Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 24abe07

Browse filesBrowse files
fasenderosMoLow
fasenderos
authored and
MoLow
committed
tools: log and verify sha256sum
PR-URL: #48088 Refs: nodejs/security-wg#973 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
1 parent 446f611 commit 24abe07
Copy full SHA for 24abe07
Expand file treeCollapse file tree

15 files changed

+219
-15
lines changed
Open diff view settings
Collapse file

‎tools/dep_updaters/update-ada.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-ada.sh
+5-1Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd)
66
DEPS_DIR="$BASE_DIR/deps"
77
ADA_VERSION=$1
88

9+
# shellcheck disable=SC1091
10+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
11+
912
if [ "$#" -le 0 ]; then
1013
echo "Error: please provide an ada version to update to"
1114
echo " e.g. $0 1.0.0"
@@ -25,13 +28,14 @@ cleanup () {
2528
trap cleanup INT TERM EXIT
2629

2730
ADA_REF="v$ADA_VERSION"
28-
ADA_ZIP="ada-$ADA_VERSION.zip"
31+
ADA_ZIP="ada-$ADA_REF.zip"
2932
ADA_LICENSE="LICENSE-MIT"
3033

3134
cd "$WORKSPACE"
3235

3336
echo "Fetching ada source archive..."
3437
curl -sL -o "$ADA_ZIP" "https://github.com/ada-url/ada/releases/download/$ADA_REF/singleheader.zip"
38+
log_and_verify_sha256sum "ada" "$ADA_ZIP"
3539
unzip "$ADA_ZIP"
3640
rm "$ADA_ZIP"
3741

Collapse file

‎tools/dep_updaters/update-base64.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-base64.sh
+9-1Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
88
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
99
[ -x "$NODE" ] || NODE=$(command -v node)
1010

11+
# shellcheck disable=SC1091
12+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
13+
1114
NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
1215
const res = await fetch('https://api.github.com/repos/aklomp/base64/releases/latest');
1316
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
@@ -39,8 +42,13 @@ trap cleanup INT TERM EXIT
3942

4043
cd "$WORKSPACE"
4144

45+
BASE64_TARBALL="base64-v$NEW_VERSION.tar.gz"
46+
4247
echo "Fetching base64 source archive"
43-
curl -sL "https://api.github.com/repos/aklomp/base64/tarball/v$NEW_VERSION" | tar xzf -
48+
curl -sL -o "$BASE64_TARBALL" "https://api.github.com/repos/aklomp/base64/tarball/v$NEW_VERSION"
49+
log_and_verify_sha256sum "base64" "$BASE64_TARBALL"
50+
gzip -dc "$BASE64_TARBALL" | tar xf -
51+
rm "$BASE64_TARBALL"
4452
mv aklomp-base64-* base64
4553

4654
echo "Replacing existing base64"
Collapse file

‎tools/dep_updaters/update-brotli.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-brotli.sh
+6-2Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
88
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
99
[ -x "$NODE" ] || NODE=$(command -v node)
1010

11+
# shellcheck disable=SC1091
12+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
13+
1114
NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
1215
const res = await fetch('https://api.github.com/repos/google/brotli/releases/latest');
1316
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
@@ -44,10 +47,11 @@ trap cleanup INT TERM EXIT
4447

4548
cd "$WORKSPACE"
4649

47-
BROTLI_TARBALL="v$NEW_VERSION.tar.gz"
50+
BROTLI_TARBALL="brotli-v$NEW_VERSION.tar.gz"
4851

4952
echo "Fetching brotli source archive"
50-
curl -sL -o "$BROTLI_TARBALL" "https://github.com/google/brotli/archive/$BROTLI_TARBALL"
53+
curl -sL -o "$BROTLI_TARBALL" "https://github.com/google/brotli/archive/v$NEW_VERSION.tar.gz"
54+
log_and_verify_sha256sum "brotli" "$BROTLI_TARBALL"
5155
gzip -dc "$BROTLI_TARBALL" | tar xf -
5256
rm "$BROTLI_TARBALL"
5357
mv "brotli-$NEW_VERSION" "brotli"
Collapse file

‎tools/dep_updaters/update-c-ares.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-c-ares.sh
+7-1Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
88
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
99
[ -x "$NODE" ] || NODE=$(command -v node)
1010

11+
# shellcheck disable=SC1091
12+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
13+
1114
NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
1215
const res = await fetch('https://api.github.com/repos/c-ares/c-ares/releases/latest');
1316
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
@@ -43,7 +46,10 @@ ARES_TARBALL="c-ares-$NEW_VERSION.tar.gz"
4346
cd "$WORKSPACE"
4447

4548
echo "Fetching c-ares source archive"
46-
curl -sL "https://github.com/c-ares/c-ares/releases/download/$ARES_REF/$ARES_TARBALL" | tar xz
49+
curl -sL -o "$ARES_TARBALL" "https://github.com/c-ares/c-ares/releases/download/$ARES_REF/$ARES_TARBALL"
50+
log_and_verify_sha256sum "c-ares" "$ARES_TARBALL"
51+
gzip -dc "$ARES_TARBALL" | tar xf -
52+
rm "$ARES_TARBALL"
4753
mv "c-ares-$NEW_VERSION" cares
4854

4955
echo "Removing tests"
Collapse file

‎tools/dep_updaters/update-libuv.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-libuv.sh
+9-1Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ DEPS_DIR="$BASE_DIR/deps"
77
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
88
[ -x "$NODE" ] || NODE=$(command -v node)
99

10+
# shellcheck disable=SC1091
11+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
12+
1013
NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
1114
const res = await fetch('https://api.github.com/repos/libuv/libuv/releases/latest');
1215
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
@@ -45,8 +48,13 @@ trap cleanup INT TERM EXIT
4548

4649
cd "$WORKSPACE"
4750

51+
LIBUV_TARBALL="libuv-v$NEW_VERSION.tar.gz"
52+
4853
echo "Fetching libuv source archive..."
49-
curl -sL "https://api.github.com/repos/libuv/libuv/tarball/v$NEW_VERSION" | tar xzf -
54+
curl -sL -o "$LIBUV_TARBALL" "https://api.github.com/repos/libuv/libuv/tarball/v$NEW_VERSION"
55+
log_and_verify_sha256sum "libuv" "$LIBUV_TARBALL"
56+
gzip -dc "$LIBUV_TARBALL" | tar xf -
57+
rm "$LIBUV_TARBALL"
5058
mv libuv-libuv-* uv
5159

5260
echo "Replacing existing libuv (except GYP build files)"
Collapse file

‎tools/dep_updaters/update-llhttp.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-llhttp.sh
+9-5Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ DEPS_DIR="${BASE_DIR}/deps"
99
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
1010
[ -x "$NODE" ] || NODE=$(command -v node)
1111

12+
# shellcheck disable=SC1091
13+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
14+
1215
NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
1316
const res = await fetch('https://api.github.com/repos/nodejs/llhttp/releases/latest');
1417
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
@@ -52,19 +55,20 @@ if echo "$NEW_VERSION" | grep -qs "/" ; then # Download a release
5255
echo "Checking out branch $BRANCH ..."
5356
git checkout "$BRANCH"
5457

55-
echo "Building llhtttp ..."
58+
echo "Building llhttp ..."
5659
npm install
5760
make release
5861

59-
echo "Copying llhtttp release ..."
62+
echo "Copying llhttp release ..."
6063
rm -rf "$DEPS_DIR/llhttp"
6164
cp -a release "$DEPS_DIR/llhttp"
6265
else
6366
echo "Download llhttp release $NEW_VERSION ..."
64-
curl -sL -o llhttp.tar.gz "https://github.com/nodejs/llhttp/archive/refs/tags/release/v$NEW_VERSION.tar.gz"
65-
gzip -dc llhttp.tar.gz | tar xf -
67+
LLHTTP_TARBALL="llhttp-v$NEW_VERSION.tar.gz"
68+
curl -sL -o "$LLHTTP_TARBALL" "https://github.com/nodejs/llhttp/archive/refs/tags/release/v$NEW_VERSION.tar.gz"
69+
gzip -dc "$LLHTTP_TARBALL" | tar xf -
6670

67-
echo "Copying llhtttp release ..."
71+
echo "Copying llhttp release ..."
6872
rm -rf "$DEPS_DIR/llhttp"
6973
cp -a "llhttp-release-v$NEW_VERSION" "$DEPS_DIR/llhttp"
7074
fi
Collapse file

‎tools/dep_updaters/update-nghttp2.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-nghttp2.sh
+8Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
88
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
99
[ -x "$NODE" ] || NODE=$(command -v node)
1010

11+
# shellcheck disable=SC1091
12+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
13+
1114
NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
1215
const res = await fetch('https://api.github.com/repos/nghttp2/nghttp2/releases/latest');
1316
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
@@ -44,6 +47,11 @@ cd "$WORKSPACE"
4447

4548
echo "Fetching nghttp2 source archive"
4649
curl -sL -o "$NGHTTP2_TARBALL" "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/$NGHTTP2_TARBALL"
50+
51+
DEPOSITED_CHECKSUM=$(curl -sL "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/checksums.txt" | grep "$NGHTTP2_TARBALL")
52+
53+
log_and_verify_sha256sum "nghttp2" "$NGHTTP2_TARBALL" "$DEPOSITED_CHECKSUM"
54+
4755
gzip -dc "$NGHTTP2_TARBALL" | tar xf -
4856
rm "$NGHTTP2_TARBALL"
4957
mv "nghttp2-$NEW_VERSION" nghttp2
Collapse file

‎tools/dep_updaters/update-nghttp3.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-nghttp3.sh
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ DEPS_DIR="$BASE_DIR/deps"
77
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
88
[ -x "$NODE" ] || NODE=$(command -v node)
99

10+
# shellcheck disable=SC1091
11+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
12+
1013
NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
1114
const res = await fetch('https://api.github.com/repos/ngtcp2/nghttp3/releases');
1215
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
@@ -44,6 +47,7 @@ cd "$WORKSPACE"
4447

4548
echo "Fetching nghttp3 source archive..."
4649
curl -sL -o "$NGHTTP3_ZIP.zip" "https://github.com/ngtcp2/nghttp3/archive/refs/tags/$NGHTTP3_REF.zip"
50+
log_and_verify_sha256sum "nghttp3" "$NGHTTP3_ZIP.zip"
4751
unzip "$NGHTTP3_ZIP.zip"
4852
rm "$NGHTTP3_ZIP.zip"
4953
mv "$NGHTTP3_ZIP" nghttp3
Collapse file

‎tools/dep_updaters/update-ngtcp2.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-ngtcp2.sh
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ DEPS_DIR="$BASE_DIR/deps"
77
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
88
[ -x "$NODE" ] || NODE=$(command -v node)
99

10+
# shellcheck disable=SC1091
11+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
12+
1013
NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
1114
const res = await fetch('https://api.github.com/repos/ngtcp2/ngtcp2/releases');
1215
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
@@ -44,6 +47,7 @@ cd "$WORKSPACE"
4447

4548
echo "Fetching ngtcp2 source archive..."
4649
curl -sL -o "$NGTCP2_ZIP.zip" "https://github.com/ngtcp2/ngtcp2/archive/refs/tags/$NGTCP2_REF.zip"
50+
log_and_verify_sha256sum "ngtcp2" "$NGTCP2_ZIP.zip"
4751
unzip "$NGTCP2_ZIP.zip"
4852
rm "$NGTCP2_ZIP.zip"
4953
mv "$NGTCP2_ZIP" ngtcp2
Collapse file

‎tools/dep_updaters/update-npm.sh‎

Copy file name to clipboardExpand all lines: tools/dep_updaters/update-npm.sh
+6-1Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ DEPS_DIR="$BASE_DIR/deps"
77
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
88
[ -x "$NODE" ] || NODE=$(command -v node)
99

10+
# shellcheck disable=SC1091
11+
. "$BASE_DIR/tools/dep_updaters/utils.sh"
12+
1013
NPM="$DEPS_DIR/npm/bin/npm-cli.js"
1114

1215
NPM_VERSION=$1
@@ -30,12 +33,14 @@ trap cleanup INT TERM EXIT
3033

3134
cd "$WORKSPACE"
3235

33-
NPM_TGZ=npm.tgz
36+
NPM_TGZ="npm-v$NPM_VERSION.tar.gz"
3437

3538
NPM_TARBALL="$($NODE "$NPM" view npm@"$NPM_VERSION" dist.tarball)"
3639

3740
curl -s "$NPM_TARBALL" > "$NPM_TGZ"
3841

42+
log_and_verify_sha256sum "npm" "$NPM_TGZ"
43+
3944
rm -rf "$DEPS_DIR/npm"
4045

4146
mkdir "$DEPS_DIR/npm"

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.