From bc3340c33d20604c5b596a736e90cc15f55f3ccd Mon Sep 17 00:00:00 2001 From: merakor Date: Wed, 27 May 2020 17:01:54 +0000 Subject: kiss-chbuild: verify checksums FossilOrigin-Name: b6bd32ef178a37590eb44d65e8790f64a354b8dc75b99879f5822f380e1dc70a --- contrib/kiss-chbuild | 49 +++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 8 deletions(-) (limited to 'contrib') diff --git a/contrib/kiss-chbuild b/contrib/kiss-chbuild index 2b406d1..2caf87e 100755 --- a/contrib/kiss-chbuild +++ b/contrib/kiss-chbuild @@ -4,30 +4,63 @@ case "$1" in --help|-h) printf '\033[1;33m-> \033[m%s\n' "usage: ${0##*/}"; exit log() { printf '\033[31;1m->\033[m %s.\n' "$@" ;} -clean() { - log "Destroying chroot" - su -c "rm -rf chroot-$pid" || clean +die() { + rm -f carbs-rootfs.tar.xz carbs-rootfs.tar.xz.sum + + log "$@" + log "Re-run 'kiss-chbuild' to try again." + + exit 1 } +sh256() { + # There's no standard utility to generate sha256 checksums. + # This is a simple wrapper around sha256sum, sha256, shasum + # and openssl which will use whatever is available. + # + # All utilities must match 'sha256sum' output. + # + # Example: ' ' + [ -e "$1" ] || return 0 + + hash=$(sha256sum "$1" || + sha256 -r "$1" || + openssl dgst -sha256 -r "$1" || + shasum -a 256 "$1") + + printf '%s %s\n' "${hash%% *}" "$1" +} 2>/dev/null + +case "$(uname -m)" in i*86) arch=i686; esac +url="https://dl.carbslinux.org/releases/${arch:-$(uname -m)}/carbs-rootfs.tar.xz" pid=$$ cd "${cac_dir:=$KISS_ROOT${XDG_CACHE_HOME:-$HOME/.cache}/kiss}" [ -f carbs-rootfs.tar.xz ] || { log "Downloading chroot tarball" - wget https://dl.carbslinux.org/releases/carbs-rootfs.tar.xz + curl -fLO "$url" } +[ -f carbs-rootfs.tar.xz.sum ] || { + log "Downloading checksums" + curl -fLo- "${url%/*}/sha256sums.txt" | + grep ' carbs-rootfs.tar.xz$' > carbs-rootfs.tar.xz.sum +} + +log "Verifying checksums" +sh256 carbs-rootfs.tar.xz | diff - carbs-rootfs.tar.xz.sum || + die "Checksum verification failed" + + [ -d carbs-chroot ] || { log "Extracting chroot" mkdir -p carbs-chroot - tar xvf carbs-rootfs.tar.xz -C carbs-chroot + ( cd carbs-chroot; tar xf ../carbs-rootfs.tar.xz ) } log "Creating temporary chroot" cp -a carbs-chroot "chroot-$pid" -trap clean EXIT INT - log "Entering chroot" -su -c "kiss-chroot chroot-$pid" +su -c "kiss-chroot chroot-$pid; rm -rf chroot-$pid" -- cgit v1.2.3