Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tools: log and check shasum of archive file #48088

Merged
merged 1 commit into from
May 25, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion tools/dep_updaters/update-ada.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/ada-url/ada/releases/latest');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -37,13 +40,14 @@ cleanup () {
trap cleanup INT TERM EXIT

ADA_REF="v$NEW_VERSION"
ADA_ZIP="ada-$NEW_VERSION.zip"
ADA_ZIP="ada-$ADA_REF.zip"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this change? It doesnt seem related to the PR

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For consistency with the other deps that logs the checksum in the format SHA256 (packagename-v1.0.0.zip) = abc123 for e.g. SHA256 (ada-v2.4.2.zip) = 1c1d96f27307b6f7bd21af87d10d528207f44e904f77a550837037e9def06607

ADA_LICENSE="LICENSE-MIT"

cd "$WORKSPACE"

echo "Fetching ada source archive..."
curl -sL -o "$ADA_ZIP" "https://github.com/ada-url/ada/releases/download/$ADA_REF/singleheader.zip"
log_and_verify_sha256sum "ada" "$ADA_ZIP"
unzip "$ADA_ZIP"
rm "$ADA_ZIP"

Expand Down
10 changes: 9 additions & 1 deletion tools/dep_updaters/update-base64.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/aklomp/base64/releases/latest');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -39,8 +42,13 @@ trap cleanup INT TERM EXIT

cd "$WORKSPACE"

BASE64_TARBALL="base64-v$NEW_VERSION.tar.gz"

echo "Fetching base64 source archive"
curl -sL "https://api.github.com/repos/aklomp/base64/tarball/v$NEW_VERSION" | tar xzf -
curl -sL -o "$BASE64_TARBALL" "https://api.github.com/repos/aklomp/base64/tarball/v$NEW_VERSION"
log_and_verify_sha256sum "base64" "$BASE64_TARBALL"
gzip -dc "$BASE64_TARBALL" | tar xf -
rm "$BASE64_TARBALL"
mv aklomp-base64-* base64

echo "Replacing existing base64"
Expand Down
8 changes: 6 additions & 2 deletions tools/dep_updaters/update-brotli.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/google/brotli/releases/latest');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -44,10 +47,11 @@ trap cleanup INT TERM EXIT

cd "$WORKSPACE"

BROTLI_TARBALL="v$NEW_VERSION.tar.gz"
BROTLI_TARBALL="brotli-v$NEW_VERSION.tar.gz"

echo "Fetching brotli source archive"
curl -sL -o "$BROTLI_TARBALL" "https://github.com/google/brotli/archive/$BROTLI_TARBALL"
curl -sL -o "$BROTLI_TARBALL" "https://github.com/google/brotli/archive/v$NEW_VERSION.tar.gz"
log_and_verify_sha256sum "brotli" "$BROTLI_TARBALL"
gzip -dc "$BROTLI_TARBALL" | tar xf -
rm "$BROTLI_TARBALL"
mv "brotli-$NEW_VERSION" "brotli"
Expand Down
8 changes: 7 additions & 1 deletion tools/dep_updaters/update-c-ares.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/c-ares/c-ares/releases/latest');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -43,7 +46,10 @@ ARES_TARBALL="c-ares-$NEW_VERSION.tar.gz"
cd "$WORKSPACE"

echo "Fetching c-ares source archive"
curl -sL "https://github.com/c-ares/c-ares/releases/download/$ARES_REF/$ARES_TARBALL" | tar xz
curl -sL -o "$ARES_TARBALL" "https://github.com/c-ares/c-ares/releases/download/$ARES_REF/$ARES_TARBALL"
log_and_verify_sha256sum "c-ares" "$ARES_TARBALL"
gzip -dc "$ARES_TARBALL" | tar xf -
rm "$ARES_TARBALL"
mv "c-ares-$NEW_VERSION" cares

echo "Removing tests"
Expand Down
10 changes: 9 additions & 1 deletion tools/dep_updaters/update-libuv.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/libuv/libuv/releases/latest');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -46,8 +49,13 @@ trap cleanup INT TERM EXIT

cd "$WORKSPACE"

LIBUV_TARBALL="libuv-v$NEW_VERSION.tar.gz"

echo "Fetching libuv source archive..."
curl -sL "https://api.github.com/repos/libuv/libuv/tarball/v$NEW_VERSION" | tar xzf -
curl -sL -o "$LIBUV_TARBALL" "https://api.github.com/repos/libuv/libuv/tarball/v$NEW_VERSION"
log_and_verify_sha256sum "libuv" "$LIBUV_TARBALL"
gzip -dc "$LIBUV_TARBALL" | tar xf -
rm "$LIBUV_TARBALL"
mv libuv-libuv-* uv

echo "Replacing existing libuv (except GYP build files)"
Expand Down
14 changes: 9 additions & 5 deletions tools/dep_updaters/update-llhttp.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ DEPS_DIR="${BASE_DIR}/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/nodejs/llhttp/releases/latest');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -52,19 +55,20 @@ if echo "$NEW_VERSION" | grep -qs "/" ; then # Download a release
echo "Checking out branch $BRANCH ..."
git checkout "$BRANCH"

echo "Building llhtttp ..."
echo "Building llhttp ..."
npm install
make release

echo "Copying llhtttp release ..."
echo "Copying llhttp release ..."
rm -rf "$DEPS_DIR/llhttp"
cp -a release "$DEPS_DIR/llhttp"
else
echo "Download llhttp release $NEW_VERSION ..."
curl -sL -o llhttp.tar.gz "https://github.com/nodejs/llhttp/archive/refs/tags/release/v$NEW_VERSION.tar.gz"
gzip -dc llhttp.tar.gz | tar xf -
LLHTTP_TARBALL="llhttp-v$NEW_VERSION.tar.gz"
curl -sL -o "$LLHTTP_TARBALL" "https://github.com/nodejs/llhttp/archive/refs/tags/release/v$NEW_VERSION.tar.gz"
gzip -dc "$LLHTTP_TARBALL" | tar xf -

echo "Copying llhtttp release ..."
echo "Copying llhttp release ..."
rm -rf "$DEPS_DIR/llhttp"
cp -a "llhttp-release-v$NEW_VERSION" "$DEPS_DIR/llhttp"
fi
Expand Down
8 changes: 8 additions & 0 deletions tools/dep_updaters/update-nghttp2.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/nghttp2/nghttp2/releases/latest');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -44,6 +47,11 @@ cd "$WORKSPACE"

echo "Fetching nghttp2 source archive"
curl -sL -o "$NGHTTP2_TARBALL" "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/$NGHTTP2_TARBALL"

DEPOSITED_CHECKSUM=$(curl -sL "https://github.com/nghttp2/nghttp2/releases/download/$NGHTTP2_REF/checksums.txt" | grep "$NGHTTP2_TARBALL")

log_and_verify_sha256sum "nghttp2" "$NGHTTP2_TARBALL" "$DEPOSITED_CHECKSUM"

gzip -dc "$NGHTTP2_TARBALL" | tar xf -
rm "$NGHTTP2_TARBALL"
mv "nghttp2-$NEW_VERSION" nghttp2
Expand Down
4 changes: 4 additions & 0 deletions tools/dep_updaters/update-nghttp3.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/ngtcp2/nghttp3/releases');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -44,6 +47,7 @@ cd "$WORKSPACE"

echo "Fetching nghttp3 source archive..."
curl -sL -o "$NGHTTP3_ZIP.zip" "https://github.com/ngtcp2/nghttp3/archive/refs/tags/$NGHTTP3_REF.zip"
log_and_verify_sha256sum "nghttp3" "$NGHTTP3_ZIP.zip"
unzip "$NGHTTP3_ZIP.zip"
rm "$NGHTTP3_ZIP.zip"
mv "$NGHTTP3_ZIP" nghttp3
Expand Down
4 changes: 4 additions & 0 deletions tools/dep_updaters/update-ngtcp2.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/ngtcp2/ngtcp2/releases');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -44,6 +47,7 @@ cd "$WORKSPACE"

echo "Fetching ngtcp2 source archive..."
curl -sL -o "$NGTCP2_ZIP.zip" "https://github.com/ngtcp2/ngtcp2/archive/refs/tags/$NGTCP2_REF.zip"
log_and_verify_sha256sum "ngtcp2" "$NGTCP2_ZIP.zip"
unzip "$NGTCP2_ZIP.zip"
rm "$NGTCP2_ZIP.zip"
mv "$NGTCP2_ZIP" ngtcp2
Expand Down
7 changes: 6 additions & 1 deletion tools/dep_updaters/update-npm.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NPM="$DEPS_DIR/npm/bin/npm-cli.js"

NPM_VERSION=$1
Expand All @@ -30,12 +33,14 @@ trap cleanup INT TERM EXIT

cd "$WORKSPACE"

NPM_TGZ=npm.tgz
NPM_TGZ="npm-v$NPM_VERSION.tar.gz"

NPM_TARBALL="$($NODE "$NPM" view npm@"$NPM_VERSION" dist.tarball)"

curl -s "$NPM_TARBALL" > "$NPM_TGZ"

log_and_verify_sha256sum "npm" "$NPM_TGZ"

rm -rf "$DEPS_DIR/npm"

mkdir "$DEPS_DIR/npm"
Expand Down
8 changes: 7 additions & 1 deletion tools/dep_updaters/update-openssl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,17 @@ download() {
echo "Making temporary workspace..."
WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp')

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

cd "$WORKSPACE"

echo "Fetching OpenSSL source archive..."
curl -sL "https://api.github.com/repos/quictls/openssl/tarball/openssl-$OPENSSL_VERSION" | tar xzf -
OPENSSL_TARBALL="openssl-v$OPENSSL_VERSION.tar.gz"
curl -sL -o "$OPENSSL_TARBALL" "https://api.github.com/repos/quictls/openssl/tarball/openssl-$OPENSSL_VERSION"
log_and_verify_sha256sum "openssl" "$OPENSSL_TARBALL"
gzip -dc "$OPENSSL_TARBALL" | tar xf -
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity, why the explicit gzip processes instead of tar z?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's more portable. Some non-GNU versions of tar (e.g. on AIX) do not support -z.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. I assumed these would only have to work under ubuntu-latest compatible systems, but if we want to aim for portability with other systems, that makes sense. FWIW, the command I suggested (sha256sum --tag) also won't work with some non-GNU systems (yet I prefer it over the more portable output format).

rm "$OPENSSL_TARBALL"
mv quictls-openssl-* openssl

echo "Replacing existing OpenSSL..."
Expand Down
6 changes: 5 additions & 1 deletion tools/dep_updaters/update-simdutf.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/simdutf/simdutf/releases/latest');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -36,13 +39,14 @@ cleanup () {
trap cleanup INT TERM EXIT

SIMDUTF_REF="v$NEW_VERSION"
SIMDUTF_ZIP="simdutf-$NEW_VERSION.zip"
SIMDUTF_ZIP="simdutf-$SIMDUTF_REF.zip"
SIMDUTF_LICENSE="LICENSE-MIT"

cd "$WORKSPACE"

echo "Fetching simdutf source archive..."
curl -sL -o "$SIMDUTF_ZIP" "https://github.com/simdutf/simdutf/releases/download/$SIMDUTF_REF/singleheader.zip"
log_and_verify_sha256sum "simdutf" "$SIMDUTF_ZIP"
unzip "$SIMDUTF_ZIP"
rm "$SIMDUTF_ZIP"
rm ./*_demo.cpp
Expand Down
5 changes: 5 additions & 0 deletions tools/dep_updaters/update-uvwasi.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ DEPS_DIR="$BASE_DIR/deps"
[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
[ -x "$NODE" ] || NODE=$(command -v node)

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
const res = await fetch('https://api.github.com/repos/nodejs/uvwasi/releases/latest');
if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
Expand Down Expand Up @@ -46,6 +49,8 @@ cd "$WORKSPACE"
echo "Fetching UVWASI source archive..."
curl -sL -o "$UVWASI_ZIP.zip" "https://github.com/nodejs/uvwasi/archive/refs/tags/v$NEW_VERSION.zip"

log_and_verify_sha256sum "uvwasi" "$UVWASI_ZIP.zip"

echo "Moving existing GYP build file"
mv "$DEPS_DIR/uvwasi/"*.gyp "$WORKSPACE/"
rm -rf "$DEPS_DIR/uvwasi/"
Expand Down
9 changes: 7 additions & 2 deletions tools/dep_updaters/update-zlib.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ set -e
BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd)
DEPS_DIR="$BASE_DIR/deps"

# shellcheck disable=SC1091
. "$BASE_DIR/tools/dep_updaters/utils.sh"

echo "Comparing latest upstream with current revision"

git fetch https://chromium.googlesource.com/chromium/src/third_party/zlib.git HEAD
Expand Down Expand Up @@ -49,10 +52,12 @@ cd "$WORKSPACE"

mkdir zlib

ZLIB_TARBALL=zlib.tar.gz
ZLIB_TARBALL="zlib-v$NEW_VERSION.tar.gz"

echo "Fetching zlib source archive"
curl -sL -o $ZLIB_TARBALL https://chromium.googlesource.com/chromium/src/+archive/refs/heads/main/third_party/$ZLIB_TARBALL
curl -sL -o "$ZLIB_TARBALL" https://chromium.googlesource.com/chromium/src/+archive/refs/heads/main/third_party/zlib.tar.gz

log_and_verify_sha256sum "zlib" "$ZLIB_TARBALL"

gzip -dc "$ZLIB_TARBALL" | tar xf - -C zlib/

Expand Down
30 changes: 30 additions & 0 deletions tools/dep_updaters/utils.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/bin/sh

# This function logs the archive checksum and, if provided, compares it with
# the deposited checksum
#
# $1 is the package name e.g. 'acorn', 'ada', 'base64' etc. See that file
# for a complete list of package name
# $2 is the downloaded archive
# $3 (optional) is the deposited sha256 cheksum. When provided, it is checked
# against the checksum generated from the archive
log_and_verify_sha256sum() {
package_name="$1"
archive="$2"
checksum="$3"
bsd_formatted_checksum=$(sha256sum --tag "$archive")
if [ -z "$3" ]; then
echo "$bsd_formatted_checksum"
else
archive_checksum=$(sha256sum "$archive")
if [ "$checksum" = "$archive_checksum" ]; then
echo "Valid $package_name checksum"
echo "$bsd_formatted_checksum"
else
echo "ERROR - Invalid $package_name checksum:"
echo "deposited: $checksum"
echo "generated: $archive_checksum"
exit 1
fi
fi
}