d22f203ab5
this is useful to make sure the same set of TSA are used on different machines and that they haven't been changed. E.g. I want to make sure I use the same TSA on my local machine as in CI and I want to make sure the imported certificates in CI are the same as in my local machine, so that I can trust them.
27 lines
714 B
Bash
Executable File
27 lines
714 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (c) 2024 JankariTech UG
|
|
# Authors: Artur Neumann
|
|
# Script to check if the trustanchors have been changed
|
|
|
|
TRUSTANCHOR_DIR="$1"
|
|
EXPECTED_COMMIT_HASH="$2"
|
|
|
|
if [[ $# -ne 2 ]]; then
|
|
echo "Usage: $0 <trustanchor_dir> <expected_commit_hash>"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "$EXPECTED_COMMIT_HASH" ]; then
|
|
echo "No expected hash provided"
|
|
exit 1
|
|
fi
|
|
|
|
# get the sha256 hash of all files in the trustanchor directory
|
|
ACTUAL_COMMIT_HASH=$(find "$TRUSTANCHOR_DIR" -type f -exec sha256sum {} \; | sort | sha256sum | cut -d ' ' -f 1)
|
|
|
|
if [ "$EXPECTED_COMMIT_HASH" != "$ACTUAL_COMMIT_HASH" ]; then
|
|
echo "The trustanchors have been changed, please review the provided hash"
|
|
exit 1
|
|
fi
|