diff options
Diffstat (limited to 'src/share/yang/modules/utils/check-hashes.sh')
-rwxr-xr-x | src/share/yang/modules/utils/check-hashes.sh | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/src/share/yang/modules/utils/check-hashes.sh b/src/share/yang/modules/utils/check-hashes.sh new file mode 100755 index 0000000..efe9c5e --- /dev/null +++ b/src/share/yang/modules/utils/check-hashes.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +# Copyright (C) 2018-2022 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Check hashes +# +# This developer script verifies recorded hashes still match the +# result of SHA-256 checksums of the YIN format. +# Requires yanglint to translate YANG to YIN formats and openssl +# for a system independent SHA-256. + +# Exit with error if commands exit with non-zero and if undefined variables are +# used. +set -eu + +# Change directory to the YANG modules' directory. +cd "/home/admin/workspace/kea-2.4/build-tarball/kea/src/share/yang/modules" + +amend=false +if test "${1-}" = '-a' || test "${1-}" = '--amend'; then + amend=true +fi + +exit_code=0 + +LIBYANG_PREFIX='' + +# Find yanglint. +if test -f "${LIBYANG_PREFIX}/bin/yanglint"; then + yanglint="${LIBYANG_PREFIX}/bin/yanglint" + LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}:${LIBYANG_PREFIX}/lib:${LIBYANG_PREFIX}/lib64" + export LD_LIBRARY_PATH +elif command -v yanglint; then + yanglint='yanglint' +else + exit_code=$((exit_code | 2)) + printf 'ERROR: cannot find yanglint.\n' >&2 + exit "${exit_code}" +fi + +for m in *.yang; do + hash1=$("${yanglint}" -f yin "${m}" | openssl dgst -sha256 | sed 's/(stdin)= //' | sed 's/SHA2-256//') + h="hashes/$(basename "${m}" .yang).hash" + if test -f "${h}"; then + hash2=$(cat "${h}") + if test "$hash1" != "$hash2" + then + exit_code=$((exit_code | 4)) + printf 'ERROR: hash mismatch on %s expected %s in %s\n' "${m}" "${hash1}" "${h}" >&2 + if "${amend}"; then + printf '%s\n' "${hash1}" > "${h}" + fi + fi + else + exit_code=$((exit_code | 8)) + printf 'ERROR: missing hash file %s for %s\n' "${h}" "${m}" >&2 + if "${amend}"; then + printf '%s\n' "${hash1}" > "${h}" + fi + fi +done + +exit "${exit_code}" |