diff options
Diffstat (limited to 'src/share/yang/modules/utils/check-hashes.sh')
-rwxr-xr-x | src/share/yang/modules/utils/check-hashes.sh | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/src/share/yang/modules/utils/check-hashes.sh b/src/share/yang/modules/utils/check-hashes.sh new file mode 100755 index 0000000..968289d --- /dev/null +++ b/src/share/yang/modules/utils/check-hashes.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# Copyright (C) 2018-2022 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Check hashes +# +# This developer script verifies recorded hashes still match the +# result of SHA-256 checksums of the YIN format. +# Requires yanglint to translate YANG to YIN formats and openssl +# for a system independent SHA-256. + +# Exit with error if commands exit with non-zero and if undefined variables are +# used. +set -eu + +# Change directory to the YANG modules' directory. +script_path=$(cd "$(dirname "${0}")" && pwd) +cd "${script_path}/.." + +amend=false +if test "${1-}" = '-a' || test "${1-}" = '--amend'; then + amend=true +fi + +exit_code=0 +for m in *.yang +do + hash1=$(yanglint -f yin "${m}" | openssl dgst -sha256 | sed 's/(stdin)= //' | sed 's/SHA2-256//') + h="hashes/$(basename "${m}" .yang).hash" + if test -f "${h}" + then + hash2=$(cat "${h}") + if test "$hash1" != "$hash2" + then + exit_code=$((exit_code | 1)) + printf 'hash mismatch on %s expected %s in %s\n' "${m}" "${hash1}" "${h}" + if "${amend}"; then + printf '%s\n' "${hash1}" > "${h}" + fi + fi + else + exit_code=$((exit_code | 2)) + printf 'missing hash file %s for %s\n' "${h}" "${m}" + if "${amend}"; then + printf '%s\n' "${hash1}" > "${h}" + fi + fi +done + +exit "${exit_code}" |