MFC r306825: portsnap: use lam on the known good hash list

This change is equivalent to the approach committed in r306417, but if sed has a bug it could be exploited by the untrusted tar file. Instead, generate the expected tar content and compare that with find's output. Submitted by: cperciva (in review D8052)
author: emaste <emaste@FreeBSD.org> 2016-12-09 17:21:59 +0000
committer: emaste <emaste@FreeBSD.org> 2016-12-09 17:21:59 +0000
commit: 2bf9c38c43a95678a41a9dfb95771cc939e116fc (patch)
tree: abad5643719b1069d33e984d10af4e27d9aaa30e
parent: 710f9f13d715fbe927db6ab3db1e97f4eecd3835 (diff)
download: FreeBSD-src-2bf9c38c43a95678a41a9dfb95771cc939e116fc.zip
FreeBSD-src-2bf9c38c43a95678a41a9dfb95771cc939e116fc.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/portsnap/portsnap/portsnap.sh b/usr.sbin/portsnap/portsnap/portsnap.sh
index 501c530..0e16370 100644
--- a/usr.sbin/portsnap/portsnap/portsnap.sh
+++ b/usr.sbin/portsnap/portsnap/portsnap.sh
@@ -691,8 +691,9 @@ fetch_snapshot() {
 	fetch_index_sanity || return 1
 # Verify the snapshot contents
 	cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
-	cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected
-	find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap
+	cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u |
+	    lam -s 'snap/' - -s '.gz' > files.expected
+	find snap -mindepth 1 | sort > files.snap
 	if ! cmp -s files.expected files.snap; then
 		echo "unexpected files in snapshot."
 		return 1
author	emaste <emaste@FreeBSD.org>	2016-12-09 17:21:59 +0000
committer	emaste <emaste@FreeBSD.org>	2016-12-09 17:21:59 +0000
commit	2bf9c38c43a95678a41a9dfb95771cc939e116fc (patch)
tree	abad5643719b1069d33e984d10af4e27d9aaa30e
parent	710f9f13d715fbe927db6ab3db1e97f4eecd3835 (diff)
download	FreeBSD-src-2bf9c38c43a95678a41a9dfb95771cc939e116fc.zip FreeBSD-src-2bf9c38c43a95678a41a9dfb95771cc939e116fc.tar.gz