From 36d61715df6761c08fe446270680cfe62155084b Mon Sep 17 00:00:00 2001 From: nil4 Date: Fri, 8 Nov 2024 10:02:16 +0100 Subject: [PATCH] Fix checksum verification The current approach was prone to spurious failures when `perl` feels chatty, e.g.: ``` $ shasum -a 256 openssl-3.4.0.tar.gz perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = (unset), LANG = "en_XX.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). e15dda82fe2fe8139dc2ac21a36d4ca01d5313c75f99f46c4e8a27709b7294bf openssl-3.4.0.tar.gz ``` Instead, verify the checksum file directly. --- scripts/build.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/scripts/build.sh b/scripts/build.sh index 18cb20c..1ea8dc3 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -23,13 +23,8 @@ if [[ ! -f "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz" ]]; then echo "Downloading openssl-${OPENSSL_VERSION}.tar.gz" curl -fL "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" -o "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz" curl -fL "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz.sha256" -o "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256" - DIGEST=$( cat "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256" ) - if [[ "$(shasum -a 256 "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz" | awk '{ print " "$1}')" != "${DIGEST}" ]] - then - echo "openssl-${OPENSSL_VERSION}.tar.gz: checksum mismatch" - exit 1 - fi + sha256sum --strict --check "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256" rm -f "${BUILD_ROOT_DIR}/openssl-${OPENSSL_VERSION}.tar.gz.sha256" fi