mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-11 06:03:57 +08:00
script/seccomp.sh: check tarball sha256
Add checking of downloaded tarball checksum.
In case it doesn't match the hardcoded value, the error is like this:
libseccomp-2.5.4.tar.gz: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match
In case the checksum for a particular version is not specified in the
script, the error will look like this:
./script/seccomp.sh: line 29: SECCOMP_SHA256[${ver}]: unbound variable
In case the the hardcoded value in the file is of wrong format/length,
we'll get:
sha256sum: 'standard input': no properly formatted SHA256 checksum lines found
In any of these cases, the script aborts (due to set -e).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 95f1e2e18872de54a17d64b2d808255463ee3d93)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
committed by
Aleksa Sarai
parent
017cb29b32
commit
8242c05dab
+8
-1
@@ -5,6 +5,11 @@ set -e -u -o pipefail
|
||||
# shellcheck source=./script/lib.sh
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
||||
|
||||
# sha256 checksums for seccomp release tarballs.
|
||||
declare -A SECCOMP_SHA256=(
|
||||
["2.5.4"]=d82902400405cf0068574ef3dc1fe5f5926207543ba1ae6f8e7a1576351dcbdb
|
||||
)
|
||||
|
||||
# Due to libseccomp being LGPL we must include its sources,
|
||||
# so download, install and build against it.
|
||||
# Parameters:
|
||||
@@ -19,8 +24,10 @@ function build_libseccomp() {
|
||||
local arches=("$@")
|
||||
local tar="libseccomp-${ver}.tar.gz"
|
||||
|
||||
# Download and extract.
|
||||
# Download, check, and extract.
|
||||
wget "https://github.com/seccomp/libseccomp/releases/download/v${ver}/${tar}"{,.asc}
|
||||
sha256sum --strict --check - <<<"${SECCOMP_SHA256[${ver}]} *${tar}"
|
||||
|
||||
local srcdir
|
||||
srcdir="$(mktemp -d)"
|
||||
tar xf "$tar" -C "$srcdir"
|
||||
|
||||
Reference in New Issue
Block a user