[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[minion-cvs] Check digest on openssl distribution when we download it.



Update of /home/minion/cvsroot/src/minion
In directory moria.mit.edu:/tmp/cvs-serv3516

Modified Files:
	Makefile TODO 
Log Message:
Check digest on openssl distribution when we download it.

Index: Makefile
===================================================================
RCS file: /home/minion/cvsroot/src/minion/Makefile,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -d -r1.57 -r1.58
--- Makefile	28 Nov 2003 04:14:03 -0000	1.57
+++ Makefile	8 Dec 2003 02:29:39 -0000	1.58
@@ -175,6 +175,9 @@
 OPENSSL_URL = ftp://ftp.openssl.org/source/openssl-0.9.7c.tar.gz
 OPENSSL_FILE = openssl-0.9.7c.tar.gz
 OPENSSL_SRC = ./contrib/openssl
+OPENSSL_SHA = 80cbd896850455d09544cc05e01b147b3e85399e
+# I have verified that the above digest matches the tarball signed by the
+# openssl maintainer.  If you are paranoid, you should doublecheck. -Nick.
 
 download-openssl:
 	@if [ -x "`which wget 2>&1`" ] ; then                             \
@@ -206,11 +209,22 @@
 # It checks 1) whether there is a single, unique openssl-foo.tar.gz
 #           2) whether contrib/openssl is a real file or directory
 unpack-openssl:
-	@cd ./contrib;                                                      \
+	@$(FINDPYTHON);                                                     \
+	cd ./contrib;                                                       \
 	if [ -d ./openssl -a ! -h ./openssl ]; then                         \
 	    echo "Ouch. contrib/openssl seems not to be a symlink: "        \
 	         "I'm afraid to delete it." ;                               \
 	    exit;                                                           \
+	fi;                                                                 \
+	if [ -f $(OPENSSL_FILE) ]; then                                     \
+            SHA=`$$PYTHON -c "import sha;print sha.sha(open(\"$(OPENSSL_FILE)\").read()).hexdigest()"`; \
+	    if [ "$$SHA" != "$(OPENSSL_SHA)" ]; then                        \
+                echo "Unexpected digest on $(OPENSSL_FILE)!";               \
+	        exit;                                                       \
+            fi;                                                             \
+	    echo "Digest on $(OPENSSL_FILE) is correct.";                   \
+	else                                                                \
+            echo "Did not found expected version of $(OPENSSL_FILE); not checking digest."; \
 	fi;                                                                 \
 	TGZ=`ls openssl-*.tar.gz` ;                                         \
 	if [ "x$$TGZ" = "x" ]; then                                         \

Index: TODO
===================================================================
RCS file: /home/minion/cvsroot/src/minion/TODO,v
retrieving revision 1.171
retrieving revision 1.172
diff -u -d -r1.171 -r1.172
--- TODO	8 Dec 2003 02:27:24 -0000	1.171
+++ TODO	8 Dec 2003 02:29:39 -0000	1.172
@@ -243,8 +243,10 @@
                   missing links would be sufficient.)
         - Client support
                 - Support for sending multiple copies of a packet?
-                - Automatically remove old messages from client queue.
-                - Flush messages to a single mix.
+                - Automatically remove old messages from client queue. (Add
+                  'warn after' and 'delete after' configuration options'.)
+                - Flush messages to a single mix, or set of mixes.
+                - Clean messages for a single mix, or set of mixes.
                 - Support to remove servers from imported set, or to block
                   servers from directory.
                 - Avoid timing distinguishability attack related to