Skip to content

Commit b59d4e7

Browse files
committed
rustup: Add support for verifying remote hashes
1 parent 25fb12b commit b59d4e7

File tree

1 file changed

+32
-0
lines changed

1 file changed

+32
-0
lines changed

src/etc/rustup.sh

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -244,6 +244,7 @@ create_tmp_dir() {
244244
probe_need CFG_CURL curl
245245
probe_need CFG_TAR tar
246246
probe_need CFG_FILE file
247+
probe_need CFG_SHASUM shasum
247248

248249
CFG_SRC_DIR="$(cd $(dirname $0) && pwd)/"
249250
CFG_SELF="$0"
@@ -431,10 +432,39 @@ CARGO_TARBALL_NAME="${CARGO_PACKAGE_NAME_AND_TRIPLE}.tar.gz"
431432
CARGO_LOCAL_INSTALL_DIR="${CFG_TMP_DIR}/${CARGO_PACKAGE_NAME_AND_TRIPLE}"
432433
CARGO_LOCAL_INSTALL_SCRIPT="${CARGO_LOCAL_INSTALL_DIR}/install.sh"
433434

435+
verify_hash() {
436+
remote_sha256="$1"
437+
local_file="$2"
438+
439+
msg "Downloading ${remote_sha256}"
440+
remote_sha256=`"${CFG_CURL}" -f "${remote_sha256}"`
441+
if [ "$?" -ne 0 ]; then
442+
rm -Rf "${CFG_TMP_DIR}"
443+
err "Failed to download ${remote_url}"
444+
fi
445+
446+
msg "Verifying hash"
447+
local_sha256=`"${CFG_SHASUM}" -a 256 "${local_file}"`
448+
if [ "$?" -ne 0 ]; then
449+
rm -Rf "${CFG_TMP_DIR}"
450+
err "Failed to compute hash for ${local_tarball}"
451+
fi
452+
453+
# We only need the sha, not the filenames
454+
remote_sha256=`echo ${remote_sha256} | cut -f 1 -d ' '`
455+
local_sha256=`echo ${local_sha256} | cut -f 1 -d ' '`
456+
457+
if [ "${remote_sha256}" != "${local_sha256}" ]; then
458+
rm -Rf "${CFG_TMP_DIR}"
459+
err "invalid sha256.\n ${remote_sha256}\t${remote_tarball}\n ${local_sha256}\t${local_tarball}"
460+
fi
461+
}
462+
434463
# Fetch the package.
435464
download_package() {
436465
remote_tarball="$1"
437466
local_tarball="$2"
467+
remote_sha256="${remote_tarball}.sha256"
438468

439469
msg "Downloading ${remote_tarball} to ${local_tarball}"
440470

@@ -444,6 +474,8 @@ download_package() {
444474
rm -Rf "${CFG_TMP_DIR}"
445475
err "failed to download installer"
446476
fi
477+
478+
verify_hash "${remote_sha256}" "${local_tarball}"
447479
}
448480

449481
# Wrap all the commands needed to install a package.

0 commit comments

Comments
 (0)