Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(install.sh): verify the archive checksum #988

Merged
merged 4 commits into from
Aug 1, 2023
Merged

feat(install.sh): verify the archive checksum #988

merged 4 commits into from
Aug 1, 2023

Conversation

EtienneM
Copy link
Member

@EtienneM EtienneM commented Jul 31, 2023
edited
Loading

If valid, output is:

-----> Downloading Scalingo client...  DONE
-----> Verifying the checksum...  VALID
[...]

If invalid, output is:

-----> Downloading Scalingo client...  DONE
-----> Verifying the checksum...  INVALID
 !     Checksums don't match ('3fdec56b8647953744fe4c9094dd7b0a0952b1cb9416bc7e315cde00b8db557a' != '3fdec56b8647953744fe4c9094dd7b0a0952b1cb9416bc7e315cde00b8db557a')
 !     You may want to retry to install the Scalingo CLI. If the problem persists, please contact our support team.

I'm not sure we want to keep displaying the checksums in the error message, what do you think?

Fix #422

  • Add a changelog entry in the section "To Be Released" of CHANGELOG.md

@EtienneM EtienneM self-assigned this Jul 31, 2023
@EtienneM EtienneM changed the title feat(install.sh): verify the checksum feat(install.sh): verify the archive checksum Jul 31, 2023
@EtienneM EtienneM force-pushed the fix/422/cli_checksums branch 2 times, most recently from 426ae71 to effe653 Compare July 31, 2023 14:23
EtienneM
EtienneM commented Jul 31, 2023
View reviewed changes
dists/install.sh
@@ -112,30 +112,44 @@ main() {

version=$(curl --silent https://cli-dl.scalingo.com/version | tr -d ' \t\n')
if [ -z "$version" ]; then
echo "-----> Fail to get the version of the CLI" >&2
echo "You probably have an old version of curl. Please check your curl version and update accordingly." >&2
error "Fail to get the version of the CLI\n"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also updated a few lines to use the error function when we want to display error messages.

@EtienneM EtienneM marked this pull request as ready for review July 31, 2023 14:31
@EtienneM EtienneM requested a review from ipfaze July 31, 2023 14:31
ipfaze
ipfaze approved these changes Jul 31, 2023
View reviewed changes
Copy link
Contributor

@ipfaze ipfaze left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some suggestion and nitpick otherwise LGTM 👍

dists/install.sh Outdated
checksum_expected=$(wget -q --output-document - $checksums_url | grep $archive_name | cut -d " " -f 1)
if [[ "$checksum_computed" != "$checksum_expected" ]]; then
echo "INVALID"
error "Checksums don't match ('$checksum_computed' != '$checksum_expected').\n"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion(non-blocking): As you said in the PR description, I'm not sure either to keep displaying the checksums.
Could it be possible to only display "Checksums don't match" but when adding DEBUG=1, then display the checksums?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is already a DEBUG=true which defines set -x, which would display the variables content. Hence I removed my line.

dists/install.sh Outdated
status "Verifying the checksum... "
checksums_url="https://github.com/Scalingo/cli/releases/download/${version}/checksums.txt"
checksum_computed=$(sha256sum ${tmpdir}/${archive_name} | cut -d " " -f1)
checksum_expected=$(wget -q --output-document - $checksums_url | grep $archive_name | cut -d " " -f 1)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick(non-blocking): Can you use the full arguments rather than the shortcut ones?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a blocking comment, you are right ;)

@EtienneM EtienneM merged commit 953bb6c into master Aug 1, 2023
4 checks passed
@EtienneM EtienneM deleted the fix/422/cli_checksums branch August 1, 2023 08:36
@curzolapierre curzolapierre mentioned this pull request Sep 7, 2023
Closed
@curzolapierre curzolapierre mentioned this pull request Sep 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ipfaze ipfaze ipfaze approved these changes

Assignees

@EtienneM EtienneM

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Release files should have a checksum
2 participants
@EtienneM @ipfaze