From 75b1334a00b099b884e5141fc9c52226c2404fc6 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Petr=20=C5=A0tetiar?= <ynezz@true.cz>
Date: Sat, 28 Sep 2024 12:22:35 +0000
Subject: [PATCH] scripts: signall: fix wrong sha256sum on apk packages.adb
 index
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Currently the sha256sum verification of apk's packages.adb index
fails as the file is modified with `apk adbsign`.

So lets update sha256sum of all packages.adb indexes after they were
signed with `apk adbsign`.

While at it fix formatting.

Fixes: a94d4e15fdc1 ("add APK signing logic")
Signed-off-by: Petr Å tetiar <ynezz@true.cz>
---
 scripts/signall.sh | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/scripts/signall.sh b/scripts/signall.sh
index 2159349..4c7ef49 100755
--- a/scripts/signall.sh
+++ b/scripts/signall.sh
@@ -72,12 +72,28 @@ APKSIGNKEY="$(iniget "${CONFIG_INI:-config.ini}" "branch $branch" "apk_key")"
 fi
 
 if [ -n "$APKSIGNKEY" ]; then
-    umask 077
-    echo "$APKSIGNKEY" > "$tmpdir/apk.pem"
+	umask 077
+	echo "$APKSIGNKEY" > "$tmpdir/apk.pem"
 
-    umask 022
-    find "$tmpdir/tar/" -type f -name "packages.adb" -exec \
-        "${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "{}" \; || finish 6
+	umask 022
+	find "$tmpdir/tar/" -type f -name "packages.adb" -exec \
+		"${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "{}" \; || finish 3
+
+	find "$tmpdir/tar/" -type f -name sha256sums | while read -r file; do
+		dir=$(dirname "$file")
+		pushd "$dir" || finish 3
+
+		grep 'packages\.adb' sha256sums | while IFS= read -r line; do
+			filename="${line#*' *'}"
+			escaped_filename="${filename//\//\\\/}"
+			escaped_filename="${escaped_filename//&/\\&}"
+			checksum_output=$(sha256sum --binary -- "$filename")
+			new_checksum_line="${checksum_output%% *} *${checksum_output#*' *'}"
+			sed -i "s#.*[[:space:]]\*$escaped_filename\$#$new_checksum_line#" sha256sums
+		done
+
+		popd || finish 3
+	done
 fi
 
 if echo "$GPGKEY" | grep -q "BEGIN PGP PRIVATE KEY BLOCK"; then
-- 
2.30.2