scripts: signall: fix wrong sha256sum on apk packages.adb index
authorPetr Štetiar <ynezz@true.cz>
Sat, 28 Sep 2024 12:22:35 +0000 (12:22 +0000)
committerPetr Štetiar <ynezz@true.cz>
Sun, 29 Sep 2024 17:59:15 +0000 (17:59 +0000)
Currently the sha256sum verification of apk's packages.adb index
fails as the file is modified with `apk adbsign`.

So lets update sha256sum of all packages.adb indexes after they were
signed with `apk adbsign`.

While at it fix formatting.

Fixes: a94d4e15fdc1 ("add APK signing logic")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
scripts/signall.sh

index 21593498b7c151409acb42c04596d6a0141f5eea..4c7ef49752e5305e7f1036061f28237006f14729 100755 (executable)
@@ -72,12 +72,28 @@ APKSIGNKEY="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "apk_key")"
 fi
 
 if [ -n "$APKSIGNKEY" ]; then
-    umask 077
-    echo "$APKSIGNKEY" > "$tmpdir/apk.pem"
+       umask 077
+       echo "$APKSIGNKEY" > "$tmpdir/apk.pem"
 
-    umask 022
-    find "$tmpdir/tar/" -type f -name "packages.adb" -exec \
-        "${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "{}" \; || finish 6
+       umask 022
+       find "$tmpdir/tar/" -type f -name "packages.adb" -exec \
+               "${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "{}" \; || finish 3
+
+       find "$tmpdir/tar/" -type f -name sha256sums | while read -r file; do
+               dir=$(dirname "$file")
+               pushd "$dir" || finish 3
+
+               grep 'packages\.adb' sha256sums | while IFS= read -r line; do
+                       filename="${line#*' *'}"
+                       escaped_filename="${filename//\//\\\/}"
+                       escaped_filename="${escaped_filename//&/\\&}"
+                       checksum_output=$(sha256sum --binary -- "$filename")
+                       new_checksum_line="${checksum_output%% *} *${checksum_output#*' *'}"
+                       sed -i "s#.*[[:space:]]\*$escaped_filename\$#$new_checksum_line#" sha256sums
+               done
+
+               popd || finish 3
+       done
 fi
 
 if echo "$GPGKEY" | grep -q "BEGIN PGP PRIVATE KEY BLOCK"; then