summaryrefslogtreecommitdiffstats
path: root/src/share/yang/modules/utils/check-hashes.sh
diff options
context:
space:
mode:
Diffstat (limited to 'src/share/yang/modules/utils/check-hashes.sh')
-rwxr-xr-xsrc/share/yang/modules/utils/check-hashes.sh67
1 files changed, 67 insertions, 0 deletions
diff --git a/src/share/yang/modules/utils/check-hashes.sh b/src/share/yang/modules/utils/check-hashes.sh
new file mode 100755
index 0000000..efe9c5e
--- /dev/null
+++ b/src/share/yang/modules/utils/check-hashes.sh
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+# Copyright (C) 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Check hashes
+#
+# This developer script verifies recorded hashes still match the
+# result of SHA-256 checksums of the YIN format.
+# Requires yanglint to translate YANG to YIN formats and openssl
+# for a system independent SHA-256.
+
+# Exit with error if commands exit with non-zero and if undefined variables are
+# used.
+set -eu
+
+# Change directory to the YANG modules' directory.
+cd "/home/admin/workspace/kea-2.4/build-tarball/kea/src/share/yang/modules"
+
+amend=false
+if test "${1-}" = '-a' || test "${1-}" = '--amend'; then
+ amend=true
+fi
+
+exit_code=0
+
+LIBYANG_PREFIX=''
+
+# Find yanglint.
+if test -f "${LIBYANG_PREFIX}/bin/yanglint"; then
+ yanglint="${LIBYANG_PREFIX}/bin/yanglint"
+ LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}:${LIBYANG_PREFIX}/lib:${LIBYANG_PREFIX}/lib64"
+ export LD_LIBRARY_PATH
+elif command -v yanglint; then
+ yanglint='yanglint'
+else
+ exit_code=$((exit_code | 2))
+ printf 'ERROR: cannot find yanglint.\n' >&2
+ exit "${exit_code}"
+fi
+
+for m in *.yang; do
+ hash1=$("${yanglint}" -f yin "${m}" | openssl dgst -sha256 | sed 's/(stdin)= //' | sed 's/SHA2-256//')
+ h="hashes/$(basename "${m}" .yang).hash"
+ if test -f "${h}"; then
+ hash2=$(cat "${h}")
+ if test "$hash1" != "$hash2"
+ then
+ exit_code=$((exit_code | 4))
+ printf 'ERROR: hash mismatch on %s expected %s in %s\n' "${m}" "${hash1}" "${h}" >&2
+ if "${amend}"; then
+ printf '%s\n' "${hash1}" > "${h}"
+ fi
+ fi
+ else
+ exit_code=$((exit_code | 8))
+ printf 'ERROR: missing hash file %s for %s\n' "${h}" "${m}" >&2
+ if "${amend}"; then
+ printf '%s\n' "${hash1}" > "${h}"
+ fi
+ fi
+done
+
+exit "${exit_code}"