Take https://2.na.dl.wireshark.org/src/all-versions/SIGNATURES-4.1.0.txt. This file has: ``` [...] wireshark-4.1.0.tar.xz: 44601140 bytes SHA256(wireshark-4.1.0.tar.xz)=9a32ae59f0a843aefd8856c0d208fc464b93ce9415fb8da8723c550c840ab1d5 SHA1(wireshark-4.1.0.tar.xz)=51760c8d53d562459fb6dbbf5bb266b3e37eb902 [...] ``` cksum normally has whitespace around the () and =. verify-sig.eclass can't currently cope with this: ``` src_unpack() { if [[ ${PV} == *9999* ]] ; then git-r3_src_unpack else if use verify-sig ; then verify-sig_verify_signed_checksums \ "${DISTDIR}"/${P}-signatures.txt \ sha256 \ "${DISTDIR}"/${P}.tar.xz fi default fi } ``` giving: ``` * Verifying wireshark-4.1.0-signatures.txt ... gpg: Signature made Fri 25 Aug 2023 19:02:16 BST gpg: using RSA key 5A5ADBA7DBEA6C3F87224F1982244A78E6FEAEEA gpg: Good signature from "Gerald Combs <gerald@wireshark.org>" [ultimate] gpg: aka "Gerald Combs <gerald@zing.org>" [ultimate] * ERROR: net-analyzer/wireshark-4.1.0::gentoo failed (unpack phase): * verify-sig_verify_unsigned_checksums: checksums for some of the specified files were missing * * Call stack: * ebuild.sh, line 136: Called src_unpack * environment, line 4102: Called verify-sig_verify_signed_checksums '/var/tmp/portage/net-analyzer/wireshark-4.1.0/distdir/wireshark-4.1.0-signatures.txt' 'sha256' '/var/tmp/portage/net-analyzer/wireshark-4.1.0/distdir/wireshark-4.1.0.tar.xz' * environment, line 5135: Called _gpg_verify_signed_checksums '/var/tmp/portage/net-analyzer/wireshark-4.1.0/distdir/wireshark-4.1.0-signatures.txt' 'sha256' '/var/tmp/portage/net-analyzer/wireshark-4.1.0/distdir/wireshark-4.1.0.tar.xz' '/usr/share/openpgp-keys/wireshark.asc' * environment, line 570: Called verify-sig_verify_unsigned_checksums '-' 'sha256' '/var/tmp/portage/net-analyzer/wireshark-4.1.0/distdir/wireshark-4.1.0.tar.xz' * environment, line 5176: Called die * The specific snippet of code: * [[ ${count} -eq ${#files[@]} ]] || die "${FUNCNAME}: checksums for some of the specified files were missing" * ``` It dies because it fails the cksum length check but it probably needs other mangling fixed too.
Can you figure out what tool was used to generate that, or if that format has a name?
(In reply to Michał Górny from comment #1) > Can you figure out what tool was used to generate that, or if that format > has a name? Quoting upstream's reply: ``` The SIGNATURES-x.y.z.txt files are generated using Python script. The hash file format is similar to the output of `openssl dgst`, except we omit the space after the "=" in order to avoid word wrapping. For example, we print SHA256(/dev/null)=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 instead of SHA256(/dev/null)= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ```
Could you prepare a PR with wireshark port and key package for me to work on? I'll handle the eclass part then. I wonder how to parse the format from bash. So far my best idea is to split on "(" and ")=". I suppose I could either read the whole line and play with variable subst to split it, or set IFS="()=" and let read split it.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=641ec528b58922e5be1af2cc8516a90510232a7f commit 641ec528b58922e5be1af2cc8516a90510232a7f Author: Sam James <sam@gentoo.org> AuthorDate: 2021-04-16 05:31:03 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2023-09-14 05:30:13 +0000 net-analyzer/wireshark: add support for verify-sig Bug: https://bugs.gentoo.org/913394 Closes: https://github.com/gentoo/gentoo/pull/20401 Closes: https://github.com/gentoo/gentoo/pull/32575 Signed-off-by: Sam James <sam@gentoo.org> Signed-off-by: Michał Górny <mgorny@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-4.1.0.ebuild | 25 +++++++++++++++++++++++++ net-analyzer/wireshark/wireshark-9999.ebuild | 25 +++++++++++++++++++++++++ 3 files changed, 51 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd33dd0699ca0a4c47e67cdd56035ce14436d84a commit cd33dd0699ca0a4c47e67cdd56035ce14436d84a Author: Sam James <sam@gentoo.org> AuthorDate: 2021-04-16 05:14:27 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2023-09-14 05:30:13 +0000 sec-keys/openpgp-keys-wireshark: initial import Bug: https://bugs.gentoo.org/913394 Signed-off-by: Sam James <sam@gentoo.org> Signed-off-by: Michał Górny <mgorny@gentoo.org> sec-keys/openpgp-keys-wireshark/Manifest | 1 + sec-keys/openpgp-keys-wireshark/metadata.xml | 9 +++++++++ .../openpgp-keys-wireshark-20230903.ebuild | 20 ++++++++++++++++++++ 3 files changed, 30 insertions(+)
