@@ -260,6 +260,22 @@ version-from-github() {
260260 versions[" ${pkg} " ]=" ${version} "
261261}
262262
263+ # <checksum> <target>
264+ validate-checksum () {
265+ local sum=" ${1##* " :" } " type=" ${1%% " :" * } " target=" ${2} "
266+
267+ case " ${type} " in
268+ sha256)
269+ echo " - validating checksum ${target} "
270+ " ${type} sum" --check - <<< " ${sum} ${target}" & > /dev/null
271+ ;;
272+ * )
273+ echo " unsupported checksum type ${type} !" >&2
274+ exit 1
275+ ;;
276+ esac
277+ }
278+
263279# <packages...>
264280install-from-apt () {
265281 if ! which apt-get & > /dev/null; then
@@ -287,49 +303,14 @@ install-from-npm() {
287303 done
288304}
289305
290- # <target> <source> <checksum-bin>
291- install-from-bin () {
292- local target=" ${1} " source=" ${2} " checksum_bin=" ${3:- } " checksum
293-
294- echo " - installing ${target} "
295-
296- if [[ -e " ${target} " ]] && [[ -n " ${checksum_bin} " ]]; then
297- checksum=" $( sha256sum " ${target} " ) "
298- if [[ " ${checksum_bin# " sha256:" } " == " ${checksum%% " " * } " ]]; then
299- echo " - installed ${target} matches desired binary checksum, skipping"
300- return
301- fi
302- fi
303-
304- echo " - fetching ${target} "
305- curl -#LOs " ${source} "
306-
307- checksum=" $( sha256sum " ${source##* " /" } " ) "
308- if [[ -n " ${checksum_bin} " ]]; then
309- echo " - checking binary checksum ${source##* " /" } "
310- if [[ " ${checksum_bin# " sha256:" } " != " ${checksum%% " " * } " ]]; then
311- echo " - error: ${source##* " /" } does not match desired binary checksum (${checksum_bin# " sha256:" } vs ${checksum%% " " * } ), skipping"
312- return
313- fi
314- else
315- echo " - warning: missing desired binary checksum, skipping validation (bin sha256:${checksum%% " " * } )"
316- fi
317-
318- install -Tm 755 " ${source##* " /" } " " ${target} "
319- rm -rf " ${source##* " /" } "
320-
321- echo " - installed ${target} "
322- }
323-
324306# <target> <source> <intermediate> <checksum-bin> <checksum-pkg>
325- install-from-tar () {
326- local target=" ${1} " source=" ${2} " intermediate=" ${3} " checksum_bin=" ${4:- } " checksum_pkg=" ${5:- } " checksum
307+ install-from-url () {
308+ local target=" ${1} " source=" ${2} " intermediate=" ${3} " checksum_bin=" ${4:- } " checksum_pkg=" ${5:- } "
327309
328310 echo " installing ${target} "
329311
330312 if [[ -e " ${target} " ]] && [[ -n " ${checksum_bin} " ]]; then
331- checksum=" $( sha256sum " ${target} " ) "
332- if [[ " ${checksum_bin# " sha256:" } " == " ${checksum%% " " * } " ]]; then
313+ if validate-checksum " ${checksum_bin} " " ${target} " ; then
333314 echo " - installed ${target} matches desired binary checksum, skipping"
334315 return
335316 fi
@@ -338,75 +319,39 @@ install-from-tar() {
338319 echo " - fetching ${target} "
339320 curl -#LO " ${source} "
340321
341- checksum=" $( sha256sum " ${source##* " /" } " ) "
342- if [[ -n " ${checksum_pkg} " ]]; then
343- echo " - checking package checksum ${source##* " /" } "
344- if [[ " ${checksum_pkg# " sha256:" } " != " ${checksum%% " " * } " ]]; then
345- echo " - error: ${source##* " /" } does not match desired package checksum (${checksum_pkg# " sha256:" } vs ${checksum%% " " * } ), skipping"
346- return
347- fi
348- else
349- echo " - warning: missing desired package checksum, skipping validation (pkg sha256:${checksum%% " " * } )"
350- fi
351-
352- tar -xf " ${source##* " /" } " " ${intermediate} "
353-
354- checksum=" $( sha256sum " ${intermediate} " ) "
355- if [[ -n " ${checksum_bin} " ]]; then
356- echo " - checking binary checksum ${intermediate} "
357- if [[ " ${checksum_bin# " sha256:" } " != " ${checksum%% " " * } " ]]; then
358- echo " - error: ${intermediate} does not match desired binary checksum (${checksum_bin# " sha256:" } vs ${checksum%% " " * } ), skipping"
359- return
360- fi
361- else
362- echo " - warning: missing desired binary checksum, skipping validation (bin sha256:${checksum%% " " * } )"
363- fi
364-
365- install -Tm 755 " ${intermediate} " " ${target} "
366- rm -rf " ${source##* " /" } " " ${intermediate%% " /" * } "
367-
368- echo " - installed ${target} "
369- }
370-
371- # <target> <source> <intermediate> <checksum-pkg> <checksum-bin>
372- install-from-zip () {
373- local target=" ${1} " source=" ${2} " intermediate=" ${3} " checksum_bin=" ${4:- } " checksum_pkg=" ${5:- } " checksum
374-
375- echo " installing ${target} "
376-
377- if [[ -e " ${target} " ]] && [[ -n " ${checksum_bin} " ]]; then
378- checksum=" $( sha256sum " ${target} " ) "
379- if [[ " ${checksum_bin# " sha256:" } " == " ${checksum%% " " * } " ]]; then
380- echo " - installed ${target} matches desired binary checksum, skipping"
381- return
322+ if [[ -n " ${intermediate} " ]]; then
323+ if [[ -n " ${checksum_pkg} " ]]; then
324+ if ! validate-checksum " ${checksum_pkg} " " ${source##* " /" } " ; then
325+ echo " - error: ${source##* " /" } does not match desired package checksum, skipping installation"
326+ return
327+ fi
328+ else
329+ echo " - warning: missing desired package checksum, skipping validation"
382330 fi
383- fi
384-
385- echo " - fetching ${target} "
386- curl -#LOs " ${source} "
387331
388- checksum=" $( sha256sum " ${source##* " /" } " ) "
389- if [[ -n " ${checksum_pkg} " ]]; then
390- echo " - checking package checksum ${source##* " /" } "
391- if [[ " ${checksum_pkg# " sha256:" } " != " ${checksum%% " " * } " ]]; then
392- echo " - error: ${source##* " /" } does not match desired package checksum, skipping"
332+ case " ${source} " in
333+ * .tar.gz | * .tgz)
334+ tar -xf " ${source##* " /" } " " ${intermediate} "
335+ ;;
336+ * .zip)
337+ unzip " ${source##* " /" } " " ${intermediate} "
338+ ;;
339+ * )
340+ echo " - warning: unsupported package for ${source} , skipping installation" >&2
393341 return
394- fi
342+ ;;
343+ esac
395344 else
396- echo " - warning: missing desired package checksum, skipping validation (pkg sha256: ${checksum %% " " * } ) "
345+ intermediate= " ${source ##* " / " } "
397346 fi
398347
399- unzip " ${source##* " /" } " " ${intermediate} "
400-
401- checksum=" $( sha256sum " ${intermediate} " ) "
402348 if [[ -n " ${checksum_bin} " ]]; then
403- echo " - checking binary checksum ${intermediate} "
404- if [[ " ${checksum_bin# " sha256:" } " != " ${checksum%% " " * } " ]]; then
405- echo " - error: ${intermediate} does not match desired binary checksum (${checksum_bin# " sha256:" } vs ${checksum%% " " * } ), skipping"
349+ if ! validate-checksum " ${checksum_bin} " " ${intermediate} " ; then
350+ echo " - error: ${intermediate} does not match desired binary checksum, skipping installation"
406351 return
407352 fi
408353 else
409- echo " - warning: missing desired binary checksum, skipping validation (bin sha256: ${checksum %% " " * } ) "
354+ echo " - warning: missing desired binary checksum, skipping validation"
410355 fi
411356
412357 install -Tm 755 " ${intermediate} " " ${target} "
@@ -502,29 +447,12 @@ main() {
502447 source=" $( envsubst <<< " ${source}" ) "
503448 intermediate=" $( envsubst <<< " ${intermediate}" ) "
504449
505- case " ${source} " in
506- " " )
450+ if [[ -z " ${source} " ]]; then
507451 echo " error: no source mapping found for ${ref} , skipping..."
508452 continue
509- ;;
510- * .tar.gz | * .tgz)
511- if [[ -z " ${intermediate} " ]]; then
512- echo " error: no intermediate mapping found for ${ref} , skipping..."
513- continue
514- fi
515- install-from-tar " ${target} " " ${source} " " ${intermediate} " " ${checksum[0]:- } " " ${checksum[1]:- } "
516- ;;
517- * .zip)
518- if [[ -z " ${intermediate} " ]]; then
519- echo " error: no intermediate mapping found for ${ref} , skipping..."
520- continue
521- fi
522- install-from-zip " ${target} " " ${source} " " ${intermediate} " " ${checksum[0]:- } " " ${checksum[1]:- } "
523- ;;
524- * )
525- install-from-bin " ${target} " " ${source} " " ${checksum[0]:- } "
526- ;;
527- esac
453+ fi
454+
455+ install-from-url " ${target} " " ${source} " " ${intermediate:- } " " ${checksum[0]:- } " " ${checksum[1]:- } "
528456 done
529457 fi
530458}
0 commit comments