Skip to content

Commit

Permalink
Update checksum verification
Browse files Browse the repository at this point in the history
`sha256sum` is not available in GH CI, and `shasum` on macOS expects a different format for `--check` (two spaces between the digest and the filename.)

Fall back to verify only the digest manually, and print out the mismatch if any.
  • Loading branch information
nil4 committed Nov 8, 2024
1 parent 36d6171 commit 296570b
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions scripts/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,15 @@ if [[ ! -f "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz" ]]; then
echo "Downloading openssl-${OPENSSL_VERSION}.tar.gz"
curl -fL "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" -o "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz"
curl -fL "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz.sha256" -o "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256"

sha256sum --strict --check "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256"
DIGEST_EXPECTED=$( cat "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256" | awk '{ print " "$1}' )
DIGEST_ACTUAL=$( shasum -a 256 "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz" | awk '{ print " "$1}' )

if [[ "${DIGEST_EXPECTED}" != "${DIGEST_ACTUAL}" ]]; then
echo "openssl-${OPENSSL_VERSION}.tar.gz: checksum mismatch"
echo "expected: ${DIGEST_EXPECTED}"
echo "found: ${DIGEST_ACTUAL}"
exit 1
fi
rm -f "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256"
fi

Expand Down

0 comments on commit 296570b

Please sign in to comment.