mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
More verification
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
3618774d9f
commit
86ed884251
BIN
Misc/pubring.kbx
BIN
Misc/pubring.kbx
Binary file not shown.
@ -27,10 +27,10 @@ resetWorkspace() {
|
||||
}
|
||||
export -f resetWorkspace;
|
||||
|
||||
verifyAllTags() {
|
||||
repo forall -c 'source $DOS_WORKSPACE_ROOT/Scripts/Common/Tag_Verifier.sh && verifyTagIfPossible $REPO_PROJECT $REPO_PATH';
|
||||
verifyAllPlatformTags() {
|
||||
repo forall -c 'source $DOS_WORKSPACE_ROOT/Scripts/Common/Tag_Verifier.sh && verifyTagIfPlatform $REPO_PROJECT $REPO_PATH';
|
||||
}
|
||||
export -f verifyAllTags;
|
||||
export -f verifyAllPlatformTags;
|
||||
|
||||
enter() {
|
||||
echo "================================================================================================"
|
||||
|
@ -20,12 +20,17 @@ source "$DOS_SCRIPTS_COMMON/Shell.sh";
|
||||
|
||||
gpgVerifyGitTag() {
|
||||
if [ -r "$DOS_TMP_GNUPG/pubring.kbx" ]; then
|
||||
if git -C "$1" verify-tag "$2" &>/dev/null; then
|
||||
tagMatch=$(git -C "$1" describe --exact-match HEAD);
|
||||
if [ ! -z "$tagMatch" ]; then
|
||||
if git -C "$1" verify-tag "$tagMatch" &>/dev/null; then
|
||||
echo -e "\e[0;32mGPG Verified Git Tag Successfully: $1\e[0m";
|
||||
else
|
||||
echo -e "\e[0;31mWARNING: GPG Verification of Git Tag Failed: $1\e[0m";
|
||||
#sleep 60;
|
||||
fi;
|
||||
else
|
||||
echo -e "\e[0;33mWARNING: No tag match for $1 \e[0m";
|
||||
fi;
|
||||
#git -C $1 log --show-signature -1;
|
||||
else
|
||||
echo -e "\e[0;33mWARNING: keyring is unavailable, GPG verification of $1 will not be performed!\e[0m";
|
||||
@ -33,14 +38,9 @@ gpgVerifyGitTag() {
|
||||
}
|
||||
export -f gpgVerifyGitHead;
|
||||
|
||||
verifyTagIfPossible() {
|
||||
verifyTagIfPlatform() {
|
||||
if [[ "$1" == "platform/"* ]]; then
|
||||
tagMatch=$(git -C "$DOS_BUILD_BASE$2" describe --exact-match HEAD);
|
||||
if [ ! -z "$tagMatch" ]; then
|
||||
gpgVerifyGitTag "$DOS_BUILD_BASE$2" "$tagMatch";
|
||||
else
|
||||
echo -e "\e[0;33mWARNING: No tag match for $2 \e[0m";
|
||||
fi;
|
||||
gpgVerifyGitTag "$DOS_BUILD_BASE$2";
|
||||
fi;
|
||||
}
|
||||
export -f verifyTagIfPossible;
|
||||
export -f verifyTagIfPlatform;
|
||||
|
@ -100,8 +100,8 @@ patchWorkspace() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi;
|
||||
verifyAllTags;
|
||||
gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview";
|
||||
verifyAllPlatformTags;
|
||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||
|
||||
source build/envsetup.sh;
|
||||
#repopick -it bt-sbc-hd-dualchannel-nougat;
|
||||
|
@ -79,8 +79,9 @@ patchWorkspace() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
verifyAllTags;
|
||||
gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview";
|
||||
verifyAllPlatformTags;
|
||||
#gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
|
||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||
|
||||
#source build/envsetup.sh;
|
||||
|
||||
|
@ -71,8 +71,9 @@ patchWorkspace() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
verifyAllTags;
|
||||
gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview";
|
||||
verifyAllPlatformTags;
|
||||
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
|
||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||
|
||||
source build/envsetup.sh;
|
||||
#repopick -it pie-firewall;
|
||||
|
@ -77,8 +77,9 @@ patchWorkspace() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
verifyAllTags;
|
||||
gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview";
|
||||
verifyAllPlatformTags;
|
||||
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
|
||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||
|
||||
#source build/envsetup.sh;
|
||||
#repopick -it ten-firewall;
|
||||
|
@ -118,8 +118,9 @@ patchWorkspace() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
verifyAllTags;
|
||||
gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview";
|
||||
verifyAllPlatformTags;
|
||||
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
|
||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||
|
||||
#source build/envsetup.sh;
|
||||
#repopick -it eleven-firewall;
|
||||
|
@ -109,8 +109,10 @@ patchWorkspace() {
|
||||
cd "$DOS_BUILD_BASE$1";
|
||||
touch DOS_PATCHED_FLAG;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
verifyAllTags;
|
||||
gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview";
|
||||
verifyAllPlatformTags;
|
||||
gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc";
|
||||
gpgVerifyGitTag "$DOS_BUILD_BASE/external/SecureCamera";
|
||||
gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
|
||||
|
||||
#source build/envsetup.sh;
|
||||
|
||||
|
@ -186,4 +186,5 @@ gpgVerifyGitHead $DOS_WALLPAPERS;
|
||||
|
||||
source "$DOS_SCRIPTS_COMMON/Shell.sh";
|
||||
source "$DOS_SCRIPTS_COMMON/Functions.sh";
|
||||
source "$DOS_SCRIPTS_COMMON/Tag_Verifier.sh";
|
||||
source "$DOS_SCRIPTS/Functions.sh";
|
||||
|
Loading…
Reference in New Issue
Block a user