egberts · December 13, 2018 22:08 · egberts · Dec 13, 2018
diff --git a/gistfile1.txt b/gistfile1.txt
 #!/bin/bash
 BASENAME=`basename $0`
 TMPFILE="/tmp/$BASENAME-lib.tmp"
 echo "$BASENAME: Validate target binary and its libraries checksum"
 TARGET_BINARY=$1
 PACKAGES_FOUND="`apt-file search --fixed-string ${TARGET_BINARY}`"
 if [ -z "${PACKAGES_FOUND}" ]; then
  echo "No package found for ${TARGET_BINARY}."
  exit 1
 fi
 echo "$PACKAGES_FOUND" > $TMPFILE

 # There might be more than one packages having same filespec
 # so we have to loop on

 PKGS_FOUND=
 SUM_PKGS_CNT=0
 SUM_PKGS_WARN=0
 SUM_PKGS_ERR_NOT_FOUND=0
 SUM_PKGS_ERR_HASH=0
 while read pkg_name filespec; do
  THIS_PKG="`echo $pkg_name | cut -d':' -f1`"
  ((SUM_PKGS_CNT++))
  echo -n "Trying $THIS_PKG package..."
  debsums --no-prelink -s ${THIS_PKG} >/dev/null 2>&1
  RETSTS=$?
  if [ ${RETSTS} -ne 0 ]; then
    ((SUM_PKGS_WARN++))
    if [ ${RETSTS} -eq 1 ]; then
      echo "WARN: Debian package invalid/not installed."
      ((SUM_PKGS_ERR_NOT_FOUND++))
    fi
    if [ ${RETSTS} -eq 2 ]; then
      echo "WARN: Debian package checksum error."
      ((SUM_PKGS_ERR_HASH++))
    fi
  else
    PKGS_FOUND="$PKGS_FOUND $THIS_PKG"
    echo "OK"
  fi
 done < $TMPFILE
 if [ $SUM_PKGS_CNT -eq 0 ]; then
  echo "No package found for $TARGET_BINARY."
 fi
 if [ $SUM_PKGS_CNT -gt 0 ]; then
  if [ $SUM_PKGS_CNT -eq $SUM_PKGS_WARN ]; then
    echo "Multiple package scanned; not found for $TARGET_BINARY"
    exit 255
  fi
  if [ $SUM_PKGS_CNT -ne $SUM_PKGS_WARN ]; then
    echo "At least one package found for $TARGET_BINARY: $PKGS_FOUND"
  fi
 fi

 echo "Verifying $TARGET_BINARY binary and libraries..."
 echo "List of libraries and its associated Debian package:"
 LIBRARIES_USED="`ldd ${TARGET_BINARY}`"
 echo "$LIBRARIES_USED" > $TMPFILE

 # Iterate on each library
 SUM_LIB_CNT=0
 SUM_LIB_ERR=0
 SUM_LIB_ERR_NOT_FOUND=0
 LIB_PKGS_FOUND=""
 LIBS_LIST=""
 export LIB_PKGS_FOUND LIBS_LIST
 while read filename foperator filespec var4 var5; do
  ((SUM_LIB_CNT++))
  echo -ne "  ${filename}:\t\t"
  if [ "$foperator" == "=>" ]; then
    # library package check
    APT_FILE_RESULT="`apt-file search --fixed-string ${filespec}`"
    RETSTS=$?
    if [ ${RETSTS} -ne 0 ]; then
      ((SUM_LIB_ERR++))
      ((SUM_LIB_ERR_NOT_FOUND++))
      echo "not found in any Debian package."
    else
      LIB_PKG_FOUND="`echo ${APT_FILE_RESULT} | cut -d':' -f1`"
      LIB_PKGS_FOUND="${LIB_PKGS_FOUND} ${LIB_PKG_FOUND}"
      echo "${LIB_PKG_FOUND}"
    fi
  else
    # ldlinux check
    LIB_PKG_FOUND="libc6"
    LIB_PKGS_FOUND="${LIB_PKGS_FOUND} ${LIB_PKG_FOUND}"
    echo "${LIB_PKG_FOUND}"
  fi
 done < $TMPFILE
 rm $TMPFILE
 LIBS_LIST="$LIB_PKGS_FOUND"

 # Remove duplicate libraries (to save time checking on each)
 LIB_PKGS_FOUND="`echo ${LIBS_LIST} | xargs -n1 | sort -u | xargs`"
 echo "Checking packages:"
    
 SUM_PKG_CNT=0
 SUM_PKG_ERR=0
 SUM_PKG_ERR_NOT_FOUND=0
 SUM_PKG_ERR_HASH=0
 for THIS_PKG in ${LIB_PKGS_FOUND}; do
  ((SUM_PKG_CNT++))
  echo -ne "  Package: ${THIS_PKG}:\t"
  debsums --no-prelink -s ${THIS_PKG} >/dev/null 2>&1
  RETSTS=$?
  if [ ${RETSTS} -ne 0 ]; then
    ((SUM_PKG_ERR++))
    if [ ${RETSTS} -eq 1 ]; then
      echo "ERROR: Debian package invalid/not installed."
      ((SUM_PKG_ERR_NOT_FOUND++))
    fi
    if [ ${RETSTS} -eq 2 ]; then
      echo "ERROR: Debian package checksum failed."
      ((SUM_PKG_ERR_HASH++))
    fi
  else
    echo "OK"
  fi
 done

 echo "           DuplicatePkgs Packages  Libraries"
 echo "checked:           $SUM_PKGS_CNT        $SUM_PKG_CNT        $SUM_LIB_CNT"
 echo "warnings:          $SUM_PKGS_WARN"
 echo "errors:                     $SUM_PKG_ERR        $SUM_LIB_ERR"
 echo "hash errors:       $SUM_PKGS_ERR_HASH        $SUM_PKG_ERR_HASH"
 echo "missing/invalid:   $SUM_PKGS_ERR_NOT_FOUND        $SUM_PKG_ERR_NOT_FOUND        $SUM_LIB_ERR_NOT_FOUND" 

 if [ $SUM_PKG_ERR -gt 0 ]; then
  echo "Errors found."
 else
  echo "No error; OK."
 fi
 # pass exit code to caller without using exit command
 # (in case this script got source'd)
 (exit $SUM_LIB_ERR)
	#!/bin/bash
	BASENAME=`basename $0`
	TMPFILE="/tmp/$BASENAME-lib.tmp"
	echo "$BASENAME: Validate target binary and its libraries checksum"
	TARGET_BINARY=$1
	PACKAGES_FOUND="`apt-file search --fixed-string ${TARGET_BINARY}`"
	if [ -z "${PACKAGES_FOUND}" ]; then
	echo "No package found for ${TARGET_BINARY}."
	exit 1
	fi
	echo "$PACKAGES_FOUND" > $TMPFILE

	# There might be more than one packages having same filespec
	# so we have to loop on

	PKGS_FOUND=
	SUM_PKGS_CNT=0
	SUM_PKGS_WARN=0
	SUM_PKGS_ERR_NOT_FOUND=0
	SUM_PKGS_ERR_HASH=0
	while read pkg_name filespec; do
	THIS_PKG="`echo $pkg_name \| cut -d':' -f1`"
	((SUM_PKGS_CNT++))
	echo -n "Trying $THIS_PKG package..."
	debsums --no-prelink -s ${THIS_PKG} >/dev/null 2>&1
	RETSTS=$?
	if [ ${RETSTS} -ne 0 ]; then
	((SUM_PKGS_WARN++))
	if [ ${RETSTS} -eq 1 ]; then
	echo "WARN: Debian package invalid/not installed."
	((SUM_PKGS_ERR_NOT_FOUND++))
	fi
	if [ ${RETSTS} -eq 2 ]; then
	echo "WARN: Debian package checksum error."
	((SUM_PKGS_ERR_HASH++))
	fi
	else
	PKGS_FOUND="$PKGS_FOUND $THIS_PKG"
	echo "OK"
	fi
	done < $TMPFILE
	if [ $SUM_PKGS_CNT -eq 0 ]; then
	echo "No package found for $TARGET_BINARY."
	fi
	if [ $SUM_PKGS_CNT -gt 0 ]; then
	if [ $SUM_PKGS_CNT -eq $SUM_PKGS_WARN ]; then
	echo "Multiple package scanned; not found for $TARGET_BINARY"
	exit 255
	fi
	if [ $SUM_PKGS_CNT -ne $SUM_PKGS_WARN ]; then
	echo "At least one package found for $TARGET_BINARY: $PKGS_FOUND"
	fi
	fi

	echo "Verifying $TARGET_BINARY binary and libraries..."
	echo "List of libraries and its associated Debian package:"
	LIBRARIES_USED="`ldd ${TARGET_BINARY}`"
	echo "$LIBRARIES_USED" > $TMPFILE

	# Iterate on each library
	SUM_LIB_CNT=0
	SUM_LIB_ERR=0
	SUM_LIB_ERR_NOT_FOUND=0
	LIB_PKGS_FOUND=""
	LIBS_LIST=""
	export LIB_PKGS_FOUND LIBS_LIST
	while read filename foperator filespec var4 var5; do
	((SUM_LIB_CNT++))
	echo -ne " ${filename}:\t\t"
	if [ "$foperator" == "=>" ]; then
	# library package check
	APT_FILE_RESULT="`apt-file search --fixed-string ${filespec}`"
	RETSTS=$?
	if [ ${RETSTS} -ne 0 ]; then
	((SUM_LIB_ERR++))
	((SUM_LIB_ERR_NOT_FOUND++))
	echo "not found in any Debian package."
	else
	LIB_PKG_FOUND="`echo ${APT_FILE_RESULT} \| cut -d':' -f1`"
	LIB_PKGS_FOUND="${LIB_PKGS_FOUND} ${LIB_PKG_FOUND}"
	echo "${LIB_PKG_FOUND}"
	fi
	else
	# ldlinux check
	LIB_PKG_FOUND="libc6"
	LIB_PKGS_FOUND="${LIB_PKGS_FOUND} ${LIB_PKG_FOUND}"
	echo "${LIB_PKG_FOUND}"
	fi
	done < $TMPFILE
	rm $TMPFILE
	LIBS_LIST="$LIB_PKGS_FOUND"

	# Remove duplicate libraries (to save time checking on each)
	LIB_PKGS_FOUND="`echo ${LIBS_LIST} \| xargs -n1 \| sort -u \| xargs`"
	echo "Checking packages:"

	SUM_PKG_CNT=0
	SUM_PKG_ERR=0
	SUM_PKG_ERR_NOT_FOUND=0
	SUM_PKG_ERR_HASH=0
	for THIS_PKG in ${LIB_PKGS_FOUND}; do
	((SUM_PKG_CNT++))
	echo -ne " Package: ${THIS_PKG}:\t"
	debsums --no-prelink -s ${THIS_PKG} >/dev/null 2>&1
	RETSTS=$?
	if [ ${RETSTS} -ne 0 ]; then
	((SUM_PKG_ERR++))
	if [ ${RETSTS} -eq 1 ]; then
	echo "ERROR: Debian package invalid/not installed."
	((SUM_PKG_ERR_NOT_FOUND++))
	fi
	if [ ${RETSTS} -eq 2 ]; then
	echo "ERROR: Debian package checksum failed."
	((SUM_PKG_ERR_HASH++))
	fi
	else
	echo "OK"
	fi
	done

	echo " DuplicatePkgs Packages Libraries"
	echo "checked: $SUM_PKGS_CNT $SUM_PKG_CNT $SUM_LIB_CNT"
	echo "warnings: $SUM_PKGS_WARN"
	echo "errors: $SUM_PKG_ERR $SUM_LIB_ERR"
	echo "hash errors: $SUM_PKGS_ERR_HASH $SUM_PKG_ERR_HASH"
	echo "missing/invalid: $SUM_PKGS_ERR_NOT_FOUND $SUM_PKG_ERR_NOT_FOUND $SUM_LIB_ERR_NOT_FOUND"

	if [ $SUM_PKG_ERR -gt 0 ]; then
	echo "Errors found."
	else
	echo "No error; OK."
	fi
	# pass exit code to caller without using exit command
	# (in case this script got source'd)
	(exit $SUM_LIB_ERR)