From 3fe32dbea4f2f21a058b07a367df4f3e6c4e4538 Mon Sep 17 00:00:00 2001
From: Georg Koppen <gk@torproject.org>
Date: Fri, 25 Oct 2019 08:23:49 +0000
Subject: [PATCH] Bug 32284: Remove checked binary after check
When checking our .mar and .exe files for signing errors we keep the
checked files around until the whole check is done. This essentially
leads to doubling the amount of disk space for them during that time,
which could make the difference between someone being able to check
them successfully or not.
There is actually no need, though, to keep all the binaries until the
whole signature check is done and we remove the checked bundle from now
on immediately after a particular check finished.
---
tools/authenticode_check.sh | 3 ++-
tools/marsigning_check.sh | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/authenticode_check.sh b/tools/authenticode_check.sh
index c94682d16..819c9d19c 100755
--- a/tools/authenticode_check.sh
+++ b/tools/authenticode_check.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright (c) 2017, The Tor Project, Inc.
+# Copyright (c) 2019, The Tor Project, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -74,6 +74,7 @@ for f in `ls *.exe`; do
echo "$f does not have the SHA-256 sum of the unsigned bundle!"
BADSIGNED_BUNDLES=`expr $BADSIGNED_BUNDLES + 1`
fi
+ rm $f
cd ..
fi
done
diff --git a/tools/marsigning_check.sh b/tools/marsigning_check.sh
index 41b3b4d9c..066360315 100755
--- a/tools/marsigning_check.sh
+++ b/tools/marsigning_check.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright (c) 2016, The Tor Project, Inc.
+# Copyright (c) 2019, The Tor Project, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -85,6 +85,7 @@ for f in `ls *.mar`; do
echo "$f does not have the SHA-256 sum of the unsigned MAR file!"
BADSIGNED_MARS=`expr $BADSIGNED_MARS + 1`
fi
+ rm $f
cd ..
fi
done
--
GitLab