Skip to content

Commit d63356a

Browse files
Kaniska244Kaniska244
committed
Further change to put function for common code as per review comment.
1 parent 908208a commit d63356a

1 file changed

Lines changed: 40 additions & 19 deletions

File tree

src/terraform/install.sh

Lines changed: 40 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -406,6 +406,30 @@ verify_terraform_sig() {
406406
verify_signature TERRAFORM_GPG_KEY "$sha256sums_url" "$sig_url" "terraform_SHA256SUMS" "terraform_SHA256SUMS.sig"
407407
}
408408

409+
verify_with_fallback() {
410+
# $1: import_gpg_key_fn
411+
# $2: sha256sums_url
412+
# $3: sig_url
413+
# $4: fallback_verify_fn
414+
# $5: sha256sums_file
415+
# $6: sig_file
416+
local import_gpg_key_fn="$1"
417+
local sha256sums_url="$2"
418+
local sig_url="$3"
419+
local fallback_verify_fn="$4"
420+
local sha256sums_file="$5"
421+
local sig_file="$6"
422+
423+
$import_gpg_key_fn
424+
curl -sSL -o "$sha256sums_file" "$sha256sums_url"
425+
curl -sSL -o "$sig_file" "$sig_url"
426+
if ! gpg --verify "$sig_file" "$sha256sums_file"; then
427+
echo "Primary GPG verification failed, attempting fallback verification..."
428+
$fallback_verify_fn
429+
fi
430+
}
431+
432+
409433
mkdir -p /tmp/tf-downloads
410434
cd /tmp/tf-downloads
411435
# Install Terraform, tflint, Terragrunt
@@ -419,14 +443,13 @@ fi
419443
if [ "${TERRAFORM_SHA256}" != "dev-mode" ]; then
420444
if [ "${TERRAFORM_SHA256}" = "automatic" ]; then
421445
if [ "$IS_NOBLE" -eq 1 ]; then
422-
import_hashicorp_gpg_key_noble
423-
curl -sSL -o terraform_SHA256SUMS "${HASHICORP_RELEASES_URL}/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS"
424-
curl -sSL -o terraform_SHA256SUMS.sig "${HASHICORP_RELEASES_URL}/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.${TERRAFORM_GPG_KEY}.sig"
425-
gpg --list-keys
426-
if ! gpg --verify terraform_SHA256SUMS.sig terraform_SHA256SUMS; then
427-
echo "Primary GPG verification failed, attempting fallback verification..."
428-
verify_terraform_sig
429-
fi
446+
verify_with_fallback \
447+
import_hashicorp_gpg_key_noble \
448+
"${HASHICORP_RELEASES_URL}/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS" \
449+
"${HASHICORP_RELEASES_URL}/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.${TERRAFORM_GPG_KEY}.sig" \
450+
verify_terraform_sig \
451+
terraform_SHA256SUMS \
452+
terraform_SHA256SUMS.sig
430453
else
431454
verify_terraform_sig
432455
fi
@@ -532,20 +555,18 @@ if [ "${INSTALL_SENTINEL}" = "true" ]; then
532555
if [ "${SENTINEL_SHA256}" != "dev-mode" ]; then
533556
if [ "${SENTINEL_SHA256}" = "automatic" ]; then
534557
if [ "$IS_NOBLE" -eq 1 ]; then
535-
import_hashicorp_gpg_key_noble
536-
curl -sSL -o sentinel_checksums.txt ${sentinel_releases_url}/${SENTINEL_VERSION}/sentinel_${SENTINEL_VERSION}_SHA256SUMS
537-
curl -sSL -o sentinel_checksums.txt.sig ${sentinel_releases_url}/${SENTINEL_VERSION}/sentinel_${SENTINEL_VERSION}_SHA256SUMS.${TERRAFORM_GPG_KEY}.sig
538-
if ! gpg --verify sentinel_checksums.txt.sig sentinel_checksums.txt; then
539-
echo "Primary GPG verification failed, attempting fallback verification..."
540-
verify_sentinel_sig
541-
fi
542-
# Verify the SHASUM matches the archive
543-
shasum -a 256 --ignore-missing -c sentinel_checksums.txt
558+
verify_with_fallback \
559+
import_hashicorp_gpg_key_noble \
560+
"${sentinel_releases_url}/${SENTINEL_VERSION}/sentinel_${SENTINEL_VERSION}_SHA256SUMS" \
561+
"${sentinel_releases_url}/${SENTINEL_VERSION}/sentinel_${SENTINEL_VERSION}_SHA256SUMS.${TERRAFORM_GPG_KEY}.sig" \
562+
verify_sentinel_sig \
563+
sentinel_checksums.txt \
564+
sentinel_checksums.txt.sig
544565
else
545566
verify_sentinel_sig
546-
# Verify the SHASUM matches the archive
547-
shasum -a 256 --ignore-missing -c sentinel_checksums.txt
548567
fi
568+
# Verify the SHASUM matches the archive
569+
shasum -a 256 --ignore-missing -c sentinel_checksums.txt
549570
else
550571
echo "${SENTINEL_SHA256} *${SENTINEL_FILENAME}" >sentinel_checksums.txt
551572
fi

0 commit comments

Comments
 (0)