Skip to content

Commit 3f339fc

Browse files
mitchell-asmitchell-as
committed
Moved artifact checksum validation into artifactvalidator.
Validating attestations and checksums should probably be in the same area.
1 parent 0406964 commit 3f339fc

2 files changed

Lines changed: 24 additions & 19 deletions

File tree

pkg/platform/runtime/artifactvalidator/validator.go

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -128,3 +128,25 @@ func addIntermediatesToPool(cert *x509.Certificate, pool *x509.CertPool) {
128128
}
129129
}
130130
}
131+
132+
func ValidateChecksum(archivePath string, expectedChecksum string) error {
133+
if expectedChecksum != "" {
134+
logging.Debug("Validating checksum for %s", archivePath)
135+
} else {
136+
logging.Debug("Skipping checksum validation for %s because the Platform did not provide a checksum to validate against.")
137+
return nil
138+
}
139+
140+
checksum, err := fileutils.Sha256Hash(archivePath)
141+
if err != nil {
142+
return errs.Wrap(err, "Failed to compute checksum for "+archivePath)
143+
}
144+
145+
if checksum != expectedChecksum {
146+
logging.Debug("Checksum validation failed. Expected '%s', but was '%s'", expectedChecksum, checksum)
147+
// Note: the artifact name will be reported higher up the chain
148+
return locale.WrapError(err, "artifact_checksum_failed", "Checksum validation failed")
149+
}
150+
151+
return nil
152+
}

pkg/platform/runtime/setup/setup.go

Lines changed: 2 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ import (
3131
apimodel "github.com/ActiveState/cli/pkg/platform/model"
3232
"github.com/ActiveState/cli/pkg/platform/runtime/artifact"
3333
"github.com/ActiveState/cli/pkg/platform/runtime/artifactcache"
34+
"github.com/ActiveState/cli/pkg/platform/runtime/artifactvalidator"
3435
"github.com/ActiveState/cli/pkg/platform/runtime/envdef"
3536
"github.com/ActiveState/cli/pkg/platform/runtime/executor"
3637
"github.com/ActiveState/cli/pkg/platform/runtime/model"
@@ -587,25 +588,7 @@ func (s *Setup) downloadArtifactWithProgress(unsignedURI string, targetFile stri
587588
// verifyArtifact verifies the checksum of the downloaded artifact matches the checksum given by the
588589
// platform, and returns an error if the verification fails.
589590
func (s *Setup) verifyArtifact(archivePath string, a artifact.ArtifactDownload) error {
590-
if a.Checksum != "" {
591-
logging.Debug("Validating checksum for %s", archivePath)
592-
} else {
593-
logging.Debug("Skipping checksum validation for %s because the Platform did not provide a checksum to validate against.")
594-
return nil
595-
}
596-
597-
checksum, err := fileutils.Sha256Hash(archivePath)
598-
if err != nil {
599-
return errs.Wrap(err, "Failed to compute checksum for "+a.ArtifactID.String())
600-
}
601-
602-
if checksum != a.Checksum {
603-
logging.Debug("Checksum validation failed. Expected '%s', but was '%s'", a.Checksum, checksum)
604-
// Note: the artifact name will be reported higher up the chain
605-
return locale.WrapError(err, "artifact_checksum_failed", "Checksum validation failed")
606-
}
607-
608-
return nil
591+
return artifactvalidator.ValidateChecksum(archivePath, a.Checksum)
609592
}
610593

611594
// downloadArtifact downloads an artifact and returns the local path to that artifact's archive.

0 commit comments

Comments
 (0)