#!/bin/bash
REPO="$1"
if [ ! -f "$1/manifest" ]
then
echo "Missing manifest, maybe you didn't specify a repository path,"
echo "or you didn't enable the manifest? (fossil settings manifest on)"
echo "Usage: $0 FOSSIL_REPOSITORY_PATH"
exit 1
fi
gpg --verify "$1/manifest" 2> /dev/null
if [ $? != 0 ]
then
echo "Manifest signature failed to verify"
exit 2
fi
TMPFILE=$(mktemp)
while IFS= read -r LINE
do
if [ "${LINE:0:2}" != "F " ]
then
echo "$LINE" >> $TMPFILE
continue
fi
# Split string by spaces
PARTS=($LINE)
FILE_ENCODED="${PARTS[1]}"
FILE="${PARTS[1]//\\s/ }"
HASH="${PARTS[2]}"
if [ "${#HASH}" = 40 ]
then
NEW_HASH=$(sha1sum "$1/$FILE" | awk '{print $1}')
else
NEW_HASH=$(openssl dgst -sha3-256 -binary "$1/$FILE" | xxd -p -c 100)
fi
if [ "$HASH" != "$NEW_HASH" ]
then
echo "Local file has changed"
echo "$FILE"
echo "Manifest hash: $HASH"
echo "Local file hash: $NEW_HASH"
exit 2
fi
PARTS[2]="$HASH"
# join parts in a new string
NEW_LINE="$(printf " %s" "${PARTS[@]}")"
NEW_LINE="${NEW_LINE:1}"
echo "$NEW_LINE" >> $TMPFILE
done < "$1/manifest"
gpg --verify $TMPFILE 2>/dev/null
if [ $? != 0 ]
then
echo "Something has changed between manifest and check?!"
diff "$1/manifest" $TMPFILE
rm -f $TMPFILE
exit 2
fi
rm -f $TMPFILE
exit 0