aboutsummaryrefslogtreecommitdiff
path: root/contrib/guix/guix-attest
diff options
context:
space:
mode:
authorAndrew Chow <achow101-github@achow101.com>2021-08-06 16:11:22 -0400
committerAndrew Chow <achow101-github@achow101.com>2021-08-18 20:07:32 -0400
commitfb17c99e35e72f3b21ec3b5473e84c21dc964776 (patch)
tree4919f76de844b5704fe7c70a876de81c1d2719ae /contrib/guix/guix-attest
parent8193294caba03b996370873db79cf4fc22a1e95b (diff)
guix: Don't include directory name in SHA256SUMS
The SHA256SUMS file can be used in a sha256sum -c command to verify downloaded binaries. However users are likely to download just a single file and not place this file in the correct directory relative to the SHA256SUMS file for the simple verification command to work. By not including the directory name in the SHA256SUMS file, it will be easier for users to verify downloaded binaries. Co-authored-by: Carl Dong <contact@carldong.me>
Diffstat (limited to 'contrib/guix/guix-attest')
-rwxr-xr-xcontrib/guix/guix-attest14
1 files changed, 14 insertions, 0 deletions
diff --git a/contrib/guix/guix-attest b/contrib/guix/guix-attest
index 1503c330b2..6e12cbead7 100755
--- a/contrib/guix/guix-attest
+++ b/contrib/guix/guix-attest
@@ -162,6 +162,18 @@ EOF
echo "Attesting to build outputs for version: '${VERSION}'"
echo ""
+# Given a SHA256SUMS file as stdin that has lines like:
+# 0ba536819b221a91d3d42e978be016aac918f40984754d74058aa0c921cd3ea6 a/b/d/c/d/s/bitcoin-22.0rc2-riscv64-linux-gnu.tar.gz
+# ...
+#
+# Replace each line's file name with its basename:
+# 0ba536819b221a91d3d42e978be016aac918f40984754d74058aa0c921cd3ea6 bitcoin-22.0rc2-riscv64-linux-gnu.tar.gz
+# ...
+#
+basenameify_SHA256SUMS() {
+ sed -E 's@(^[[:xdigit:]]{64}[[:space:]]+).+/([^/]+$)@\1\2@'
+}
+
outsigdir="$GUIX_SIGS_REPO/$VERSION/$signer_name"
mkdir -p "$outsigdir"
(
@@ -174,6 +186,7 @@ mkdir -p "$outsigdir"
cat "${noncodesigned_fragments[@]}" \
| sort -u \
| sort -k2 \
+ | basenameify_SHA256SUMS \
> "$temp_noncodesigned"
if [ -e noncodesigned.SHA256SUMS ]; then
# The SHA256SUMS already exists, make sure it's exactly what we
@@ -201,6 +214,7 @@ mkdir -p "$outsigdir"
cat "${sha256sum_fragments[@]}" \
| sort -u \
| sort -k2 \
+ | basenameify_SHA256SUMS \
> "$temp_all"
if [ -e all.SHA256SUMS ]; then
# The SHA256SUMS already exists, make sure it's exactly what we