[gentoo-dev] [PATCH v2 3/4] verify-sig.eclass: Fix handling multiple/duplicate signatures

[Michał Górny]

Signed-off-by: Michał Górny <mgo...@gentoo.org>
---
 eclass/tests/verify-sig.sh | 11 +++++++++++
 eclass/verify-sig.eclass   |  5 +++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/eclass/tests/verify-sig.sh b/eclass/tests/verify-sig.sh
index fb7f2cdb2a5d..a87e2c7703d7 100755
--- a/eclass/tests/verify-sig.sh
+++ b/eclass/tests/verify-sig.sh
@@ -57,6 +57,9 @@ cat > checksums.txt <<-EOF || die
        
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
 empty
        
020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec
        text
        
020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec
 fail
+
+       # duplicate checksum
+       e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 empty
 EOF
 
 test_verify_unsigned_checksums sha256
@@ -70,11 +73,19 @@ eindent
 cat > checksums.txt <<-EOF || die
        junk text that ought to be ignored
 
+       SHA1(empty)=da39a3ee5e6b4b0d3255bfef95601890afd80709
+       SHA1(text)= 9c04cd6372077e9b11f70ca111c9807dc7137e4b
+       SHA1(fail)=9c04cd6372077e9b11f70ca111c9807dc7137e4b
+
        
SHA256(empty)=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
        SHA256(text)= 
b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380
        
SHA256(fail)=b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380
 
        SHA256(annoying ( filename )= yes )= 
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+
+       
SHA512(empty)=cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
+       SHA512(text)= 
020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec
+       
SHA512(fail)=020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec
 EOF
 
 test_verify_unsigned_checksums openssl-dgst
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 815299b419ed..010361bfbc98 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -252,6 +252,7 @@ verify-sig_verify_unsigned_checksums() {
 
        [[ ${checksum_file} == - ]] && checksum_file=/dev/stdin
        local line checksum filename junk ret=0 count=0
+       local -A verified
        while read -r line; do
                if [[ ${line} == "-----BEGIN"* ]]; then
                        die "${FUNCNAME}: PGP armor found, use 
verify-sig_verify_signed_checksums instead"
@@ -278,7 +279,7 @@ verify-sig_verify_unsigned_checksums() {
                fi
 
                if "${algo,,}sum" -c --strict - <<<"${checksum} ${filename}"; 
then
-                       (( count++ ))
+                       verified["${filename}"]=1
                else
                        ret=1
                fi
@@ -286,7 +287,7 @@ verify-sig_verify_unsigned_checksums() {
 
        [[ ${ret} -eq 0 ]] ||
                die "${FUNCNAME}: at least one file did not verify successfully"
-       [[ ${count} -eq ${#files[@]} ]] ||
+       [[ ${#verified[@]} -eq ${#files[@]} ]] ||
                die "${FUNCNAME}: checksums for some of the specified files 
were missing"
 }
 
-- 
2.42.0