System.Data.SQLite

Check-in [8d36bd8426]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Update the release archive verification tool to deal with SHA3 hashes.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 8d36bd8426e9ff301fff8f2bc8f13e45ccf64a9f
User & Date: mistachkin 2017-03-14 21:07:43.159
Context
2017-04-03
23:39
Update SQLite core library to the 3.18.0 release. check-in: e5b99f9b24 user: mistachkin tags: trunk
2017-03-14
21:07
Update the release archive verification tool to deal with SHA3 hashes. check-in: 8d36bd8426 user: mistachkin tags: trunk
2017-03-13
21:22
For the design-time components installer tool, make sure that verbose mode is honored for mock registry keys even in the event that a parameter has an invalid value. check-in: d1111b2d68 user: mistachkin tags: trunk
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to Setup/verify.eagle.
18
19
20
21
22
23
24
25

26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62













63
64
65
66
67
68
69
18
19
20
21
22
23
24

25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82







-
+


















-
+


















+
+
+
+
+
+
+
+
+
+
+
+
+








  #
  # NOTE: Indicate to the caller, if any, that we have failed.
  #
  exit 1
}

proc getSha1Hashes { varName } {
proc getFileHashes { varName } {
  variable fossil

  upvar 1 $varName hashes

  set data [exec -success Success -nocarriagereturns -- \
      $fossil artifact current]; # or "release"

  set result 0
  set lines [split $data \n]

  foreach line $lines {
    if {[string range $line 0 1] eq "F "} then {
      set fields [split $line " "]

      if {[llength $fields] >= 3} then {
        set fileName [string map [list \\s " "] [lindex $fields 1]]
        set hash [lindex $fields 2]

        if {[regexp -- {[0-9a-f]{40}} $hash]} then {
        if {[regexp -- {[0-9a-f]{40,64}} $hash]} then {
          set hashes($fileName) $hash; incr result
        }
      }
    }
  }

  return $result
}

proc getSha1Sum { fileName } {
  variable fossil

  set hash [string range [exec -success Success -nocarriagereturns \
      -trimall -- $fossil sha1sum [appendArgs \" $fileName \"]] 0 39]

  if {[regexp -- {[0-9a-f]{40}} $hash]} then {
    return $hash
  }

  return ""
}

proc getSha3Sum { fileName } {
  variable fossil

  set hash [string range [exec -success Success -nocarriagereturns \
      -trimall -- $fossil sha3sum [appendArgs \" $fileName \"]] 0 63]

  if {[regexp -- {[0-9a-f]{64}} $hash]} then {
    return $hash
  }

  return ""
}

set argc [llength $argv]

if {$argc >= 2 && $argc <= 3} then {
162
163
164
165
166
167
168
169

170
171
172
173
174
175
176
175
176
177
178
179
180
181

182
183
184
185
186
187
188
189







-
+







  }

  if {$withHashes} then {
    if {![file exists $fossil]} then {
      usage [appendArgs "tool \"" $fossil "\" is missing"]
    }

    if {[getSha1Hashes hashes] == 0} then {
    if {[getFileHashes hashes] == 0} then {
      usage "no repository hashes are available"
    }
  }

  set hashPrefix [expr {$failHashes ? "ERROR" : "WARNING"}]
  set archiveFileNames [list]

305
306
307
308
309
310
311
312

313
314
315
316
317
318
319
320

321
322
323
324
325
326
327
318
319
320
321
322
323
324

325
326
327
328
329
330
331
332

333
334
335
336
337
338
339
340







-
+







-
+







              "\" missing file \"" $manifestFileName \
              "\" from manifest \"" $manifest "\"."]

          set exitCode 1
        }

        #
        # NOTE: Skip checking SHA1 hashes if it was not requested on the
        # NOTE: Skip checking hashes if that was not requested on the
        #       command line.
        #
        if {!$withHashes} then {
          continue
        }

        #
        # HACK: For now, only verify SHA1 hashes for those files actually
        # HACK: For now, only verify hashes for those files actually
        #       present in the repository.
        #
        if {![string match -nocase -- *Source* $archiveFileName] && \
            ![info exists hashes($manifestFileName)]} then {
          continue
        }

345
346
347
348
349
350
351



352


353
354
355
356
357
358
359
358
359
360
361
362
363
364
365
366
367

368
369
370
371
372
373
374
375
376







+
+
+
-
+
+







        }

        try {
          if {[info exists hashes($manifestFileName)]} then {
            if {[catch {
              eval [string map $extractCommandMap $extractCommand]
            } result] == 0} then {
              if {[string length $hashes($manifestFileName)] == 64} then {
                set hash [getSha3Sum $extractFileName]
              } else {
              set hash [getSha1Sum $extractFileName]
                set hash [getSha1Sum $extractFileName]
              }

              if {[string length $hash] > 0} then {
                if {$hash ne $hashes($manifestFileName)} then {
                  puts stdout [appendArgs \
                      $hashPrefix ": Archive \"" $archiveFileName \
                      "\" file \"" $manifestFileName \
                      "\" repository hash mismatch, have \"" \