Skip to content

Move checksum to a dedicated file #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Move checksum to a dedicated file #94

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d86660f
Update `foundryup`
elopez Jan 14, 2025
c05bd1e
move checksum to a dedicated file
Amxx Mar 20, 2025
0fccace
Merge branch 'dev-foundrup-update' into dev-foundry-update-checksum-file
Amxx Mar 20, 2025
2957438
Refactor
Amxx Mar 26, 2025
dfffbe3
Merge branch 'main' into dev-foundry-update-checksum-file
Amxx Mar 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions checksum
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
fabc489b39a5e9c999c7cab4d281cdbbcbad10ec2f8b9a7f7144ad701b6bfdc7 nvm-install.sh
980a7a4a7f6a453346191bbe5c03bb378a91c92b10573a86fd29ee6f4b7f5d35 foundryup
10 changes: 6 additions & 4 deletions entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,8 @@ install_node()
fi

wget -q -O nvm-install.sh https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh
if [ ! "fabc489b39a5e9c999c7cab4d281cdbbcbad10ec2f8b9a7f7144ad701b6bfdc7 nvm-install.sh" = "$(sha256sum nvm-install.sh)" ]; then
sha256sum -c checksum --status --strict --ignore-missing
Copy link
Member

@elopez elopez Mar 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if this returns non-zero (i.e mismatched checksum), the execution will stop then because the script is run with set -e and the user won't see the error message from below.

I believe you should be able to do if ! sha256sum .....; then ... instead to have it working.

I am also not a fan of --ignore-missing, as it could be error prone. If, for instance, the filename changes, the check may still pass silently, leaving the user unprotected. We could have two separate checksum files to avoid having to use --ignore-missing

Copy link
Author

@Amxx Amxx Mar 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this the new syntax (with the grep) look good ?

Copy link
Member

@elopez elopez Mar 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, thanks!

if [[ $? -ne 0 ]]; then
echo "NVM installer does not match expected checksum! exiting"
exit 1
fi
Expand All @@ -152,10 +153,11 @@ install_node()
install_foundry()
{
if [[ -d "$TARGET" ]] && [[ -f "$TARGET/foundry.toml" ]]; then
echo "[-] Foundry target detected, installing foundry nightly"
echo "[-] Foundry target detected, installing foundry stable"

wget -q -O foundryup https://raw.githubusercontent.com/foundry-rs/foundry/7b452656f722fc560f0414db3ce24a1f2972a8b7/foundryup/foundryup
if [ ! "e7628766329e2873484d5d633c750b5019eec77ae506c11a0ef13b440cc3e7c2 foundryup" = "$(sha256sum foundryup)" ]; then
wget -q -O foundryup https://raw.githubusercontent.com/foundry-rs/foundry/stable/foundryup/foundryup
sha256sum -c checksum --status --strict --ignore-missing
if [[ $? -ne 0 ]]; then
echo "Foundry installer does not match expected checksum! exiting"
exit 1
fi
Expand Down