Merge pull request 'script to validate whether the hash of the trustanchors folder changed' (#4) from validate_trustanchors_hash into main
Reviewed-on: #4 Reviewed-by: phil <phil@jankaritech.eu>
This commit is contained in:
26
hooks/validate_trustanchors_hash.sh
Executable file
26
hooks/validate_trustanchors_hash.sh
Executable file
@@ -0,0 +1,26 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Copyright (c) 2024 JankariTech UG
|
||||||
|
# Authors: Artur Neumann
|
||||||
|
# Script to check if the trustanchors have been changed
|
||||||
|
|
||||||
|
TRUSTANCHOR_DIR="$1"
|
||||||
|
EXPECTED_COMMIT_HASH="$2"
|
||||||
|
|
||||||
|
if [[ $# -ne 2 ]]; then
|
||||||
|
echo "Usage: $0 <trustanchor_dir> <expected_commit_hash>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$EXPECTED_COMMIT_HASH" ]; then
|
||||||
|
echo "No expected hash provided"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# get the sha256 hash of all files in the trustanchor directory
|
||||||
|
ACTUAL_COMMIT_HASH=$(find "$TRUSTANCHOR_DIR" -type f -exec sha256sum {} \; | sort | sha256sum | cut -d ' ' -f 1)
|
||||||
|
|
||||||
|
if [ "$EXPECTED_COMMIT_HASH" != "$ACTUAL_COMMIT_HASH" ]; then
|
||||||
|
echo "The trustanchors have been changed, please review the provided hash"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user