#!/bin/sh # Copyright (C) 2018-2022 Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # Check hashes # # This developer script verifies recorded hashes still match the # result of SHA-256 checksums of the YIN format. # Requires yanglint to translate YANG to YIN formats and openssl # for a system independent SHA-256. # Exit with error if commands exit with non-zero and if undefined variables are # used. set -eu # Change directory to the YANG modules' directory. cd "@abs_top_srcdir@/src/share/yang/modules" amend=false if test "${1-}" = '-a' || test "${1-}" = '--amend'; then amend=true fi exit_code=0 LIBYANG_PREFIX='@LIBYANG_PREFIX@' # Find yanglint. if test -f "${LIBYANG_PREFIX}/bin/yanglint"; then yanglint="${LIBYANG_PREFIX}/bin/yanglint" LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}:${LIBYANG_PREFIX}/lib:${LIBYANG_PREFIX}/lib64" export LD_LIBRARY_PATH elif command -v yanglint; then yanglint='yanglint' else exit_code=$((exit_code | 2)) printf 'ERROR: cannot find yanglint.\n' >&2 exit "${exit_code}" fi for m in *.yang; do hash1=$("${yanglint}" -f yin "${m}" | openssl dgst -sha256 | sed 's/(stdin)= //' | sed 's/SHA2-256//') h="hashes/$(basename "${m}" .yang).hash" if test -f "${h}"; then hash2=$(cat "${h}") if test "$hash1" != "$hash2" then exit_code=$((exit_code | 4)) printf 'ERROR: hash mismatch on %s expected %s in %s\n' "${m}" "${hash1}" "${h}" >&2 if "${amend}"; then printf '%s\n' "${hash1}" > "${h}" fi fi else exit_code=$((exit_code | 8)) printf 'ERROR: missing hash file %s for %s\n' "${h}" "${m}" >&2 if "${amend}"; then printf '%s\n' "${hash1}" > "${h}" fi fi done exit "${exit_code}"