paheko-fork/tools/fossil-verify.sh

#!/bin/bash

REPO="$1"

if [ ! -f "$1/manifest" ]
then
	echo "Missing manifest, maybe you didn't specify a repository path,"
	echo "or you didn't enable the manifest? (fossil settings manifest on)"
	echo "Usage: $0 FOSSIL_REPOSITORY_PATH"
	exit 1
fi

gpg --verify "$1/manifest" 2> /dev/null

if [ $? != 0 ]
then
	echo "Manifest signature failed to verify"
	exit 2
fi

TMPFILE=$(mktemp)

while IFS= read -r LINE
do
	if [ "${LINE:0:2}" != "F " ]
	then
		echo "$LINE" >> $TMPFILE
		continue
	fi

	# Split string by spaces
	PARTS=($LINE)

	FILE_ENCODED="${PARTS[1]}"
	FILE="${PARTS[1]//\\s/ }"
	HASH="${PARTS[2]}"

	if [ "${#HASH}" = 40 ]
	then
		NEW_HASH=$(sha1sum "$1/$FILE" | awk '{print $1}')
	else
		NEW_HASH=$(openssl dgst -sha3-256 -binary "$1/$FILE" | xxd -p -c 100)
	fi

	if [ "$HASH" != "$NEW_HASH" ]
	then
		echo "Local file has changed"
		echo "$FILE"
		echo "Manifest hash:   $HASH"
		echo "Local file hash: $NEW_HASH"
		exit 2
	fi

	PARTS[2]="$HASH"

	# join parts in a new string
	NEW_LINE="$(printf " %s" "${PARTS[@]}")"
	NEW_LINE="${NEW_LINE:1}"

	echo "$NEW_LINE" >> $TMPFILE
done < "$1/manifest"

gpg --verify $TMPFILE 2>/dev/null

if [ $? != 0 ]
then
	echo "Something has changed between manifest and check?!"
	diff "$1/manifest" $TMPFILE
	rm -f $TMPFILE
	exit 2
fi

rm -f $TMPFILE
exit 0
initial commit 2024-01-19 15:39:49 +00:00			`#!/bin/bash`

			`REPO="$1"`

			`if [ ! -f "$1/manifest" ]`
			`then`
			`echo "Missing manifest, maybe you didn't specify a repository path,"`
			`echo "or you didn't enable the manifest? (fossil settings manifest on)"`
			`echo "Usage: $0 FOSSIL_REPOSITORY_PATH"`
			`exit 1`
			`fi`

			`gpg --verify "$1/manifest" 2> /dev/null`

			`if [ $? != 0 ]`
			`then`
			`echo "Manifest signature failed to verify"`
			`exit 2`
			`fi`

			`TMPFILE=$(mktemp)`

			`while IFS= read -r LINE`
			`do`
			`if [ "${LINE:0:2}" != "F " ]`
			`then`
			`echo "$LINE" >> $TMPFILE`
			`continue`
			`fi`

			`# Split string by spaces`
			`PARTS=($LINE)`

			`FILE_ENCODED="${PARTS[1]}"`
			`FILE="${PARTS[1]//\\s/ }"`
			`HASH="${PARTS[2]}"`

			`if [ "${#HASH}" = 40 ]`
			`then`
			`NEW_HASH=$(sha1sum "$1/$FILE" \| awk '{print $1}')`
			`else`
			`NEW_HASH=$(openssl dgst -sha3-256 -binary "$1/$FILE" \| xxd -p -c 100)`
			`fi`

			`if [ "$HASH" != "$NEW_HASH" ]`
			`then`
			`echo "Local file has changed"`
			`echo "$FILE"`
			`echo "Manifest hash: $HASH"`
			`echo "Local file hash: $NEW_HASH"`
			`exit 2`
			`fi`

			`PARTS[2]="$HASH"`

			`# join parts in a new string`
			`NEW_LINE="$(printf " %s" "${PARTS[@]}")"`
			`NEW_LINE="${NEW_LINE:1}"`

			`echo "$NEW_LINE" >> $TMPFILE`
			`done < "$1/manifest"`

			`gpg --verify $TMPFILE 2>/dev/null`

			`if [ $? != 0 ]`
			`then`
			`echo "Something has changed between manifest and check?!"`
			`diff "$1/manifest" $TMPFILE`
			`rm -f $TMPFILE`
			`exit 2`
			`fi`

			`rm -f $TMPFILE`
			`exit 0`