From mboxrd@z Thu Jan 1 00:00:00 1970 From: john at keeping.me.uk (John Keeping) Date: Sat, 7 Mar 2015 14:46:41 +0000 Subject: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading Message-ID: <0146555fda82120aa6ff6a7e9761d00d53ced865.1425739601.git.john@keeping.me.uk> This requires that we save the downloaded file explicitly rather than piping it straight to tar, but that is advisable anyway since it allows us to check the exit status of curl and make sure that we have downloaded the file successfully. Also add a test to make sure we don't forget to update the file when updating our Git version in the future. Signed-off-by: John Keeping --- Makefile | 8 ++++++-- git.sha256sum | 1 + tests/t0001-validate-git-versions.sh | 11 +++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 git.sha256sum diff --git a/Makefile b/Makefile index ed329e8..807879f 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,8 @@ pdfdir = $(docdir) mandir = $(prefix)/share/man SHA1_HEADER = GIT_VER = 2.3.2 -GIT_URL = https://www.kernel.org/pub/software/scm/git/git-$(GIT_VER).tar.gz +GIT_FILE = git-$(GIT_VER).tar.gz +GIT_URL = https://www.kernel.org/pub/software/scm/git/$(GIT_FILE) INSTALL = install COPYTREE = cp -r MAN5_TXT = $(wildcard *.5.txt) @@ -146,7 +147,10 @@ clean-doc: $(RM) cgitrc.5 cgitrc.5.html cgitrc.5.pdf cgitrc.5.xml cgitrc.5.fo get-git: - curl -L $(GIT_URL) | tar -xzf - && rm -rf git && mv git-$(GIT_VER) git + curl -L $(GIT_URL) --output $(GIT_FILE) && \ + sha256sum --check git.sha256sum && \ + tar -xzf $(GIT_FILE) && \ + rm -rf git && mv git-$(GIT_VER) git tags: $(QUIET_TAGS)find . -name '*.[ch]' | xargs ctags diff --git a/git.sha256sum b/git.sha256sum new file mode 100644 index 0000000..1214d3d --- /dev/null +++ b/git.sha256sum @@ -0,0 +1 @@ +a35aea3a0f63f4cc3dd38fa32127e97273f335a14ea2586b649eb759ecf675a3 git-2.3.2.tar.gz diff --git a/tests/t0001-validate-git-versions.sh b/tests/t0001-validate-git-versions.sh index a65b35e..3325c77 100755 --- a/tests/t0001-validate-git-versions.sh +++ b/tests/t0001-validate-git-versions.sh @@ -9,6 +9,12 @@ test_expect_success 'extract Git version from Makefile' ' s/^GIT_VER[ ]*=[ ]*// p }" ../../Makefile >makefile_version + GIT_VER=$(cat makefile_version) + sed -n -e "/^GIT_FILE[ ]*=/ { + s/^GIT_FILE[ ]*=[ ]*// + s/\$(GIT_VER)/$GIT_VER/ + p + }" ../../Makefile >makefile_file ' # Note that Git's GIT-VERSION-GEN script applies "s/-/./g" to the version @@ -38,4 +44,9 @@ test_expect_success 'test submodule version matches Makefile' ' fi ' +test_expect_success 'git.sha256sum version matches Makefile' ' + sed -e "s/[0-9a-z]* *//" ../../git.sha256sum >sha256sum_file + test_cmp sha256sum_file makefile_file +' + test_done -- 2.3.1.308.g754cd77