diff --git a/Misc/pubring.kbx b/Misc/pubring.kbx index 611fddee..e0691807 100644 Binary files a/Misc/pubring.kbx and b/Misc/pubring.kbx differ diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index c7dacb1f..26c18fa6 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -27,10 +27,10 @@ resetWorkspace() { } export -f resetWorkspace; -verifyAllTags() { - repo forall -c 'source $DOS_WORKSPACE_ROOT/Scripts/Common/Tag_Verifier.sh && verifyTagIfPossible $REPO_PROJECT $REPO_PATH'; +verifyAllPlatformTags() { + repo forall -c 'source $DOS_WORKSPACE_ROOT/Scripts/Common/Tag_Verifier.sh && verifyTagIfPlatform $REPO_PROJECT $REPO_PATH'; } -export -f verifyAllTags; +export -f verifyAllPlatformTags; enter() { echo "================================================================================================" diff --git a/Scripts/Common/Tag_Verifier.sh b/Scripts/Common/Tag_Verifier.sh index 82cd0fa9..a326502d 100644 --- a/Scripts/Common/Tag_Verifier.sh +++ b/Scripts/Common/Tag_Verifier.sh @@ -20,11 +20,16 @@ source "$DOS_SCRIPTS_COMMON/Shell.sh"; gpgVerifyGitTag() { if [ -r "$DOS_TMP_GNUPG/pubring.kbx" ]; then - if git -C "$1" verify-tag "$2" &>/dev/null; then - echo -e "\e[0;32mGPG Verified Git Tag Successfully: $1\e[0m"; + tagMatch=$(git -C "$1" describe --exact-match HEAD); + if [ ! -z "$tagMatch" ]; then + if git -C "$1" verify-tag "$tagMatch" &>/dev/null; then + echo -e "\e[0;32mGPG Verified Git Tag Successfully: $1\e[0m"; + else + echo -e "\e[0;31mWARNING: GPG Verification of Git Tag Failed: $1\e[0m"; + #sleep 60; + fi; else - echo -e "\e[0;31mWARNING: GPG Verification of Git Tag Failed: $1\e[0m"; - #sleep 60; + echo -e "\e[0;33mWARNING: No tag match for $1 \e[0m"; fi; #git -C $1 log --show-signature -1; else @@ -33,14 +38,9 @@ gpgVerifyGitTag() { } export -f gpgVerifyGitHead; -verifyTagIfPossible() { +verifyTagIfPlatform() { if [[ "$1" == "platform/"* ]]; then - tagMatch=$(git -C "$DOS_BUILD_BASE$2" describe --exact-match HEAD); - if [ ! -z "$tagMatch" ]; then - gpgVerifyGitTag "$DOS_BUILD_BASE$2" "$tagMatch"; - else - echo -e "\e[0;33mWARNING: No tag match for $2 \e[0m"; - fi; + gpgVerifyGitTag "$DOS_BUILD_BASE$2"; fi; } -export -f verifyTagIfPossible; +export -f verifyTagIfPlatform; diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index 68562173..93579f45 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -100,8 +100,8 @@ patchWorkspace() { cd "$DOS_BUILD_BASE$1"; touch DOS_PATCHED_FLAG; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi; - verifyAllTags; - gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview"; + verifyAllPlatformTags; + gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview"; source build/envsetup.sh; #repopick -it bt-sbc-hd-dualchannel-nougat; diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 4ff67646..e3e91735 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -79,8 +79,9 @@ patchWorkspace() { cd "$DOS_BUILD_BASE$1"; touch DOS_PATCHED_FLAG; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - verifyAllTags; - gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview"; + verifyAllPlatformTags; + #gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc"; + gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview"; #source build/envsetup.sh; diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index ada51300..8f8611e9 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -71,8 +71,9 @@ patchWorkspace() { cd "$DOS_BUILD_BASE$1"; touch DOS_PATCHED_FLAG; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - verifyAllTags; - gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview"; + verifyAllPlatformTags; + gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc"; + gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview"; source build/envsetup.sh; #repopick -it pie-firewall; diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh index e394a8e7..057456de 100644 --- a/Scripts/LineageOS-17.1/Functions.sh +++ b/Scripts/LineageOS-17.1/Functions.sh @@ -77,8 +77,9 @@ patchWorkspace() { cd "$DOS_BUILD_BASE$1"; touch DOS_PATCHED_FLAG; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - verifyAllTags; - gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview"; + verifyAllPlatformTags; + gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc"; + gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview"; #source build/envsetup.sh; #repopick -it ten-firewall; diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh index 7d1f4645..818a5bfd 100644 --- a/Scripts/LineageOS-18.1/Functions.sh +++ b/Scripts/LineageOS-18.1/Functions.sh @@ -118,8 +118,9 @@ patchWorkspace() { cd "$DOS_BUILD_BASE$1"; touch DOS_PATCHED_FLAG; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - verifyAllTags; - gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview"; + verifyAllPlatformTags; + gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc"; + gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview"; #source build/envsetup.sh; #repopick -it eleven-firewall; diff --git a/Scripts/LineageOS-19.1/Functions.sh b/Scripts/LineageOS-19.1/Functions.sh index 2086c10c..ab2eca54 100644 --- a/Scripts/LineageOS-19.1/Functions.sh +++ b/Scripts/LineageOS-19.1/Functions.sh @@ -109,8 +109,10 @@ patchWorkspace() { cd "$DOS_BUILD_BASE$1"; touch DOS_PATCHED_FLAG; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - verifyAllTags; - gpgVerifyGitHead $DOS_BUILD_BASE"external/chromium-webview"; + verifyAllPlatformTags; + gpgVerifyGitTag "$DOS_BUILD_BASE/external/hardened_malloc"; + gpgVerifyGitTag "$DOS_BUILD_BASE/external/SecureCamera"; + gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview"; #source build/envsetup.sh; diff --git a/Scripts/init.sh b/Scripts/init.sh index bb7d20fd..321af0da 100644 --- a/Scripts/init.sh +++ b/Scripts/init.sh @@ -186,4 +186,5 @@ gpgVerifyGitHead $DOS_WALLPAPERS; source "$DOS_SCRIPTS_COMMON/Shell.sh"; source "$DOS_SCRIPTS_COMMON/Functions.sh"; +source "$DOS_SCRIPTS_COMMON/Tag_Verifier.sh"; source "$DOS_SCRIPTS/Functions.sh";