Skip to content

Commit 43e8543

Browse files
authored
add option to disable checksum validation (#115)
* add option to disable checksum validation * add section to BUILDING.md for bypassing checksum validation
1 parent 1f44a04 commit 43e8543

File tree

6 files changed

+44
-17
lines changed

6 files changed

+44
-17
lines changed

BUILDING.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -202,6 +202,14 @@ patchelf --set-rpath '$ORIGIN' /path/to/binary/or/shared/library.so
202202

203203
For debug the build process of sherpa-onnx, please set `SHERPA_BUILD_DEBUG=1` environment variable before build.
204204

205+
### Bypass checksum validation (NOT RECOMMENDED)
206+
207+
If you encounter checksum validation errors and trust the download source, you can bypass validation:
208+
209+
```console
210+
UNSAFE_DISABLE_CHECKSUM_VALIDATION=1 cargo build
211+
```
212+
205213
## Release new version
206214

207215
```console
@@ -268,4 +276,4 @@ Open Visual Studio Installer, go to Individual Components, search ARM64, select
268276
```console
269277
rustup target add aarch64-pc-windows-msvc
270278
cargo build --no-default-features --target aarch64-pc-windows-msvc --release
271-
```
279+
```

Cargo.lock

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

crates/sherpa-rs-sys/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "sherpa-rs-sys"
3-
version = "0.6.6"
3+
version = "0.6.7"
44
edition = "2021"
55
authors = ["thewh1teagle"]
66
homepage = "https://github.com/thewh1teagle/sherpa-rs"

crates/sherpa-rs-sys/build.rs

Lines changed: 26 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -202,6 +202,30 @@ fn rerun_if_changed(vars: &[&str]) {
202202
}
203203
}
204204

205+
fn verify_checksum(actual_hash: &str, expected_hash: &str) {
206+
if env::var("UNSAFE_DISABLE_CHECKSUM_VALIDATION").unwrap_or_default() == "1" {
207+
println!("cargo:warning=UNSAFE: Checksum validation disabled!");
208+
return;
209+
}
210+
211+
if actual_hash != expected_hash {
212+
panic!(
213+
"Checksum validation failed!\n\
214+
Expected: {}\n\
215+
Got: {}\n\
216+
\n\
217+
This usually means the downloaded file is corrupted or has been tampered with.\n\
218+
\n\
219+
Possible solutions:\n\
220+
1. Try cleaning the cache and rebuilding: cargo clean && cargo build\n\
221+
2. Check your internet connection and try again\n\
222+
3. If you trust the source and want to bypass validation (NOT RECOMMENDED):\n\
223+
UNSAFE_DISABLE_CHECKSUM_VALIDATION=1 cargo build",
224+
expected_hash, actual_hash
225+
);
226+
}
227+
}
228+
205229
fn main() {
206230
rerun_if_changed(&["wrapper.h", "dist.json", "checksum.txt", "./sherpa-onnx"]);
207231
rerun_on_env_changes(&[
@@ -212,6 +236,7 @@ fn main() {
212236
"SHERPA_STATIC_CRT",
213237
"SHERPA_LIB_PROFILE",
214238
"BUILD_DEBUG",
239+
"UNSAFE_DISABLE_CHECKSUM_VALIDATION",
215240
]);
216241

217242
let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap();
@@ -357,13 +382,7 @@ fn main() {
357382
if (is_mobile && cache_dir_empty) || (!is_mobile && !lib_dir.exists()) {
358383
let downloaded_file = fetch_file(&dist.url);
359384
let hash = sha256(&downloaded_file);
360-
// verify checksum
361-
assert_eq!(
362-
hash, dist.checksum,
363-
"Checksum mismatch: {} != {}",
364-
hash, dist.checksum
365-
);
366-
385+
verify_checksum(&hash, &dist.checksum);
367386
extract_tbz(&downloaded_file, &cache_dir);
368387
} else {
369388
debug_log!("Skip fetch file. Using cache from {}", lib_dir.display());

crates/sherpa-rs/Cargo.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "sherpa-rs"
3-
version = "0.6.6"
3+
version = "0.6.7"
44
edition = "2021"
55
authors = ["thewh1teagle"]
66
license = "MIT"
@@ -21,7 +21,7 @@ crate-type = ["cdylib", "rlib"]
2121
[dependencies]
2222
eyre = "0.6.12"
2323
hound = { version = "3.5.1" }
24-
sherpa-rs-sys = { path = "../sherpa-rs-sys", version = "0.6.6", default-features = false }
24+
sherpa-rs-sys = { path = "../sherpa-rs-sys", version = "0.6.7", default-features = false }
2525
tracing = "0.1.40"
2626

2727
[dev-dependencies]
@@ -125,4 +125,4 @@ path = "../../examples/dolphin.rs"
125125

126126
[[example]]
127127
name = "parakeet"
128-
path = "../../examples/parakeet.rs"
128+
path = "../../examples/parakeet.rs"

examples/tauri-app/src-tauri/Cargo.lock

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)