Compare commits
2 Commits
validate-e
...
5d8dfac4cf
| Author | SHA1 | Date | |
|---|---|---|---|
|
5d8dfac4cf
|
||
|
|
f9c87523b9
|
@@ -1,32 +0,0 @@
|
|||||||
name: Validate Trusted Timestamps Actions Demo
|
|
||||||
run-name: ${{ gitea.actor }} is validating the trusted timestamps of all commits 🚀
|
|
||||||
on: [push]
|
|
||||||
|
|
||||||
variables:
|
|
||||||
EXPECTED_TRUSTANCHORS_HASH: "70a1c7e2fc62a0b62e44063f0e730b20b0f209d15c84b310ad06ce616c352829"
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
Validate:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
timeout-minutes: 2
|
|
||||||
steps:
|
|
||||||
- name: Install extra software
|
|
||||||
run: |
|
|
||||||
apt-get update
|
|
||||||
apt-get install -y xxd
|
|
||||||
- name: Check out repository code
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
- name: Setup timestamping authorities
|
|
||||||
run: |
|
|
||||||
git config --local timestamping.tsa0.url https://freetsa.org/tsr
|
|
||||||
bash -c 'yes | ./hooks/trust.sh https://freetsa.org/tsr'
|
|
||||||
git config --local timestamping.tsa1.url https://tsa.cesnet.cz:3162/tsa
|
|
||||||
bash -c 'yes | ./hooks/trust.sh https://tsa.cesnet.cz:3162/tsa'
|
|
||||||
- name: Check hashes of all trustanchors
|
|
||||||
run: |
|
|
||||||
./hooks/validate_trustanchors_hash.sh .git/hoqoks/trustanchors ${{ EXPECTED_TRUSTANCHORS_HASH }}
|
|
||||||
- name: Validate timestamps of all commits
|
|
||||||
run: |
|
|
||||||
./hooks/validate.sh --minversion 0
|
|
||||||
@@ -1,89 +0,0 @@
|
|||||||
subject=DC = cz, DC = cesnet-ca, O = CESNET, CN = tsa.cesnet.cz
|
|
||||||
|
|
||||||
issuer=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = Personal Signing 2
|
|
||||||
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEDjCCAvagAwIBAgIIaveGaDrA13AwDQYJKoZIhvcNAQELBQAwYDESMBAGCgmS
|
|
||||||
JomT8ixkARkWAmN6MRkwFwYKCZImiZPyLGQBGRYJY2VzbmV0LWNhMRIwEAYDVQQK
|
|
||||||
DAlDRVNORVQgQ0ExGzAZBgNVBAMMElBlcnNvbmFsIFNpZ25pbmcgMjAeFw0yNDA4
|
|
||||||
MDcwOTQ3MDRaFw0yNzA4MDcwOTQ3MDRaMFgxEjAQBgoJkiaJk/IsZAEZFgJjejEZ
|
|
||||||
MBcGCgmSJomT8ixkARkWCWNlc25ldC1jYTEPMA0GA1UECgwGQ0VTTkVUMRYwFAYD
|
|
||||||
VQQDDA10c2EuY2VzbmV0LmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
|
|
||||||
AQEAvWLHcBAB3TKzSyP/EpZucr0fet3wqwYYcH8XRCPZNh1+yj858l5UvSp7QHje
|
|
||||||
LU8Twnx8/xrVZMteojL1RNaLUDm0TJD7tIkCkwILxY8qxQX8yYgFCQM9wgWzWiMN
|
|
||||||
NR9/+W/3pr8HMPwjVlAXvHSi2QIZbIcrVudKqVpkl9hBKWyEU/661M+MjPLuU4BF
|
|
||||||
ZCkU7nauf2B8QUSh8K0nKGkHPgZDeD8SNEVpvRcFow187AJz0BSvyOklX15Pr+rI
|
|
||||||
7SXxUmVZ03yVBduorqCXwrhbQWxqdc2K1tQ06do8VTIjxUAwe3HyISl98ZFnrT1B
|
|
||||||
/g4n+R8uV4QFxgNAPxjiD88BewIDAQABo4HTMIHQMAwGA1UdEwEB/wQCMAAwHwYD
|
|
||||||
VR0jBBgwFoAUwR67pD8OE9+Bm75MYrLZur7VtrswKQYDVR0RBCIwIIIOdHNhMS5j
|
|
||||||
ZXNuZXQuY3qCDnRzYTIuY2VzbmV0LmN6MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMI
|
|
||||||
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuY2VzbmV0LWNhLmN6L1BlcnNv
|
|
||||||
bmFsU2lnbmluZzIuY3JsMB0GA1UdDgQWBBRkK2hn4tgnpvS/JMiNhCqdneTm1zAN
|
|
||||||
BgkqhkiG9w0BAQsFAAOCAQEAYnzrqDcaln6O6uALwwMlgUHIp3u6crLITzKFbPPi
|
|
||||||
OKfzlmzsPNfU5kyi1vHS/ajReTNeJet02KGygIH4LB7pVwZKxx7xhQD6AK971Z6d
|
|
||||||
rwDVoEYE2SB7PMcWgh+/mV90qJqgBUrVLFVExe91BkQONbNF81tzQXknovr2yWe5
|
|
||||||
fYzYE6oJDGImoUmtN2lJRLZdS4TQbmfdSZDClwmraw2i4TAN6aCHrdST81GaIzwP
|
|
||||||
bFAKMkgUOD8ynwJTbk8lk9hnO/uf3BFkmPClAmOlRHYRPmsWe2M2eQpBrYNoH0vw
|
|
||||||
8SCFNE+MLMTzM1/dRjq9fnKb1pejxj3xqPF6WAojgAYnpw==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
|
||||||
subject=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = Personal Signing 2
|
|
||||||
|
|
||||||
issuer=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = CESNET CA Root
|
|
||||||
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIETTCCAzWgAwIBAgIHAPTqVoKaNDANBgkqhkiG9w0BAQsFADBcMRIwEAYKCZIm
|
|
||||||
iZPyLGQBGRYCY3oxGTAXBgoJkiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoT
|
|
||||||
CUNFU05FVCBDQTEXMBUGA1UEAxMOQ0VTTkVUIENBIFJvb3QwHhcNMTgwNDE4MDky
|
|
||||||
MDQ4WhcNMjgwNDIwMDkyMDQ4WjBgMRIwEAYKCZImiZPyLGQBGRYCY3oxGTAXBgoJ
|
|
||||||
kiaJk/IsZAEZFgljZXNuZXQtY2ExEjAQBgNVBAoMCUNFU05FVCBDQTEbMBkGA1UE
|
|
||||||
AwwSUGVyc29uYWwgU2lnbmluZyAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
|
||||||
CgKCAQEApKhbabfUBLMtC10PXFQe+hJI4wpJFNkYt3HRud0rZKmRqlcpPJvc4PLr
|
|
||||||
9kEjXS+CP6Ut0UUkDvl686Mi7PsdxYFgDCfj0P694UA2SsGvBShL0vlZVkH19YFJ
|
|
||||||
tyY1imP3B94r57+umqKEEr9qxu9nwToS8AB6Ead4zBPMSnHZvyFPuD9Lsc/WhcUb
|
|
||||||
HnUvZN9jrrV4D6AjyvaBFPPcDVLjgiGoEE50PVMHPT5ZHpwTBTpBgL3zjE5fmxI4
|
|
||||||
HU7aD0orO0pg0kmZrQa98bnnVb7Wp9HhYHc9tPhLMhi9UdTBb9zwQCaezJ0gnS5K
|
|
||||||
iEAT5ZCYRUYlg82R07Z8k8UnHjczYQIDAQABo4IBDjCCAQowDwYDVR0TAQH/BAUw
|
|
||||||
AwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFMEeu6Q/DhPfgZu+TGKy2bq+1ba7
|
|
||||||
MB8GA1UdIwQYMBaAFJ5BMOPD1U6Mg46jPMl/o20TXYQlMG0GCCsGAQUFBwEBBGEw
|
|
||||||
XzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AuY2VzbmV0LWNhLmN6LzA2BggrBgEF
|
|
||||||
BQcwAoYqaHR0cDovL2NydC5jZXNuZXQtY2EuY3ovQ0VTTkVUX0NBX1Jvb3QuY3J0
|
|
||||||
MDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuY2VzbmV0LWNhLmN6L0NFU05F
|
|
||||||
VF9DQV9Sb290LmNybDANBgkqhkiG9w0BAQsFAAOCAQEApoIA2/rStoUKnWC+qz3P
|
|
||||||
AZLtDiyuUqs4i4Lb18loxE67QdP9nDZEzwHrB9Cr4oxN9cTutdUiwDIBQKuLx3tH
|
|
||||||
r7TyuwcIYhHlW0+Ih+yUeyXEJlvSfR29M7SXY2axw4TWv4qOT2LKlFGxFqZx4OwN
|
|
||||||
aVMUDSFVr3E5J4doIB2u/pLd+LH1QdsUXF1VhIa+Is/HMhC2JvmdnFqOCypdQrSA
|
|
||||||
Ski6L8GRONF4SwzXg/glOQaw0QR69CjrYcogne1d/3Mxwr45MVkPwMJXscPKiRam
|
|
||||||
SSTj7AJpyic0xbFBwGu+T7BP0NujkY/CW96UoELgcPsKoTAg7j6BhrWsjrfEaqtu
|
|
||||||
7Q==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
|
||||||
subject=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = CESNET CA Root
|
|
||||||
|
|
||||||
issuer=DC = cz, DC = cesnet-ca, O = CESNET CA, CN = CESNET CA Root
|
|
||||||
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEDTCCAvWgAwIBAgIJAIf3+gBzaRRPMA0GCSqGSIb3DQEBBQUAMFwxEjAQBgoJ
|
|
||||||
kiaJk/IsZAEZFgJjejEZMBcGCgmSJomT8ixkARkWCWNlc25ldC1jYTESMBAGA1UE
|
|
||||||
ChMJQ0VTTkVUIENBMRcwFQYDVQQDEw5DRVNORVQgQ0EgUm9vdDAeFw0wOTAyMjQx
|
|
||||||
MzE2MDJaFw0yOTAyMjQxMzE2MDJaMFwxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcG
|
|
||||||
CgmSJomT8ixkARkWCWNlc25ldC1jYTESMBAGA1UEChMJQ0VTTkVUIENBMRcwFQYD
|
|
||||||
VQQDEw5DRVNORVQgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
|
||||||
ggEBAPeL9R8QFCBHw/PlWt2wBnx0cCSiNAhlI7HInrzGmtHK/9MJQJpmcoToq91R
|
|
||||||
Y+hdo7sVddNqbz3F+oeiKavz3wpdCZJtaPI8Sv44OlCtnxeuw0LkSAAfG3maue7X
|
|
||||||
I4jFqCU7/NxcoursXHDMCRLqeKHkast0b4i7d1KOdoc6hMNVaVc1UY/wyimM+Pbh
|
|
||||||
XRW4+iwnmJXlIqCumWaVKF0b1F0WK2LV5TRonsoFNPdVHBU795ObAXRsXWfiKwNK
|
|
||||||
CX85l3AO37UN1wbQ7UvCzE88jYOanRxL1AKezCa1ca8AohqbqoVVtrRPUTMrlXG3
|
|
||||||
JOBfRaG0+LPXxHwQ9zCjvV/9kFcCAwEAAaOB0TCBzjAdBgNVHQ4EFgQUnkEw48PV
|
|
||||||
ToyDjqM8yX+jbRNdhCUwgY4GA1UdIwSBhjCBg4AUnkEw48PVToyDjqM8yX+jbRNd
|
|
||||||
hCWhYKReMFwxEjAQBgoJkiaJk/IsZAEZFgJjejEZMBcGCgmSJomT8ixkARkWCWNl
|
|
||||||
c25ldC1jYTESMBAGA1UEChMJQ0VTTkVUIENBMRcwFQYDVQQDEw5DRVNORVQgQ0Eg
|
|
||||||
Um9vdIIJAIf3+gBzaRRPMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0G
|
|
||||||
CSqGSIb3DQEBBQUAA4IBAQB+vy9hAwzjgjYTnTwfxK03Ze/07GnmulUxUIPOagHJ
|
|
||||||
vGQojnjN3BGnMoXNhQrhhCy1BfKt88sweN/ELkeOsgthbQ24lX7YdgPEPSwY2iIB
|
|
||||||
E0NWxG87+z5hmfo+M69Q9WS8b5aSd4v5pSzT4+s6UW2lsddbdpnI4OwEEVdmj4e1
|
|
||||||
w0trIAfPsFSKx5jMvC0KzoO04fSAjxTj2bn4orRVWlVGUYmQm/Gq0w//f84zox/g
|
|
||||||
/XjE+kQ+eFOpNeeJC2Tpl04BByskoOw4LybIZ6iSdrUjoLgrK3R1geXo86Sx8QWE
|
|
||||||
VVWM2+1UCVV3AMhYwQUbgasrEPkZ79od6exSUb+ZTpWc
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -2,17 +2,17 @@
|
|||||||
MIIC5jCCAc4CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFTATBgNV
|
MIIC5jCCAc4CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFTATBgNV
|
||||||
BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTExMC8G
|
BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTExMC8G
|
||||||
A1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIFRpbWVzdGFtcGluZyBDQRcN
|
A1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIFRpbWVzdGFtcGluZyBDQRcN
|
||||||
MjUwMjEyMDUyMjQ1WhcNMjUwMjE5MDUyMjQ1WjCB9TAhAhAL2v0LKRQzmpYSZqw1
|
MjUwMTEwMDUwODUzWhcNMjUwMTE3MDUwODUzWjCB9TAhAhAL2v0LKRQzmpYSZqw1
|
||||||
OkdEFw0xNjEwMjQxNzQyNDlaMCECEAH40oMtKRkZcbNQw9u8pQAXDTE2MTExMTE1
|
OkdEFw0xNjEwMjQxNzQyNDlaMCECEAH40oMtKRkZcbNQw9u8pQAXDTE2MTExMTE1
|
||||||
MjEzNFowIQIQClKwbEb16yWgi9U/3Ht4hhcNMTgwOTAzMTIxMTQyWjAhAhAFlx7K
|
MjEzNFowIQIQClKwbEb16yWgi9U/3Ht4hhcNMTgwOTAzMTIxMTQyWjAhAhAFlx7K
|
||||||
SlmJinvPTLfjd5doFw0xOTA5MzAwODE2MjRaMCECEAxFkEkmQLBOlEh/jEwCeJAX
|
SlmJinvPTLfjd5doFw0xOTA5MzAwODE2MjRaMCECEAxFkEkmQLBOlEh/jEwCeJAX
|
||||||
DTIxMDIwOTIyMzk0MlowIQIQBMvnUVSd49EL7YN0yV7iRBcNMjEwMjA5MjMyMzM3
|
DTIxMDIwOTIyMzk0MlowIQIQBMvnUVSd49EL7YN0yV7iRBcNMjEwMjA5MjMyMzM3
|
||||||
WjAhAhALmUrhw5aLANVesgZ0jpseFw0yMTAyMDkyMzI0MjNaoDAwLjAfBgNVHSME
|
WjAhAhALmUrhw5aLANVesgZ0jpseFw0yMTAyMDkyMzI0MjNaoDAwLjAfBgNVHSME
|
||||||
GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjALBgNVHRQEBAICDO8wDQYJKoZIhvcN
|
GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjALBgNVHRQEBAICDM4wDQYJKoZIhvcN
|
||||||
AQELBQADggEBALr4VopJYkMfQ97HiyqytcWRY/vgyU/LxOwlH0/1DBSeeObQB0Nj
|
AQELBQADggEBAKSEzS/+5ujMUz0x2zpJuA3Z7zbV25fQsX1BVK3oSie2iyWF2FKv
|
||||||
uF7vcF2bhbpnxba7gvzOPryudwtbqquf2cl3CJG6MC2D8Nk1XzntDnpxCjVSfsAr
|
sw8meQ1WqyMsveAvocBy36eLdL7Pz1vEls7f4/CAXaAlxZHllsLQxvXwqoWhM7r9
|
||||||
158zAWPevyiuj3yzFz04mYALt/ZmOJMTF0vyKN8cg5bwfLu3itV6b6vhpuloIhRc
|
qZhpHRSD5XjKwjuKLElmnKLdLWSYUBMyIL+pOMb3ltnJDCLU2Ezb4ggPr8CiidSx
|
||||||
Hmsbgr3BtCVHkf4vJWq/qKDEMcOhSrJ6wxGCzVyphenewSIbVcogj19cRZDFPWOC
|
UYOTk8zEg5TpkaloeUmoAUj3m/KxTgFJQ6Dv+ZY1V7eQKo8R4f1Z23rVdue+iPrp
|
||||||
3sAy/GY3Rz0qK30tDvNbE1uum8gy5ijXFmepJ/lEetRCvrIsxTsXJOj0tqVZfIIQ
|
o02xDbLn57Unu67UKNjXYWTeg1kX+vGw/NRqRY1d1ojVGYj+6gddglyIiE+JiT+s
|
||||||
E1YWUZ57TiBBrdS+dTgmRxkN/zaAfYVAIck=
|
ZgixUV5frahIU+okA22U8hccAkvaxsrl8fI=
|
||||||
-----END X509 CRL-----
|
-----END X509 CRL-----
|
||||||
|
|||||||
@@ -553,7 +553,7 @@ download_crls_for_chain() {
|
|||||||
local URL=$(openssl x509 -inform PEM -in $EXTRACTED_CERT -text -noout \
|
local URL=$(openssl x509 -inform PEM -in $EXTRACTED_CERT -text -noout \
|
||||||
| awk '/CRL Distribution Points:/{f=1} f && /URI:/ {print; exit}' \
|
| awk '/CRL Distribution Points:/{f=1} f && /URI:/ {print; exit}' \
|
||||||
| sed 's/^.*URI://1')
|
| sed 's/^.*URI://1')
|
||||||
if curl -L "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then
|
if curl "$URL" --output "$CRL_TMP" &> "$OUT_STREAM"; then
|
||||||
if openssl crl -in "$CRL_TMP" -inform DER -noout &> "$OUT_STREAM"; then
|
if openssl crl -in "$CRL_TMP" -inform DER -noout &> "$OUT_STREAM"; then
|
||||||
openssl crl -in "$CRL_TMP" -inform DER >> "$OUTPUT_FILE"
|
openssl crl -in "$CRL_TMP" -inform DER >> "$OUTPUT_FILE"
|
||||||
elif openssl crl -in "$CRL_TMP" -inform PEM -noout &> "$OUT_STREAM"; then
|
elif openssl crl -in "$CRL_TMP" -inform PEM -noout &> "$OUT_STREAM"; then
|
||||||
|
|||||||
@@ -42,9 +42,8 @@ if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi
|
|||||||
. "$DIR/timestamping"
|
. "$DIR/timestamping"
|
||||||
|
|
||||||
declare -i MINVERSION=$TIMESTAMPING_VERSION
|
declare -i MINVERSION=$TIMESTAMPING_VERSION
|
||||||
declare -A PROCESSED_COMMIT
|
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
while [[ $# -gt 1 ]]; do
|
||||||
KEY="$1"
|
KEY="$1"
|
||||||
|
|
||||||
case $KEY in
|
case $KEY in
|
||||||
@@ -67,12 +66,12 @@ while [[ $# -gt 0 ]]; do
|
|||||||
shift # past argument
|
shift # past argument
|
||||||
;;
|
;;
|
||||||
*) # unknown option
|
*) # unknown option
|
||||||
OBJECT=$KEY
|
echo_error "Unknown argument: $KEY"
|
||||||
shift # past argument
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
OBJECT="$1"
|
||||||
if [ -z "$OBJECT" ]; then
|
if [ -z "$OBJECT" ]; then
|
||||||
OBJECT="HEAD"
|
OBJECT="HEAD"
|
||||||
fi
|
fi
|
||||||
@@ -90,10 +89,6 @@ fi
|
|||||||
# tokens, the function will return 0 but echo a warning about the invalid token.
|
# tokens, the function will return 0 but echo a warning about the invalid token.
|
||||||
validate_commit() {
|
validate_commit() {
|
||||||
local COMMIT_HASH="$1"
|
local COMMIT_HASH="$1"
|
||||||
if [[ ${PROCESSED_COMMIT[$COMMIT_HASH]} ]]; then
|
|
||||||
log "validate_commit for $COMMIT_HASH has already been validated"
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
log "validate_commit for $COMMIT_HASH"
|
log "validate_commit for $COMMIT_HASH"
|
||||||
|
|
||||||
local TIMESTAMP_COMMIT_VERSION
|
local TIMESTAMP_COMMIT_VERSION
|
||||||
@@ -280,8 +275,6 @@ validate_commit() {
|
|||||||
#assert that all extracted timestamps have been processed
|
#assert that all extracted timestamps have been processed
|
||||||
assert "[ $NUM_PROCESSED -eq $NUM_EXTRACTED ]" "All extracted token must be processed."
|
assert "[ $NUM_PROCESSED -eq $NUM_EXTRACTED ]" "All extracted token must be processed."
|
||||||
|
|
||||||
PROCESSED_COMMIT[$COMMIT_HASH]=1
|
|
||||||
|
|
||||||
if [ $NUM_VALID -gt 0 ]; then
|
if [ $NUM_VALID -gt 0 ]; then
|
||||||
if [ $NUM_INVALID -gt 0 ]; then
|
if [ $NUM_INVALID -gt 0 ]; then
|
||||||
echo_warning "Warning: While commit $COMMIT_HASH contains $NUM_VALID valid timestamp tokens and thus is considered proppely timestamped, it also contains $NUM_INVALID invalid timestamp tokens."
|
echo_warning "Warning: While commit $COMMIT_HASH contains $NUM_VALID valid timestamp tokens and thus is considered proppely timestamped, it also contains $NUM_INVALID invalid timestamp tokens."
|
||||||
|
|||||||
@@ -1,26 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Copyright (c) 2024 JankariTech UG
|
|
||||||
# Authors: Artur Neumann
|
|
||||||
# Script to check if the trustanchors have been changed
|
|
||||||
|
|
||||||
TRUSTANCHOR_DIR="$1"
|
|
||||||
EXPECTED_COMMIT_HASH="$2"
|
|
||||||
|
|
||||||
if [[ $# -ne 2 ]]; then
|
|
||||||
echo "Usage: $0 <trustanchor_dir> <expected_commit_hash>"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$EXPECTED_COMMIT_HASH" ]; then
|
|
||||||
echo "No expected hash provided"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# get the sha256 hash of all files in the trustanchor directory
|
|
||||||
ACTUAL_COMMIT_HASH=$(find "$TRUSTANCHOR_DIR" -type f -exec sha256sum {} \; | sort | sha256sum | cut -d ' ' -f 1)
|
|
||||||
|
|
||||||
if [ "$EXPECTED_COMMIT_HASH" != "$ACTUAL_COMMIT_HASH" ]; then
|
|
||||||
echo "The trustanchors have been changed, please review the provided hash"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
Reference in New Issue
Block a user