Skip to content

Commit 70601b8

Browse files
ManishearthManishearth
committed
Rollup merge of rust-lang#32926 - caipre:rustbuild-verify-download, r=alexcrichton
rustbuild: Verify sha256 of downloaded tarballs Here's a quick first pass at this. I don't use Python often enough to claim that this is totally Pythonic. I've left off some (almost certainly unnecessary) error handling regarding opening and processing files. The whole tarball is read into memory to calculate the hash, but the file isn't *so* large so that should be fine. I don't care for the output from `raise RuntimeError`, but that's how `run()` does it so I'm following precedent. Tested by manually changing the value of `expected`, and by modifying the tarball then forcing `rustc_out_of_date()`. Both cases tripped the error. Closes rust-lang#32902
2 parents 6a0cfbc + e0f997d commit 70601b8

File tree

1 file changed

+40
-13
lines changed

1 file changed

+40
-13
lines changed

src/bootstrap/bootstrap.py

Lines changed: 40 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010

1111
import argparse
1212
import contextlib
13+
import hashlib
1314
import os
1415
import shutil
1516
import subprocess
@@ -18,13 +19,29 @@
1819

1920
def get(url, path, verbose=False):
2021
print("downloading " + url)
21-
# see http://serverfault.com/questions/301128/how-to-download
22-
if sys.platform == 'win32':
23-
run(["PowerShell.exe", "/nologo", "-Command",
24-
"(New-Object System.Net.WebClient).DownloadFile('" + url +
25-
"', '" + path + "')"], verbose=verbose)
26-
else:
27-
run(["curl", "-o", path, url], verbose=verbose)
22+
sha_url = url + ".sha256"
23+
sha_path = path + ".sha256"
24+
for _url, _path in ((url, path), (sha_url, sha_path)):
25+
# see http://serverfault.com/questions/301128/how-to-download
26+
if sys.platform == 'win32':
27+
run(["PowerShell.exe", "/nologo", "-Command",
28+
"(New-Object System.Net.WebClient)"
29+
".DownloadFile('{}', '{}')".format(_url, _path)],
30+
verbose=verbose)
31+
else:
32+
run(["curl", "-o", _path, _url], verbose=verbose)
33+
print("verifying " + path)
34+
with open(path, "rb") as f:
35+
found = hashlib.sha256(f.read()).hexdigest()
36+
with open(sha_path, "r") as f:
37+
expected, _ = f.readline().split()
38+
if found != expected:
39+
err = ("invalid checksum:\n"
40+
" found: {}\n"
41+
" expected: {}".format(found, expected))
42+
if verbose:
43+
raise RuntimeError(err)
44+
sys.exit(err)
2845

2946
def unpack(tarball, dst, verbose=False, match=None):
3047
print("extracting " + tarball)
@@ -57,9 +74,10 @@ def run(args, verbose=False):
5774
ret = subprocess.Popen(args)
5875
code = ret.wait()
5976
if code != 0:
60-
if not verbose:
61-
print("failed to run: " + ' '.join(args))
62-
raise RuntimeError("failed to run command")
77+
err = "failed to run: " + ' '.join(args)
78+
if verbose:
79+
raise RuntimeError(err)
80+
sys.exit(err)
6381

6482
class RustBuild:
6583
def download_rust_nightly(self):
@@ -210,7 +228,10 @@ def build_triple(self):
210228
if sys.platform == 'win32':
211229
return 'x86_64-pc-windows-msvc'
212230
else:
213-
raise
231+
err = "uname not found"
232+
if self.verbose:
233+
raise Exception(err)
234+
sys.exit(err)
214235

215236
# Darwin's `uname -s` lies and always returns i386. We have to use
216237
# sysctl instead.
@@ -253,7 +274,10 @@ def build_triple(self):
253274
cputype = 'x86_64'
254275
ostype = 'pc-windows-gnu'
255276
else:
256-
raise ValueError("unknown OS type: " + ostype)
277+
err = "unknown OS type: " + ostype
278+
if self.verbose:
279+
raise ValueError(err)
280+
sys.exit(err)
257281

258282
if cputype in {'i386', 'i486', 'i686', 'i786', 'x86'}:
259283
cputype = 'i686'
@@ -269,7 +293,10 @@ def build_triple(self):
269293
elif cputype in {'amd64', 'x86_64', 'x86-64', 'x64'}:
270294
cputype = 'x86_64'
271295
else:
272-
raise ValueError("unknown cpu type: " + cputype)
296+
err = "unknown cpu type: " + cputype
297+
if self.verbose:
298+
raise ValueError(err)
299+
sys.exit(err)
273300

274301
return cputype + '-' + ostype
275302

0 commit comments

Comments
 (0)