aboutsummaryrefslogtreecommitdiffstats
path: root/Library/Homebrew/cask/lib/hbc/verify
diff options
context:
space:
mode:
authorAnastasiaSulyagina2016-08-18 22:11:42 +0300
committerAnastasiaSulyagina2016-08-19 14:50:14 +0300
commite81f4ab7deeb40308f240be5ea00091fc8786d7a (patch)
treeb5418f9149de71c0f05f90cb2b39ab47f46e27b4 /Library/Homebrew/cask/lib/hbc/verify
parent5c7c9de669025bbe4cad9829be39c5cf3b31ad25 (diff)
downloadbrew-e81f4ab7deeb40308f240be5ea00091fc8786d7a.tar.bz2
init
Diffstat (limited to 'Library/Homebrew/cask/lib/hbc/verify')
-rw-r--r--Library/Homebrew/cask/lib/hbc/verify/checksum.rb43
-rw-r--r--Library/Homebrew/cask/lib/hbc/verify/gpg.rb60
2 files changed, 103 insertions, 0 deletions
diff --git a/Library/Homebrew/cask/lib/hbc/verify/checksum.rb b/Library/Homebrew/cask/lib/hbc/verify/checksum.rb
new file mode 100644
index 000000000..3af6f1667
--- /dev/null
+++ b/Library/Homebrew/cask/lib/hbc/verify/checksum.rb
@@ -0,0 +1,43 @@
+require "digest"
+
+class Hbc::Verify::Checksum
+ def self.me?(cask)
+ return true unless cask.sha256 == :no_check
+ ohai "No checksum defined for Cask #{cask}, skipping verification"
+ false
+ end
+
+ attr_reader :cask, :downloaded_path
+
+ def initialize(cask, downloaded_path)
+ @cask = cask
+ @downloaded_path = downloaded_path
+ end
+
+ def verify
+ return unless self.class.me?(cask)
+ ohai "Verifying checksum for Cask #{cask}"
+ verify_checksum
+ end
+
+ private
+
+ def expected
+ @expected ||= cask.sha256
+ end
+
+ def computed
+ @computed ||= Digest::SHA2.file(downloaded_path).hexdigest
+ end
+
+ def verify_checksum
+ raise Hbc::CaskSha256MissingError, "sha256 required: sha256 '#{computed}'" if expected.nil? || expected.empty?
+
+ if expected == computed
+ odebug "SHA256 checksums match"
+ else
+ ohai 'Note: running "brew update" may fix sha256 checksum errors'
+ raise Hbc::CaskSha256MismatchError.new(downloaded_path, expected, computed)
+ end
+ end
+end
diff --git a/Library/Homebrew/cask/lib/hbc/verify/gpg.rb b/Library/Homebrew/cask/lib/hbc/verify/gpg.rb
new file mode 100644
index 000000000..6190f67d1
--- /dev/null
+++ b/Library/Homebrew/cask/lib/hbc/verify/gpg.rb
@@ -0,0 +1,60 @@
+class Hbc::Verify::Gpg
+ def self.me?(cask)
+ cask.gpg
+ end
+
+ attr_reader :cask, :downloaded_path
+
+ def initialize(cask, downloaded_path, command = Hbc::SystemCommand)
+ @command = command
+ @cask = cask
+ @downloaded_path = downloaded_path
+ end
+
+ def available?
+ return @available unless @available.nil?
+ @available = self.class.me?(cask) && installed?
+ end
+
+ def installed?
+ cmd = @command.run("/usr/bin/type",
+ args: ["-p", "gpg"])
+
+ # if `gpg` is found, return its absolute path
+ cmd.success? ? cmd.stdout : false
+ end
+
+ def fetch_sig(force = false)
+ unversioned_cask = cask.version.is_a?(Symbol)
+ cached = cask.metadata_subdir("gpg") unless unversioned_cask
+
+ meta_dir = cached || cask.metadata_subdir("gpg", :now, true)
+ sig_path = meta_dir.join("signature.asc")
+
+ curl(cask.gpg.signature, "-o", sig_path.to_s) unless cached || force
+
+ sig_path
+ end
+
+ def import_key
+ args = if cask.gpg.key_id
+ ["--recv-keys", cask.gpg.key_id]
+ elsif cask.gpg.key_url
+ ["--fetch-key", cask.gpg.key_url.to_s]
+ end
+
+ @command.run!("gpg", args: args)
+ end
+
+ def verify
+ return unless available?
+ import_key
+ sig = fetch_sig
+
+ ohai "Verifying GPG signature for #{cask}"
+
+ @command.run!("gpg",
+ args: ["--verify", sig, downloaded_path],
+ print_stdout: true)
+ end
+end