From efd438e9369760bd78387601d5be6a272ab05ca5 Mon Sep 17 00:00:00 2001 From: LoRd_MuldeR Date: Sat, 17 Feb 2024 15:36:14 +0100 Subject: [PATCH] Implemented checksum verification of downloaded packages. --- build.sh | 77 ++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 55 insertions(+), 22 deletions(-) diff --git a/build.sh b/build.sh index b77ad76..927fb6a 100644 --- a/build.sh +++ b/build.sh @@ -13,6 +13,10 @@ trap 'read -p "Press any key..." x' EXIT # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ readonly MY_VERSION=8.6.0 +############################################################################### +# PREPARATION +############################################################################### + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Check bash version # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -87,6 +91,8 @@ mv -n "${TEMP_FILE}" "${LOCK_FILE}"; rm -f "${TEMP_FILE}" if [ "$(sed '/^$/d' "${LOCK_FILE}" | head -n1)" != "${SIGNATURE}" ] ; then echo 'Error: Build process is already in progress !!!' exit 1 +else + trap "rm -f \"${LOCK_FILE}\"; read -p \"Press any key...\" x" EXIT fi # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -97,35 +103,56 @@ exec &> >(tee "${BASE_DIR}/build/curl_build-${MY_CPU}.log") # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Initialize paths # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -echo "Initializing paths and cleaning up old files, please wait..." readonly WORK_DIR="${BASE_DIR}/build/${MY_CPU}" readonly PKGS_DIR="${WORK_DIR}/_pkgs" readonly DEPS_DIR="${WORK_DIR}/_deps" -rm -rf "${WORK_DIR}" && mkdir -p "${WORK_DIR}" -rm -rf "${PKGS_DIR}" && mkdir -p "${PKGS_DIR}" -rm -rf "${DEPS_DIR}" && mkdir -p "${DEPS_DIR}/bin" "${DEPS_DIR}/include" "${DEPS_DIR}/lib/pkgconfig" "${DEPS_DIR}/share" +for i in {1..12}; do rm -rf "${WORK_DIR}" && break; done +mkdir -v "${WORK_DIR}" +mkdir -p "${PKGS_DIR}" "${DEPS_DIR}/bin" "${DEPS_DIR}/include" "${DEPS_DIR}/lib/pkgconfig" "${DEPS_DIR}/share" + +############################################################################### +# DOWNLOAD SOURCES +############################################################################### + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# Helper function +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +function fetch_pkg () { + if ! wget -4 --tries=8 --retry-connrefused -O "${2}" "${3}"; then + return 1 + fi + local checksum_computed="$(sha256sum -b "${2}" | head -n 1 | grep -Po '^[[:xdigit:]]+')" + if ! [[ "${checksum_computed,,}" == "${1,,}" || "${1}" =~ ^z{64} ]]; then + printf "Checksum mismatch detected!\n* Expected: %s\n* Computed: %s\n" "${1,,}" "${checksum_computed,,}" + return 1 + fi +} # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Download # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ printf "\n==================== download ====================\n\n" -wget -4 -O "${PKGS_DIR}/zlib.tar.gz" https://zlib.net/zlib-1.3.1.tar.gz -wget -4 -O "${PKGS_DIR}/zstd.tar.gz" https://github.com/facebook/zstd/releases/download/v1.5.5/zstd-1.5.5.tar.gz -wget -4 -O "${PKGS_DIR}/brotli.tar.gz" https://github.com/google/brotli/archive/refs/tags/v1.1.0.tar.gz -wget -4 -O "${PKGS_DIR}/openssl.tar.gz" https://github.com/quictls/openssl/archive/refs/heads/OpenSSL_1_1_1w+quic.tar.gz -wget -4 -O "${PKGS_DIR}/rtmpdump.tar.gz" https://distfiles.macports.org/rtmpdump/f1b83c10d8beb43fcc70a6e88cf4325499f25857.tar.gz -wget -4 -O "${PKGS_DIR}/libiconv.tar.gz" https://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.17.tar.gz -wget -4 -O "${PKGS_DIR}/gettext.tar.gz" https://ftp.gnu.org/pub/gnu/gettext/gettext-0.22.4.tar.gz -wget -4 -O "${PKGS_DIR}/libssh2.tar.gz" https://www.libssh2.org/download/libssh2-1.11.0.tar.gz -wget -4 -O "${PKGS_DIR}/nghttp2.tar.gz" https://github.com/nghttp2/nghttp2/releases/download/v1.59.0/nghttp2-1.59.0.tar.gz -wget -4 -O "${PKGS_DIR}/nghttp3.tar.gz" https://github.com/ngtcp2/nghttp3/releases/download/v1.1.0/nghttp3-1.1.0.tar.gz -wget -4 -O "${PKGS_DIR}/ngtcp2.tar.gz" https://github.com/ngtcp2/ngtcp2/releases/download/v1.2.0/ngtcp2-1.2.0.tar.gz -wget -4 -O "${PKGS_DIR}/libidn2.tar.gz" https://ftp.gnu.org/gnu/libidn/libidn2-2.3.7.tar.gz -wget -4 -O "${PKGS_DIR}/libpsl.tar.gz" https://github.com/rockdaboot/libpsl/releases/download/0.21.5/libpsl-0.21.5.tar.gz -wget -4 -O "${PKGS_DIR}/libgsasl.tar.gz" https://ftp.gnu.org/gnu/gsasl/libgsasl-1.10.0.tar.gz -wget -4 -O "${PKGS_DIR}/curl.tar.gz" https://curl.se/download/curl-${MY_VERSION}.tar.gz -wget -4 -O "${PKGS_DIR}/cacert.pem" https://curl.se/ca/cacert.pem -wget -4 -O "${PKGS_DIR}/manpage.html" https://curl.se/docs/manpage.html +fetch_pkg "9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23" "${PKGS_DIR}/zlib.tar.gz" https://zlib.net/zlib-1.3.1.tar.gz +fetch_pkg "9c4396cc829cfae319a6e2615202e82aad41372073482fce286fac78646d3ee4" "${PKGS_DIR}/zstd.tar.gz" https://github.com/facebook/zstd/releases/download/v1.5.5/zstd-1.5.5.tar.gz +fetch_pkg "e720a6ca29428b803f4ad165371771f5398faba397edf6778837a18599ea13ff" "${PKGS_DIR}/brotli.tar.gz" https://github.com/google/brotli/archive/refs/tags/v1.1.0.tar.gz +fetch_pkg "53d088f912081622bde63533ac0dfc77688620bb7730370ad586259f2a89c36a" "${PKGS_DIR}/openssl.tar.gz" https://github.com/quictls/openssl/archive/refs/heads/OpenSSL_1_1_1w+quic.tar.gz +fetch_pkg "c68e05989a93c002e3ba8df3baef0021c17099aa2123a9c096a5cc8e029caf95" "${PKGS_DIR}/rtmpdump.tar.gz" https://distfiles.macports.org/rtmpdump/f1b83c10d8beb43fcc70a6e88cf4325499f25857.tar.gz +fetch_pkg "8f74213b56238c85a50a5329f77e06198771e70dd9a739779f4c02f65d971313" "${PKGS_DIR}/libiconv.tar.gz" https://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.17.tar.gz +fetch_pkg "c1e0bb2a4427a9024390c662cd532d664c4b36b8ff444ed5e54b115fdb7a1aea" "${PKGS_DIR}/gettext.tar.gz" https://ftp.gnu.org/pub/gnu/gettext/gettext-0.22.4.tar.gz +fetch_pkg "3736161e41e2693324deb38c26cfdc3efe6209d634ba4258db1cecff6a5ad461" "${PKGS_DIR}/libssh2.tar.gz" https://www.libssh2.org/download/libssh2-1.11.0.tar.gz +fetch_pkg "90fd27685120404544e96a60ed40398a3457102840c38e7215dc6dec8684470f" "${PKGS_DIR}/nghttp2.tar.gz" https://github.com/nghttp2/nghttp2/releases/download/v1.59.0/nghttp2-1.59.0.tar.gz +fetch_pkg "a528659510faa79d1de3ee18c61a4ee03952cb7b230c8042a57280c56d53fbbb" "${PKGS_DIR}/nghttp3.tar.gz" https://github.com/ngtcp2/nghttp3/releases/download/v1.1.0/nghttp3-1.1.0.tar.gz +fetch_pkg "303ae7d23721b3631ae52dbe3e05cced9ac59aa49d3eb21f8cdb1548a0522be8" "${PKGS_DIR}/ngtcp2.tar.gz" https://github.com/ngtcp2/ngtcp2/releases/download/v1.2.0/ngtcp2-1.2.0.tar.gz +fetch_pkg "4c21a791b610b9519b9d0e12b8097bf2f359b12f8dd92647611a929e6bfd7d64" "${PKGS_DIR}/libidn2.tar.gz" https://ftp.gnu.org/gnu/libidn/libidn2-2.3.7.tar.gz +fetch_pkg "1dcc9ceae8b128f3c0b3f654decd0e1e891afc6ff81098f227ef260449dae208" "${PKGS_DIR}/libpsl.tar.gz" https://github.com/rockdaboot/libpsl/releases/download/0.21.5/libpsl-0.21.5.tar.gz +fetch_pkg "f1b553384dedbd87478449775546a358d6f5140c15cccc8fb574136fdc77329f" "${PKGS_DIR}/libgsasl.tar.gz" https://ftp.gnu.org/gnu/gsasl/libgsasl-1.10.0.tar.gz +fetch_pkg "9c6db808160015f30f3c656c0dec125feb9dc00753596bf858a272b5dd8dc398" "${PKGS_DIR}/curl.tar.gz" https://curl.se/download/curl-${MY_VERSION}.tar.gz +fetch_pkg "ccbdfc2fe1a0d7bbbb9cc15710271acf1bb1afe4c8f1725fe95c4c7733fcbe5a" "${PKGS_DIR}/cacert.pem" https://curl.se/ca/cacert-2023-12-12.pem +fetch_pkg "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" "${PKGS_DIR}/manpage.html" https://curl.se/docs/manpage.html + +############################################################################### +# BUILD DEPENDENCIES +############################################################################### # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # zlib @@ -322,6 +349,10 @@ make V=1 strip -s src/curl.exe popd +############################################################################### +# CREATE RELEASE FILES +############################################################################### + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Output # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -376,5 +407,7 @@ rm -rf "${zfile}" && zip -v -r -9 "${zfile}" "." chmod 444 "${zfile}" popd +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# Complete +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ printf "\nCompleted.\n\n" -rm -f "${LOCK_FILE}"