-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(install.sh): verify the archive checksum #988
Conversation
426ae71
to
effe653
Compare
@@ -112,30 +112,44 @@ main() { | |||
|
|||
version=$(curl --silent https://cli-dl.scalingo.com/version | tr -d ' \t\n') | |||
if [ -z "$version" ]; then | |||
echo "-----> Fail to get the version of the CLI" >&2 | |||
echo "You probably have an old version of curl. Please check your curl version and update accordingly." >&2 | |||
error "Fail to get the version of the CLI\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also updated a few lines to use the error
function when we want to display error messages.
8b21f01
to
5cde48d
Compare
5cde48d
to
b784803
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some suggestion and nitpick otherwise LGTM 👍
dists/install.sh
Outdated
checksum_expected=$(wget -q --output-document - $checksums_url | grep $archive_name | cut -d " " -f 1) | ||
if [[ "$checksum_computed" != "$checksum_expected" ]]; then | ||
echo "INVALID" | ||
error "Checksums don't match ('$checksum_computed' != '$checksum_expected').\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggestion(non-blocking): As you said in the PR description, I'm not sure either to keep displaying the checksums.
Could it be possible to only display "Checksums don't match" but when adding DEBUG=1
, then display the checksums?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is already a DEBUG=true
which defines set -x
, which would display the variables content. Hence I removed my line.
dists/install.sh
Outdated
status "Verifying the checksum... " | ||
checksums_url="https://github.com/Scalingo/cli/releases/download/${version}/checksums.txt" | ||
checksum_computed=$(sha256sum ${tmpdir}/${archive_name} | cut -d " " -f1) | ||
checksum_expected=$(wget -q --output-document - $checksums_url | grep $archive_name | cut -d " " -f 1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick(non-blocking): Can you use the full arguments rather than the shortcut ones?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be a blocking comment, you are right ;)
If valid, output is:
If invalid, output is:
I'm not sure we want to keep displaying the checksums in the error message, what do you think?
Fix #422