From 628c1ceba972a0d4bc46b916ecded8da3943c16a Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Mon, 4 Dec 2017 20:20:42 +0100 Subject: [pkg] verify the remaining libs apparently, lzo and mbedtls do not like gpg. --- pkg/thirdparty/openvpn/build_openvpn.sh | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) (limited to 'pkg/thirdparty') diff --git a/pkg/thirdparty/openvpn/build_openvpn.sh b/pkg/thirdparty/openvpn/build_openvpn.sh index 1810d991..cefae5dd 100755 --- a/pkg/thirdparty/openvpn/build_openvpn.sh +++ b/pkg/thirdparty/openvpn/build_openvpn.sh @@ -3,6 +3,7 @@ ############################################################################# # Builds OpenVPN statically against mbedtls (aka polarssl). # Requirements: cmake +# Output: ~/openvpn_build/sbin/openvpn-x.y.z ############################################################################# set -e @@ -27,6 +28,12 @@ LZO="lzo-2.10" ZLIB="zlib-1.2.11" MBEDTLS="mbedtls-2.6.0" OPENVPN="openvpn-2.4.4" + +# [!] This needs to be updated for every release -------------------------- +LZO_SHA1="4924676a9bae5db58ef129dc1cebce3baa3c4b5d" +MBEDTLS_SHA1="0e657805b5dc9777e0e0333a95d7886ae8f0314e" +# ------------------------------------------------------------------------- +ZLIB_KEYS="https://pgp.mit.edu/pks/lookup?op=get&search=0x783FCD8E58BCAFBA" OPENVPN_KEYS="https://swupdate.openvpn.net/community/keys/security.key.asc" WGET="wget --prefer-family=IPv4" @@ -45,10 +52,12 @@ MAKE="make -j2" function build_zlib() { + gpg --fetch-keys $ZLIB_KEYS mkdir $SRC/zlib && cd $SRC/zlib if [ ! -f $ZLIB.tar.gz ]; then - $WGET http://zlib.net/$ZLIB.tar.gz + $WGET https://zlib.net/$ZLIB.tar.gz + $WGET https://zlib.net/$ZLIB.tar.gz.asc fi tar zxvf $ZLIB.tar.gz cd $ZLIB @@ -74,6 +83,13 @@ function build_mbedtls() if [ ! -f $MBEDTLS-gpl.tgz ]; then $WGET https://tls.mbed.org/download/$MBEDTLS-gpl.tgz fi + sha1=`sha1sum $MBEDTLS-gpl.tgz | cut -d' ' -f 1` + if [ "${MBEDTLS_SHA1}" = "${sha1}" ]; then + echo "[+] sha1 verified ok" + else + echo "[!] problem with sha1 verification" + exit 1 + fi tar zxvf $MBEDTLS-gpl.tgz cd $MBEDTLS mkdir -p build @@ -94,6 +110,13 @@ function build_lzo2() if [ ! -f $LZO.tar.gz ]; then $WGET http://www.oberhumer.com/opensource/lzo/download/$LZO.tar.gz fi + sha1=`sha1sum $LZO.tar.gz | cut -d' ' -f 1` + if [ "${LZO_SHA1}" = "${sha1}" ]; then + echo "[+] sha1 verified ok" + else + echo "[!] problem with sha1 verification" + exit 1 + fi tar zxvf $LZO.tar.gz cd $LZO @@ -114,12 +137,12 @@ function build_lzo2() function build_openvpn() { mkdir $SRC/openvpn && cd $SRC/openvpn - $WGET -q -O - $OPENVPN_KEYS | gpg --import + gpg --fetch-keys $OPENVPN_KEYS if [ ! -f $OPENVPN.tar.gz ]; then $WGET http://swupdate.openvpn.org/community/releases/$OPENVPN.tar.gz $WGET http://swupdate.openvpn.org/community/releases/$OPENVPN.tar.gz.asc fi - gpg --verify $OPENVPN.tar.gz.asc && echo "[+] gpg verification ok" + gpg --verify $OPENVPN.tar.gz.asc && echo "[+] gpg verification ok" tar zxvf $OPENVPN.tar.gz cd $OPENVPN @@ -134,7 +157,7 @@ function build_openvpn() --with-crypto-library=mbedtls \ --enable-small \ --disable-debug \ - --enable-iproute2 + --enable-iproute2 $MAKE LIBS="-all-static -lz -llzo2" make install DESTDIR=$BASE/openvpn -- cgit v1.2.3