From 90fe6798bea2de6aeeb377c83804758b8412b32e Mon Sep 17 00:00:00 2001 From: Austin Vazquez Date: Tue, 25 Jun 2024 14:28:52 -0700 Subject: [PATCH] fix: make install.dependencies on Windows This change fixes make install.dependencies on Windows. The Windows platform relies on sha512sum tool instead of shasum tool which is available on macOS. This change also adds a spot check for make install.dependencies on macOS 13 and Windows to CI. Signed-off-by: Austin Vazquez --- .github/workflows/ci.yaml | 27 +++++++++++++++++++++++++++ Makefile.windows | 2 +- bin/verify_hash.ps1 | 2 +- deps/install.sh | 27 ++++++++++++++++++++++++--- 4 files changed, 53 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0e1580e..93e9f4b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -20,6 +20,33 @@ concurrency: cancel-in-progress: true jobs: + install-dependencies: + # This is a spot check for make install.dependencies on macOS and Windows platforms. + # Finch-core provides the core dependencies needed to run Finch such as the base OS + # image, rootfs, and Lima bundle. Validate the mechanism used to install the core + # dependencies works on the respective platforms. + strategy: + fail-fast: false + matrix: + os: [macos-13, windows-2022] + runs-on: ${{ matrix.os }} + steps: + - name: Checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 + persist-credentials: false + submodules: true + - name: Setup go + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + with: + go-version-file: e2e/go.mod + cache-dependency-path: e2e/go.sum + - name: Install platform dependencies + run: make install.dependencies + - name: Clean up dependencies + run: make clean + e2e-tests: strategy: fail-fast: false diff --git a/Makefile.windows b/Makefile.windows index eed483b..edad438 100644 --- a/Makefile.windows +++ b/Makefile.windows @@ -16,7 +16,7 @@ endif WINGIT_TEMP_DIR := $(CURDIR)/wingit-temp WINGIT_x86_URL := $(or $(WINGIT_x86_URL),https://github.com/git-for-windows/git/releases/download/v2.42.0.windows.2/Git-2.42.0.2-64-bit.tar.bz2) WINGIT_x86_BASENAME ?= $(notdir $(WINGIT_x86_URL)) -WINGIT_x86_HASH := $(or $(WINGIT_x86_HASH),"sha256:c192e56f8ed3d364acc87ad04d1f5aa6ae03c23b32b67bf65fcc6f9b8f032e65") +WINGIT_x86_HASH := $(or $(WINGIT_x86_HASH),"sha512:795a2e7e0be5ab78f2d28d0bd971961d121b9c808a95dec795343dc5af943574dcf54f63a8580c5a5102075abdae387d7a67135c165821428afc07f11ef7543d") install.dependencies: install.rootfs install.lima diff --git a/bin/verify_hash.ps1 b/bin/verify_hash.ps1 index eb2dfc4..32d52a4 100644 --- a/bin/verify_hash.ps1 +++ b/bin/verify_hash.ps1 @@ -11,7 +11,7 @@ param ( [string]$DependencyHash = 'out.png' ) -if (!(Get-FileHash -Algorithm SHA256 "$DependencyFilePath").Hash -eq $DependencyHash) { +if (!(Get-FileHash -Algorithm SHA512 "$DependencyFilePath").Hash -eq $DependencyHash) { $host.SetShouldExit(-1); exit } else { Write-Output "Verified $DependencyFilePath" diff --git a/deps/install.sh b/deps/install.sh index b0308e3..d8708a9 100644 --- a/deps/install.sh +++ b/deps/install.sh @@ -9,6 +9,9 @@ set -euxo pipefail +CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd -- "${CURRENT_DIR}/.." && pwd)" + file="" sources="" @@ -68,9 +71,27 @@ case "${arch}" in ;; esac +windows=false +os="$(uname -s)" +case "${os}" in + "Darwin") + ;; + CYGWIN*|MINGW32*|MINGW*|MYSYS*) + windows=true + ;; + *) + echo "error: unsupported operating system" && exit 1 + ;; +esac + # pull artifact from dependency repository curl -L --fail "${url}/${artifact}" > "${file}" -# validate shasum for downloaded artifact -(shasum --algorithm 512 "${file}" | cut -d ' ' -f 1 | grep -xq "^${digest}$") || \ - (echo "error: shasum verification failed for dependency" && rm -f "${file}" && exit 1) +# validate artifact digest +if [[ $windows = true ]]; then + (pwsh "${PROJECT_ROOT}/bin/verify_hash.ps1" "${file}" "${digest}") || \ + (echo "error: shasum verification failed for dependency" && rm -f "${file}" && exit 1) +else + (shasum --algorithm 512 "${file}" | cut -d ' ' -f 1 | grep -xq "^${digest}$") || \ + (echo "error: shasum verification failed for dependency" && rm -f "${file}" && exit 1) +fi