From 39d14530ff7483a8a5e8ac7b003b45dd4d55acaf Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Thu, 28 Jan 2021 08:56:45 -0800 Subject: [PATCH] Add a check for all URLs in the package file (#7848) Avoid issues like #7847 by downloading and checking SHA for each file in the package.json bundle. --- .github/workflows/pull-request.yml | 1 + tests/ci/eboot_test.sh | 0 tests/ci/pkgrefs_test.sh | 24 ++++++++++++++++++++++++ 3 files changed, 25 insertions(+) mode change 100644 => 100755 tests/ci/eboot_test.sh create mode 100755 tests/ci/pkgrefs_test.sh diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 5369369ec..598867826 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -268,3 +268,4 @@ jobs: run: | bash ./tests/ci/build_boards.sh bash ./tests/ci/eboot_test.sh + bash ./tests/ci/pkgrefs_test.sh diff --git a/tests/ci/eboot_test.sh b/tests/ci/eboot_test.sh old mode 100644 new mode 100755 diff --git a/tests/ci/pkgrefs_test.sh b/tests/ci/pkgrefs_test.sh new file mode 100755 index 000000000..ea4f1c235 --- /dev/null +++ b/tests/ci/pkgrefs_test.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +set -ev + +fail=0 +for i in $(cat "$TRAVIS_BUILD_DIR/package/package_esp8266com_index.template.json" | jq '.packages[0]."tools" | .[] | .systems[] | "\(.url) \(.checksum)"' | sort -u | sed 's/ /@/'); do + url=$(echo $i | sed 's/@/ /' | cut -f2 -d\" | cut -f1 -d' ') + sha=$(echo $i | sed 's/@/ /' | cut -f2 -d\" | cut -f2 -d' ' | cut -f2 -d:) + echo "INFO: Checking $url" + rm -f file.bin + wget --quiet -O file.bin $url + calc=$(sha256sum file.bin | cut -f1 -d" ") + if [ "$sha" != "$calc" ]; then + echo "ERROR: Download failed or SHA mismatch for $url" + echo "ERROR: Expected $sha" + echo "ERROR: Received $calc" + fail=1 + fi +done + +if [ $fail -ne 0 ]; then + echo ERROR: Package file integrity check failed + exit 1 +fi