From owner-svn-ports-all@freebsd.org Fri Mar 9 13:56:33 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4408CF2A3C3; Fri, 9 Mar 2018 13:56:33 +0000 (UTC) (envelope-from se@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E491977F54; Fri, 9 Mar 2018 13:56:32 +0000 (UTC) (envelope-from se@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D7F141FFF5; Fri, 9 Mar 2018 13:56:32 +0000 (UTC) (envelope-from se@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w29DuW0p094987; Fri, 9 Mar 2018 13:56:32 GMT (envelope-from se@FreeBSD.org) Received: (from se@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w29DuW06094985; Fri, 9 Mar 2018 13:56:32 GMT (envelope-from se@FreeBSD.org) Message-Id: <201803091356.w29DuW06094985@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: se set sender to se@FreeBSD.org using -f From: Stefan Esser Date: Fri, 9 Mar 2018 13:56:32 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r463960 - in head/security/pwned-check: . files X-SVN-Group: ports-head X-SVN-Commit-Author: se X-SVN-Commit-Paths: in head/security/pwned-check: . files X-SVN-Commit-Revision: 463960 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 13:56:33 -0000 Author: se Date: Fri Mar 9 13:56:32 2018 New Revision: 463960 URL: https://svnweb.freebsd.org/changeset/ports/463960 Log: Update to new datafile version with significantly more password hashes. Approved by: antoine (implicit) Modified: head/security/pwned-check/Makefile head/security/pwned-check/files/pwned-check.sh.in Modified: head/security/pwned-check/Makefile ============================================================================== --- head/security/pwned-check/Makefile Fri Mar 9 13:39:33 2018 (r463959) +++ head/security/pwned-check/Makefile Fri Mar 9 13:56:32 2018 (r463960) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= pwned-check -PORTVERSION= 1.0 +PORTVERSION= 2.0 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= # Modified: head/security/pwned-check/files/pwned-check.sh.in ============================================================================== --- head/security/pwned-check/files/pwned-check.sh.in Fri Mar 9 13:39:33 2018 (r463959) +++ head/security/pwned-check/files/pwned-check.sh.in Fri Mar 9 13:56:32 2018 (r463960) @@ -33,36 +33,48 @@ usage () # Fetch files with pwned password hashes fetchpwfiles () { - umask 022 - mkdir -p $DBDIR || errexit "No write permission on data directory." - local f s_txt s_txt_7z hash - while read f s_txt s_txt_7z hash - do - local f7z="$f.7z" - echo "Checking '$DBDIR/$f' ..." - local s_txt_is=$(stat -f %z $f 2>/dev/null) - if [ "$s_txt_is" != "$s_txt" ]; then - echo "Fetching '$DBDIR/$f' ..." - fetch -S $s_txt_7z "$URLBASE/$f7z" || errexit "Could not fetch '$URLBASE/$f7z'" - local hash_is=$(sha1 -q "$f7z") - if [ "$hash_is" != "$hash" ]; then + umask 022 + mkdir -p $DBDIR || errexit "No write permission on data directory." + local f s_txt s_txt_7z hash + while read f s_txt s_txt_7z hash + do + local f7z="$f.7z" + echo "Checking '$DBDIR/$f' ..." + local s_txt_is=$(stat -f %z $f 2>/dev/null) + if [ "$s_txt_is" != "$s_txt" ]; then + local s_txt_7z_is=$(stat -f %z $f7z 2>/dev/null) + if [ "$s_txt_7z_is" != "$s_txt_7z" ]; then + echo "Fetching '$DBDIR/$f7z' ..." + fetch -S $s_txt_7z "$URLBASE/$f7z" || errexit "Could not fetch '$URLBASE/$f7z'." + fi + echo "Checking '$DBDIR/$f7z' ..." + local hash_is=$(sha1 -q "$f7z") + if [ "$hash_is" != "$hash" ]; then + rm -f "$f7z" + errexit "File '$f7z' fails SHA1 check: '$hash_is' should be '$hash'." + fi + echo "Extracting '$DBDIR/$f' ..." + tar xOf "$f7z" | cut -d ":" -f 1 > "$f" || errexit "Decompression of file '$f7z' failed." + local s_txt_is=$(stat -f %z "$f") + if [ "$s_txt_is" != "$s_txt" ]; then + rm -f "$f" + errexit "File '$f' has size $s_txt_is after decompression, should be $s_txt." + fi + fi rm -f "$f7z" - errexit "File '$f7z' fails SHA1 check: '$hash_is' should be '$hash'." - fi - tar xf $f7z - local s_txt_is=$(stat -f %z $f) - if [ "$s_txt_is" != "$s_txt" ]; then - rm -f "$f" - errexit "File '$f' has size $s_txt_is after decompression, should be $s_txt." - fi - fi - rm -f "$f7z" - done <