diff options
author | Max Romanov <max.romanov@nginx.com> | 2020-01-28 17:02:51 +0300 |
---|---|---|
committer | Max Romanov <max.romanov@nginx.com> | 2020-01-28 17:02:51 +0300 |
commit | 1949be644cff80c7d9d45215a8042e657b8e1087 (patch) | |
tree | c9b731ec38337b6b5008efe8b44fd951aa2f3b7d /auto/modules/java_chk_sha512 | |
parent | 04bf6457c60ddba195f6ddfdb9b119ab34feb1d2 (diff) | |
download | unit-1949be644cff80c7d9d45215a8042e657b8e1087.tar.gz unit-1949be644cff80c7d9d45215a8042e657b8e1087.tar.bz2 |
Java: introducing SHA512 sum validation for external JARs.
Diffstat (limited to '')
-rw-r--r-- | auto/modules/java_chk_sha512 | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/auto/modules/java_chk_sha512 b/auto/modules/java_chk_sha512 new file mode 100644 index 00000000..10891cee --- /dev/null +++ b/auto/modules/java_chk_sha512 @@ -0,0 +1,49 @@ + +# Copyright (C) NGINX, Inc. + +# NXT_JAR_FILE= +# NXT_JAR_CHK_FILE= + +NXT_SHA512_TOOL=${NXT_SHA512_TOOL=} + +if [ -z "$NXT_SHA512_TOOL" ]; then + $echo -n "looking for sha512 check tool ..." + $echo "looking for sha512 check tool ..." >> $NXT_AUTOCONF_ERR + + if sha512sum --version >/dev/null 2>&1; then + NXT_SHA512_TOOL="sha512sum --check" + else + if shasum --version >/dev/null 2>&1; then + NXT_SHA512_TOOL="shasum -a 512 --check" + else + if openssl version >/dev/null 2>&1; then + NXT_SHA512_TOOL="openssl dgst -sha512" + fi + fi + fi + + if [ -z "$NXT_SHA512_TOOL" ]; then + $echo " not found" + $echo + $echo $0: error: no sha512 tool found. + $echo + $echo "error: no sha512 tool found" >> $NXT_AUTOCONF_ERR + exit 1 + fi + + $echo " $NXT_SHA512_TOOL" + $echo "found $NXT_SHA512_TOOL" >> $NXT_AUTOCONF_ERR +fi + +if [ -f "$NXT_JAR_CHK_FILE" ]; then + NXT_JAR_SHA512=`grep -F $NXT_JAR_FILE auto/modules/java_jar.sha512 | head -c 128` + NXT_JAR_CHK=${NXT_JAR_CHK_FILE}.sha512.$$ + $echo "$NXT_JAR_SHA512 $NXT_JAR_CHK_FILE" > $NXT_JAR_CHK + + if ! $NXT_SHA512_TOOL $NXT_JAR_CHK >/dev/null 2>&1; then + $echo "SHA512 not matched for $NXT_JAR_FILE, removing $NXT_JAR_CHK_FILE" + rm -f $NXT_JAR_CHK_FILE + fi + + rm -f $NXT_JAR_CHK +fi |