Fix checksum verification

The current approach was prone to spurious failures when `perl` feels chatty, e.g.: ``` $ shasum -a 256 openssl-3.4.0.tar.gz perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = (unset), LANG = "en_XX.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). e15dda82fe2fe8139dc2ac21a36d4ca01d5313c75f99f46c4e8a27709b7294bf openssl-3.4.0.tar.gz ``` Instead, verify the checksum file directly.
royalapplications · Nov 8, 2024 · 36d6171 · 36d6171
1 parent ede60e6
commit 36d6171
Showing 1 changed file with 1 addition and 6 deletions.
diff --git a/scripts/build.sh b/scripts/build.sh
@@ -23,13 +23,8 @@ if [[ ! -f "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz" ]]; then
   echo "Downloading openssl-${OPENSSL_VERSION}.tar.gz"
   curl -fL "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" -o "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz"
   curl -fL "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz.sha256" -o "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256"
-  DIGEST=$( cat "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256" )
 
-  if [[ "$(shasum -a 256 "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz" | awk '{ print " "$1}')" != "${DIGEST}" ]]
-  then
-    echo "openssl-${OPENSSL_VERSION}.tar.gz: checksum mismatch"
-    exit 1
-  fi
+  sha256sum --strict --check "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256"
   rm -f "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256"
 fi