commit d9f378d284fb00021a73b72379863169322880e0
Author: Georg Koppen <gk(a)torproject.org>
Date: Fri Oct 25 08:23:49 2019 +0000
Bug 32284: Remove checked binary after check
When checking our .mar and .exe files for signing errors we keep the
checked files around until the whole check is done. This essentially
leads to doubling the amount of disk space for them during that time,
which could make the difference between someone being able to check
them successfully or not.
There is actually no need, though, to keep all the binaries until the
whole signature check is done and we remove the checked bundle from now
on immediately after a particular check finished.
---
tools/authenticode_check.sh | 3 ++-
tools/marsigning_check.sh | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/authenticode_check.sh b/tools/authenticode_check.sh
index c94682d..819c9d1 100755
--- a/tools/authenticode_check.sh
+++ b/tools/authenticode_check.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright (c) 2017, The Tor Project, Inc.
+# Copyright (c) 2019, The Tor Project, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -74,6 +74,7 @@ for f in `ls *.exe`; do
echo "$f does not have the SHA-256 sum of the unsigned bundle!"
BADSIGNED_BUNDLES=`expr $BADSIGNED_BUNDLES + 1`
fi
+ rm $f
cd ..
fi
done
diff --git a/tools/marsigning_check.sh b/tools/marsigning_check.sh
index 41b3b4d..0663603 100755
--- a/tools/marsigning_check.sh
+++ b/tools/marsigning_check.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright (c) 2016, The Tor Project, Inc.
+# Copyright (c) 2019, The Tor Project, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -85,6 +85,7 @@ for f in `ls *.mar`; do
echo "$f does not have the SHA-256 sum of the unsigned MAR file!"
BADSIGNED_MARS=`expr $BADSIGNED_MARS + 1`
fi
+ rm $f
cd ..
fi
done