choco: add instructions to verify the hashes of embedded files

adds makefile target to generate the VERIFICATION.txt and LICENSE.txt
files in the required format

LICENSE.txt should contain a From: <LICENSE file URL> at the top

VERIFICATION.txt should contains steps to verify the hashes of the
embedded files as well as their hashes

Makefile

@@ -402,11 +402,25 @@ $(BUILD_DIR)/windows-amd64/crc-windows-installer.zip: $(BUILD_DIR)/windows-amd64
 
 .PHONY: choco choco-clean
 CHOCO_PKG_DIR = packaging/chocolatey/crc
-choco: clean choco-clean $(BUILD_DIR)/windows-amd64/crc.exe $(HOST_BUILD_DIR)/crc-embedder $(CHOCO_PKG_DIR)/crc.nuspec
+$(CHOCO_PKG_DIR)/tools/crc-admin-helper-windows.exe: $(HOST_BUILD_DIR)/crc-embedder
 	$(HOST_BUILD_DIR)/crc-embedder download --goos=windows --components=admin-helper $(CHOCO_PKG_DIR)/tools
+choco: clean choco-clean $(BUILD_DIR)/windows-amd64/crc.exe $(CHOCO_PKG_DIR)/tools/crc-admin-helper-windows.exe $(CHOCO_PKG_DIR)/crc.nuspec $(CHOCO_PKG_DIR)/VERIFICATION.txt
 	cp $(BUILD_DIR)/windows-amd64/crc.exe $(CHOCO_PKG_DIR)/tools/crc.exe
-	cp LICENSE $(CHOCO_PKG_DIR)/tools/LICENSE.txt
+	mv $(CHOCO_PKG_DIR)/VERIFICATION.txt $(CHOCO_PKG_DIR)/tools/VERIFICATION.txt
+	powershell.exe -NoProfile -Command "@('From: https://github.com/crc-org/crc/blob/main/LICENSE') + (Get-Content 'LICENSE') | Set-Content $(CHOCO_PKG_DIR)/tools/LICENSE.txt"
 	cd $(CHOCO_PKG_DIR) && choco pack
 choco-clean:
 	rm -f $(CHOCO_PKG_DIR)/*.nupkg
 	rm -f $(CHOCO_PKG_DIR)/tools/*.exe
+	rm -f $(CHOCO_PKG_DIR)/crc.nuspec
+	rm -f $(CHOCO_PKG_DIR)/tools/VERIFICATION.txt
+
+ADMIN_HELPER_HASH = $(shell powershell.exe -NoProfile -Command "Get-FileHash -Algorithm SHA256 $(CHOCO_PKG_DIR)/tools/crc-admin-helper-windows.exe | Select-Object -ExpandProperty Hash")
+HELPER_SCRIPT_HASH = $(shell powershell.exe -NoProfile -Command "Get-FileHash -Algorithm SHA256 $(CHOCO_PKG_DIR)/tools/crcprerequisitesetup.ps1 | Select-Object -ExpandProperty Hash")
+# todo: retreive this dynamically instead of setting here
+ADMIN_HELPER_VERSION = 0.0.12
+%.txt: %.txt.in
+	@sed -e 's/__ADMIN_HELPER_CHECKSUM__/'$(ADMIN_HELPER_HASH)'/g' \
+		 -e 's/__HELPER_SCRIPT_CHECKSUM__/'$(HELPER_SCRIPT_HASH)'/g' \
+		 -e 's/__ADMIN_HELPER_VERSION__/'$(ADMIN_HELPER_VERSION)'/g' \
+	     $< >$@

packaging/.gitignore

@@ -15,3 +15,5 @@
 /chocolatey/crc/crc.nuspec
 /chocolatey/crc/tools/*.exe
 /chocolatey/crc/tools/LICENSE.txt
+/chocolatey/crc/VERIFICATION.txt
+/chocolatey/crc/tools/VERIFICATION.txt

packaging/chocolatey/crc/VERIFICATION.txt.in

@@ -0,0 +1,23 @@
+VERIFICATION
+
+Verification is intended to assist the Chocolatey moderators and community
+in verifying that this package's contents are trustworthy.
+
+This package is published by the CRC project itself.
+
+There are two embedded files in the package, those can be verified like this:
+
+1. crc.exe
+    - crc.exe is built from source while building the chocolatey package, the chocolatey package specific files lives in the same
+      git repo as the CRC project at: https://github.com/crc-org/crc/tree/main/packaging/chocolatey/crc
+      the chocolatey package is also published by CRC project itself.
+
+2. crc-admin-helper-windows.exe
+    - Go to https://github.com/crc-org/admin-helper/releases/download/v__ADMIN_HELPER_VERSION__/crc-admin-helper-windows.exe to download the binary
+    - User posh cmdlet 'Get-FileHash -Algorithm SHA256' to obtain the hash for the downloaded binary
+    - Checksum SHA256: __ADMIN_HELPER_CHECKSUM__
+
+3. crcprerequisitesetup.ps1
+    - Go to https://github.com/crc-org/crc/raw/main/packaging/chocolatey/crc/tools/crcprerequisitesetup.ps1 to download the script
+    - User posh cmdlet 'Get-FileHash -Algorithm SHA256' to obtain the hash for the downloaded script
+    - Checksum SHA256: __HELPER_SCRIPT_CHECKSUM__