! -e $PIDGIN_BASE/ChangeLog ]; then
 	exit 1
 fi
 
-STAGE_DIR=$PIDGIN_BASE/pidgin/win32/nsis/gtk_runtime_stage
+STAGE_DIR=`readlink -f $PIDGIN_BASE/pidgin/win32/nsis/gtk_runtime_stage`
 #Subdirectory of $STAGE_DIR
 INSTALL_DIR=Gtk
 CONTENTS_FILE=$INSTALL_DIR/CONTENTS
@@ -16,19 +16,19 @@ CONTENTS_FILE=$INSTALL_DIR/CONTENTS
 #This needs to be changed every time there is any sort of change.
 BUNDLE_VERSION=2.16.6.1
 
-ATK="http://ftp.gnome.org/pub/gnome/binaries/win32/atk/1.32/atk_1.32.0-2_win32.zip ATK 1.32.0-2 3c31c9d6b19af840e2bd8ccbfef4072a6548dc4e"
+ATK="http://ftp.gnome.org/pub/gnome/binaries/win32/atk/1.32/atk_1.32.0-2_win32.zip ATK 1.32.0-2 sha1sum:3c31c9d6b19af840e2bd8ccbfef4072a6548dc4e"
 #Cairo 1.10.2 has a bug that can be seen when selecting text
-#CAIRO="http://ftp.gnome.org/pub/GNOME/binaries/win32/dependencies/cairo_1.10.2-2_win32.zip Cairo 1.10.2-2 d44cd66a9f4d7d29a8f2c28d1c1c5f9b0525ba44"
-CAIRO="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/cairo_1.8.10-1_win32.zip Cairo 1.8.10-1 a08476cccd807943958610977a138c4d6097c7b8"
-EXPAT="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/expat_2.1.0-1_win32.zip Expat 2.1.0-1 607ba00b8c7c4be5f1701f914b972c2b12005062"
-FONTCONFIG="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/fontconfig_2.8.0-2_win32.zip Fontconfig 2.8.0-2 37a3117ea6cc50c8a88fba9b6018f35a04fa71ce"
-FREETYPE="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/freetype_2.4.10-1_win32.zip Freetype 2.4.10-1 e4655cf2a590fd5fbe8861a9fcbfd32131e61cac"
-GETTEXT="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/gettext-runtime_0.18.1.1-2_win32.zip Gettext 0.18.1.1-2 a7cc1ce2b99b408d1bbea9a3b4520fcaf26783b3"
-GLIB="http://ftp.gnome.org/pub/gnome/binaries/win32/glib/2.28/glib_2.28.8-1_win32.zip Glib 2.28.8-1 5d158f4c77ca0b5508e1042955be573dd940b574"
-GTK="http://ftp.acc.umu.se/pub/gnome/binaries/win32/gtk+/2.16/gtk+_2.16.6-2_win32.zip GTK+ 2.16.6-2 012853e6de814ebda0cc4459f9eed8ae680e6d17"
-LIBPNG="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/libpng_1.4.12-1_win32.zip libpng 1.4.12-1 64f271ca9ae5dc6e5fc0a8129b9ef4297df7959f"
-PANGO="http://ftp.gnome.org/pub/gnome/binaries/win32/pango/1.29/pango_1.29.4-1_win32.zip Pango 1.29.4-1 3959319bd04fbce513458857f334ada279b8cdd4"
-ZLIB="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/zlib_1.2.5-2_win32.zip zlib 1.2.5-2 568907188761df2d9309196e447d91bbc5555d2b"
+#CAIRO="http://ftp.gnome.org/pub/GNOME/binaries/win32/dependencies/cairo_1.10.2-2_win32.zip Cairo 1.10.2-2 sha1sum:d44cd66a9f4d7d29a8f2c28d1c1c5f9b0525ba44"
+CAIRO="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/cairo_1.8.10-1_win32.zip Cairo 1.8.10-1 sha1sum:a08476cccd807943958610977a138c4d6097c7b8"
+EXPAT="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/expat_2.1.0-1_win32.zip Expat 2.1.0-1 gpg:0x71D4DDE53F188CBE"
+FONTCONFIG="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/fontconfig_2.8.0-2_win32.zip Fontconfig 2.8.0-2 sha1sum:37a3117ea6cc50c8a88fba9b6018f35a04fa71ce"
+FREETYPE="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/freetype_2.4.10-1_win32.zip Freetype 2.4.10-1 gpg:0x71D4DDE53F188CBE"
+GETTEXT="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/gettext-runtime_0.18.1.1-2_win32.zip Gettext 0.18.1.1-2 sha1sum:a7cc1ce2b99b408d1bbea9a3b4520fcaf26783b3"
+GLIB="http://ftp.gnome.org/pub/gnome/binaries/win32/glib/2.28/glib_2.28.8-1_win32.zip Glib 2.28.8-1 sha1sum:5d158f4c77ca0b5508e1042955be573dd940b574"
+GTK="http://ftp.acc.umu.se/pub/gnome/binaries/win32/gtk+/2.16/gtk+_2.16.6-2_win32.zip GTK+ 2.16.6-2 sha1sum:012853e6de814ebda0cc4459f9eed8ae680e6d17"
+LIBPNG="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/libpng_1.4.12-1_win32.zip libpng 1.4.12-1 gpg:0x71D4DDE53F188CBE"
+PANGO="http://ftp.gnome.org/pub/gnome/binaries/win32/pango/1.29/pango_1.29.4-1_win32.zip Pango 1.29.4-1 sha1sum:3959319bd04fbce513458857f334ada279b8cdd4"
+ZLIB="http://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/zlib_1.2.5-2_win32.zip zlib 1.2.5-2 sha1sum:568907188761df2d9309196e447d91bbc5555d2b"
 
 ALL="ATK CAIRO EXPAT FONTCONFIG FREETYPE GETTEXT GLIB GTK LIBPNG PANGO ZLIB"
 
@@ -43,7 +43,7 @@ echo Bundle Version $BUNDLE_VERSION > $C
 
 function download_and_extract {
 	URL=${1%%\ *}
-	SHA1SUM=${1##*\ }
+	VALIDATION=${1##*\ }
 	NAME=${1%\ *}
 	NAME=${NAME#*\ }
 	FILE=$(basename $URL)
@@ -51,10 +51,29 @@ function download_and_extract {
 		echo Downloading $NAME
 		wget $URL || exit 1
 	fi
-	CHECK_SHA1SUM=`sha1sum $FILE`
-	CHECK_SHA1SUM=${CHECK_SHA1SUM%%\ *}
-	if [ "$CHECK_SHA1SUM" != "$SHA1SUM" ]; then
-		echo "sha1sum ($CHECK_SHA1SUM) for $FILE doesn't match expected value of $SHA1SUM"
+	VALIDATION_TYPE=${VALIDATION%%:*}
+	VALIDATION_VALUE=${VALIDATION##*:}
+	if [ $VALIDATION_TYPE == 'sha1sum' ]; then
+		CHECK_SHA1SUM=`sha1sum $FILE`
+		CHECK_SHA1SUM=${CHECK_SHA1SUM%%\ *}
+		if [ "$CHECK_SHA1SUM" != "$VALIDATION_VALUE" ]; then
+			echo "sha1sum ($CHECK_SHA1SUM) for $FILE doesn't match expected value of $VALIDATION_VALUE"
+			exit 1
+		fi
+	elif [ $VALIDATION_TYPE == 'gpg' ]; then
+		if [ ! -e "$FILE.asc" ]; then
+			echo Downloading GPG key for $NAME
+			wget "$URL.asc" || exit 1
+		fi
+		#Use our own keyring to avoid adding stuff to the main keyring
+		GPG="gpg -q --keyring $VALIDATION_VALUE-keyring.gpg"
+		$GPG --list-keys "$VALIDATION_VALUE" > /dev/null
+		if [ $? -ne 0 ]; then
+		       	$GPG --keyserver pgp.mit.edu --recv-key "$VALIDATION_VALUE" || exit 1
+		fi
+		$GPG --verify "$FILE.asc" || (echo "$FILE failed signature verification"; exit 1) || exit 1
+	else
+		echo "Unrecognized validation type of $VALIDATION_TYPE"
 		exit 1
 	fi
 	EXTENSION=${FILE##*.}



More information about the Commits mailing list