From b56c047158d9abf0765af0cf1f8cd30a44df7293 Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Mon, 8 Apr 2019 14:08:25 +0200 Subject: [PATCH] ci: Adopt new release pipeline (#171) Signed-off-by: aeneasr --- .circleci/config.yml | 75 ++------ .golangci.yml | 6 + .goreleaser.yml | 76 ++++++++ .releaser/LICENSE.txt | 84 +++++++++ Makefile | 13 ++ README.md | 6 +- cmd/root.go | 7 +- cmd/serve_api.go | 4 +- cmd/serve_proxy.go | 4 +- cmd/version.go | 4 +- install.sh | 420 ++++++++++++++++++++++++++++++++++++++++++ 11 files changed, 626 insertions(+), 73 deletions(-) create mode 100644 .golangci.yml create mode 100644 .goreleaser.yml create mode 100644 .releaser/LICENSE.txt create mode 100644 install.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 3b06f708d8..d23c2ae07d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -22,11 +22,9 @@ jobs: command: | echo 'export GO111MODULE=on' >> $BASH_ENV source $BASH_ENV - - run: curl -L https://git.io/vp6lP | sh - - run: mv ./bin/* $GOPATH/bin + - run: curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.16.0 - run: go mod download - - run: go mod vendor - - run: GO111MODULE=off gometalinter --disable-all --enable=goimports --enable=vet --vendor ./... + - run: golangci-lint run ./... # swagger: # docker: @@ -71,27 +69,23 @@ jobs: - run: go-acc -o coverage.txt ./... -- -failfast -timeout=20m - run: test -z "$CIRCLE_PR_NUMBER" && goveralls -service=circle-ci -coverprofile=coverage.txt -repotoken=$COVERALLS_REPO_TOKEN || echo "forks are not allowed to push to coveralls" - build-docker: - docker: - - image: library/docker:17.10 - steps: - - checkout - - setup_remote_docker: - version: 17.10.0-ce - - run: docker build -f Dockerfile -t oathkeeper-test . - - run: docker run oathkeeper-test version - - release-docker: + release: docker: - image: circleci/golang:1.12 working_directory: /go/src/github.com/ory/oathkeeper steps: + - run: + name: Enable go1.12 modules + command: | + echo 'export GO111MODULE=on' >> $BASH_ENV + echo 'export DOCKER_FULL_TAG=$(echo $CIRCLE_TAG | tr '+' '_')' >> $BASH_ENV + echo 'export DOCKER_SHORT_TAG=$(echo $CIRCLE_TAG | cut -d '+' -f1)' >> $BASH_ENV + source $BASH_ENV - checkout - - setup_remote_docker: - version: 17.10.0-ce - - run: docker build --build-arg git_tag=$(git describe --tags) --build-arg git_commit=$(git rev-parse HEAD) -f Dockerfile -t oryd/oathkeeper:$(echo $CIRCLE_TAG | tr '+' '_') . + - setup_remote_docker - run: docker login --username "$DOCKER_USERNAME" --password "$DOCKER_PASSWORD" - - run: docker push oryd/oathkeeper:$(echo $CIRCLE_TAG | tr '+' '_') + - run: cp ./.releaser/LICENSE.txt ./LICENSE.txt + - run: curl -sL https://git.io/goreleaser | bash release-docs: docker: @@ -125,23 +119,6 @@ jobs: - run: git remote add origin https://arekkas:$GITHUB_TOKEN@github.com/ory/oathkeeper.git - run: git push origin HEAD:master || true - release-binaries: - docker: - - image: circleci/golang:1.12 - working_directory: /go/src/github.com/ory/oathkeeper - steps: - - run: - name: Enable go1.12 modules - command: | - echo 'export GO111MODULE=on' >> $BASH_ENV - source $BASH_ENV - - checkout - - run: go mod download - - run: go install github.com/mitchellh/gox github.com/tcnksm/ghr - - run: | - gox -parallel=2 -ldflags "-X github.com/ory/oathkeeper/cmd.Version=`git describe --tags` -X github.com/ory/oathkeeper/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/oathkeeper/cmd.GitHash=`git rev-parse HEAD`" -output "dist/{{.Dir}}-{{.OS}}-{{.Arch}}"; - - run: ghr -t $GITHUB_TOKEN -u $CIRCLE_PROJECT_USERNAME -r $CIRCLE_PROJECT_REPONAME --replace `git describe --tags` dist/ - release-npm: docker: - image: circleci/node:8.9.3 @@ -171,37 +148,18 @@ workflows: filters: branches: only: master -# - swagger: -# filters: -# tags: -# only: /.*/ - - build-docker: + - release: requires: - test -# - swagger - format filters: tags: only: /.*/ - - release-binaries: - requires: - - build-docker - filters: - tags: - only: /.*/ - branches: - ignore: /.*/ - - release-docker: - requires: - - build-docker - filters: - tags: - only: /.*/ branches: ignore: /.*/ - release-npm: requires: - - build-docker + - release filters: tags: only: /.*/ @@ -209,8 +167,7 @@ workflows: ignore: /.*/ - release-changelog: requires: - - release-docker - - release-binaries + - release - release-npm filters: tags: diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000000..a49bea3a59 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,6 @@ +linters: + enable-all: false + disable-all: true + enable: + - vet + - goimports diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000000..825c21302f --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,76 @@ +# This is an example goreleaser.yaml file with some sane defaults. +# Make sure to check the documentation at http://goreleaser.com +project_name: oathkeeper + +env: + - GO111MODULE=on +before: + hooks: + - go mod download +builds: + - + flags: + - -a + ldflags: + - -s -w -X github.com/ory/oathkeeper/cmd.Version={{.Tag}} -X github.com/ory/oathkeeper/cmd.Commit={{.FullCommit}} -X github.com/ory/oathkeeper/cmd.Date={{.Date}} + binary: oathkeeper + env: + - CGO_ENABLED=0 + goarch: + - amd64 + - 386 + - arm + - arm64 + goarm: + - 5 + - 6 + - 7 + goos: + - freebsd + - linux + - windows + - darwin +archive: + replacements: + darwin: macOS + linux: Linux + windows: Windows + 386: 32-bit + amd64: 64-bit + format_overrides: + - goos: windows + format: zip + files: + - LICENSE.txt +snapshot: + name_template: "{{ .Tag }}-next" +changelog: + sort: asc +brew: + github: + owner: ory + name: homebrew-oathkeeper + homepage: https://www.ory.sh + commit_author: + name: ory + email: hi@ory.sh + +scoop: + bucket: + owner: ory + name: scoop-oathkeeper + homepage: https://www.ory.sh + commit_author: + name: ory + email: hi@ory.sh + +dockers: + - image_templates: + - "oryd/oathkeeper:v{{ .Major }}" + - "oryd/oathkeeper:v{{ .Major }}.{{ .Minor }}" + - "oryd/oathkeeper:v{{ .Major }}.{{ .Minor }}.{{ .Patch }}" + - "oryd/oathkeeper:{{ .Env.DOCKER_FULL_TAG }}" + - "oryd/oathkeeper:{{ .Env.DOCKER_SHORT_TAG }}" + - "oryd/oathkeeper:latest" + extra_files: + - .releaser/LICENSE.txt diff --git a/.releaser/LICENSE.txt b/.releaser/LICENSE.txt new file mode 100644 index 0000000000..1de046512e --- /dev/null +++ b/.releaser/LICENSE.txt @@ -0,0 +1,84 @@ +ORY Oathkeeper +Copyright (c) 2019 ORY GmbH + +*** END USER LICENSE AGREEMENT *** + +IMPORTANT: PLEASE READ THIS LICENSE CAREFULLY BEFORE USING THIS SOFTWARE. + +1. LICENSE + +By receiving, opening the file package, and/or using ORY Oathkeeper ("Software") containing this software, you agree that +this End User User License Agreement(EULA) is a legally binding and valid contract and agree to be bound by it. +You agree to abide by the intellectual property laws and all of the terms and conditions of this Agreement. + +Unless you have a different license agreement signed by ORY GmbH your use of ORY Oathkeeper indicates +your acceptance of this license agreement and warranty. + +Subject to the terms of this Agreement, ORY GmbH grants to you a limited, non-exclusive, non-transferable +license, without right to sub-license, to use ORY Oathkeeper in accordance with this Agreement and any other written +agreement with ORY GmbH. ORY GmbH does not transfer the title of ORY Oathkeeper to you; the license granted to you is not a +sale. This agreement is a binding legal agreement between ORY GmbH and the purchasers or users of ORY Oathkeeper. + +If you do not agree to be bound by this agreement, remove ORY Oathkeeper from your computer now and, if applicable, +promptly return to ORY GmbH by mail any copies of ORY Oathkeeper and related documentation and packaging in your possession. + +2. DISTRIBUTION + +ORY Oathkeeper and the license herein granted shall not be copied, shared, distributed, re-sold, offered for re-sale, +transferred or sub-licensed in whole or in part except that you may make one copy for archive purposes only. For +information about redistribution of ORY Oathkeeper contact ORY GmbH. + +3. USER AGREEMENT + +3.1 Use + +Your license to use ORY Oathkeeper is limited to the number of licenses purchased by you. You shall not allow others to use, +copy or evaluate copies of ORY Oathkeeper. + +3.2 Use Restrictions + +You shall use ORY Oathkeeper in compliance with all applicable laws and not for any unlawful purpose. Without limiting the +foregoing, use, display or distribution of ORY Oathkeeper together with material that is pornographic, racist, vulgar, +obscene, defamatory, libelous, abusive, promoting hatred, discriminating or displaying prejudice based on religion, +ethnic heritage, race, sexual orientation or age is strictly prohibited. + +Each licensed copy of ORY Oathkeeper may be used on one single computer location by one user. Use of ORY Oathkeeper means that you have loaded, installed, or run ORY Oathkeeper on a computer or similar device. If you install ORY Oathkeeper onto a multi-user platform, server or network, each and every individual user of ORY Oathkeeper must be licensed separately. + +You may make one copy of ORY Oathkeeper for backup purposes, providing you only have one copy installed on one computer being used by one person. Other users may not use your copy of ORY Oathkeeper . The assignment, sublicense, networking, sale, or distribution of copies of ORY Oathkeeper are strictly forbidden without the prior written consent of ORY GmbH. It is a violation of this agreement to assign, sell, share, loan, rent, lease, borrow, network or transfer the use of ORY Oathkeeper. If any person other than yourself uses ORY Oathkeeper registered in your name, regardless of whether it is at the same time or different times, then this agreement is being violated and you are responsible for that violation! + +3.3 Copyright Restriction + +This Software contains copyrighted material, trade secrets and other proprietary material. You shall not, and shall not attempt to, modify, reverse engineer, disassemble or decompile ORY Oathkeeper. Nor can you create any derivative works or other works that are based upon or derived from ORY Oathkeeper in whole or in part. + +ORY GmbH's name, logo and graphics file that represents ORY Oathkeeper shall not be used in any way to promote products developed with ORY Oathkeeper . ORY GmbH retains sole and exclusive ownership of all right, title and interest in and to ORY Oathkeeper and all Intellectual Property rights relating thereto. + +Copyright law and international copyright treaty provisions protect all parts of ORY Oathkeeper, products and services. No program, code, part, image, audio sample, or text may be copied or used in any way by the user except as intended within the bounds of the single user program. All rights not expressly granted hereunder are reserved for ORY GmbH. + +3.4 Limitation of Responsibility + +You will indemnify, hold harmless, and defend ORY GmbH , its employees, agents and distributors against any and all claims, proceedings, demand and costs resulting from or in any way connected with your use of ORY GmbH's Software. + +In no event (including, without limitation, in the event of negligence) will ORY GmbH , its employees, agents or distributors be liable for any consequential, incidental, indirect, special or punitive damages whatsoever (including, without limitation, damages for loss of profits, loss of use, business interruption, loss of information or data, or pecuniary loss), in connection with or arising out of or related to this Agreement, ORY Oathkeeper or the use or inability to use ORY Oathkeeper or the furnishing, performance or use of any other matters hereunder whether based upon contract, tort or any other theory including negligence. + +ORY GmbH's entire liability, without exception, is limited to the customers' reimbursement of the purchase price of the Software (maximum being the lesser of the amount paid by you and the suggested retail price as listed by ORY GmbH ) in exchange for the return of the product, all copies, registration papers and manuals, and all materials that constitute a transfer of license from the customer back to ORY GmbH. + +3.5 Warranties + +Except as expressly stated in writing, ORY GmbH makes no representation or warranties in respect of this Software and expressly excludes all other warranties, expressed or implied, oral or written, including, without limitation, any implied warranties of merchantable quality or fitness for a particular purpose. + +3.6 Governing Law + +This Agreement shall be governed by the law of the Germany applicable therein. You hereby irrevocably attorn and submit to the non-exclusive jurisdiction of the courts of Germany therefrom. If any provision shall be considered unlawful, void or otherwise unenforceable, then that provision shall be deemed severable from this License and not affect the validity and enforceability of any other provisions. + +3.7 Termination + +Any failure to comply with the terms and conditions of this Agreement will result in automatic and immediate termination of this license. Upon termination of this license granted herein for any reason, you agree to immediately cease use of ORY Oathkeeper and destroy all copies of ORY Oathkeeper supplied under this Agreement. The financial obligations incurred by you shall survive the expiration or termination of this license. + +4. DISCLAIMER OF WARRANTY + +THIS SOFTWARE AND THE ACCOMPANYING FILES ARE SOLD "AS IS" AND WITHOUT WARRANTIES AS TO PERFORMANCE OR MERCHANTABILITY OR ANY OTHER WARRANTIES WHETHER EXPRESSED OR IMPLIED. THIS DISCLAIMER CONCERNS ALL FILES GENERATED AND EDITED BY ORY Oathkeeper AS WELL. + +5. CONSENT OF USE OF DATA + +You agree that ORY GmbH may collect and use information gathered in any manner as part of the product support services provided to you, if any, related to ORY Oathkeeper.ORY GmbH may also use this information to provide notices to you which may be of use or interest to you. + \ No newline at end of file diff --git a/Makefile b/Makefile index 93a20c90aa..e4ed3ab98e 100644 --- a/Makefile +++ b/Makefile @@ -31,3 +31,16 @@ sdk: rm -f ./sdk/js/swagger/package.json rm -rf ./sdk/js/swagger/test rm -rf ./vendor + +.PHONY: install-stable +install-stable: + OATHKEEPER_LATEST=$$(git describe --abbrev=0 --tags) + git checkout $$OATHKEEPER_LATEST + GO111MODULE=on go install \ + -ldflags "-X github.com/ory/oathkeeper/cmd.Version=$$OATHKEEPER_LATEST -X github.com/ory/oathkeeper/cmd.Date=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/oathkeeper/cmd.Commit=`git rev-parse HEAD`" \ + . + git checkout master + +.PHONY: install +install: + GO111MODULE=on go install . diff --git a/README.md b/README.md index 84f833f2f2..18d44aed44 100644 --- a/README.md +++ b/README.md @@ -37,9 +37,6 @@ This service is stable, but under active development and may introduce breaking - [Installation](#installation) - - [Download binaries](#download-binaries) - - [Using Docker](#using-docker) - - [Building from source](#building-from-source) - [Ecosystem](#ecosystem) - [ORY Security Console: Administrative User Interface](#ory-security-console-administrative-user-interface) - [ORY Hydra: OAuth2 & OpenID Connect Server](#ory-hydra-oauth2--openid-connect-server) @@ -61,7 +58,8 @@ This service is stable, but under active development and may introduce breaking ## Installation -There are various ways of installing ORY Oathkeeper on your system. +Head over to the [ORY Developer Documentation](https://www.ory.sh/docs/oathkeeper/install) to learn how to install ORY +Oathkeeper on Linux, macOS, Windows, and Docker and how to build ORY Oathkeeper from source. ### Download binaries diff --git a/cmd/root.go b/cmd/root.go index 2d1360cca9..2764dc2b48 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -23,7 +23,6 @@ package cmd import ( "fmt" "os" - "time" "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -33,9 +32,9 @@ import ( var cfgFile string var ( - Version = "dev-master" - BuildTime = time.Now().String() - GitHash = "undefined" + Version = "master" + Date = "undefined" + Commit = "undefined" ) // RootCmd represents the base command when called without any subcommands diff --git a/cmd/serve_api.go b/cmd/serve_api.go index dfcf59e430..c2f4a9d565 100644 --- a/cmd/serve_api.go +++ b/cmd/serve_api.go @@ -115,8 +115,8 @@ HTTP CONTROLS WriteKey: "MSx9A6YQ1qodnkzEFOv22cxOmOCJXMFa", WhitelistedPaths: []string{"/rules", "/.well-known/jwks.json", "/judge"}, BuildVersion: Version, - BuildTime: BuildTime, - BuildHash: GitHash, + BuildTime: Date, + BuildHash: Commit, }, ) n.Use(metrics) diff --git a/cmd/serve_proxy.go b/cmd/serve_proxy.go index 1b9f68659b..2fd40cc37d 100644 --- a/cmd/serve_proxy.go +++ b/cmd/serve_proxy.go @@ -233,8 +233,8 @@ OTHER CONTROLS WriteKey: "MSx9A6YQ1qodnkzEFOv22cxOmOCJXMFa", WhitelistedPaths: []string{"/"}, BuildVersion: Version, - BuildTime: GitHash, - BuildHash: BuildTime, + BuildTime: Commit, + BuildHash: Date, }, ) n.Use(metrics) diff --git a/cmd/version.go b/cmd/version.go index 5fb3490cb6..7a084aabd4 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -32,8 +32,8 @@ var versionCmd = &cobra.Command{ Short: "Display this binary's version, build time and git hash of this build", Run: func(cmd *cobra.Command, args []string) { fmt.Printf("Version: %s\n", Version) - fmt.Printf("Git Hash: %s\n", GitHash) - fmt.Printf("Build Time: %s\n", BuildTime) + fmt.Printf("Git Hash: %s\n", Commit) + fmt.Printf("Build Time: %s\n", Date) }, } diff --git a/install.sh b/install.sh new file mode 100644 index 0000000000..c65990205f --- /dev/null +++ b/install.sh @@ -0,0 +1,420 @@ +#!/bin/sh +set -e +# Code generated by godownloader on 2019-04-08T10:43:58Z. DO NOT EDIT. +# + +usage() { + this=$1 + cat </dev/null +} +echoerr() { + echo "$@" 1>&2 +} +log_prefix() { + echo "$0" +} +_logp=6 +log_set_priority() { + _logp="$1" +} +log_priority() { + if test -z "$1"; then + echo "$_logp" + return + fi + [ "$1" -le "$_logp" ] +} +log_tag() { + case $1 in + 0) echo "emerg" ;; + 1) echo "alert" ;; + 2) echo "crit" ;; + 3) echo "err" ;; + 4) echo "warning" ;; + 5) echo "notice" ;; + 6) echo "info" ;; + 7) echo "debug" ;; + *) echo "$1" ;; + esac +} +log_debug() { + log_priority 7 || return 0 + echoerr "$(log_prefix)" "$(log_tag 7)" "$@" +} +log_info() { + log_priority 6 || return 0 + echoerr "$(log_prefix)" "$(log_tag 6)" "$@" +} +log_err() { + log_priority 3 || return 0 + echoerr "$(log_prefix)" "$(log_tag 3)" "$@" +} +log_crit() { + log_priority 2 || return 0 + echoerr "$(log_prefix)" "$(log_tag 2)" "$@" +} +uname_os() { + os=$(uname -s | tr '[:upper:]' '[:lower:]') + case "$os" in + msys_nt) os="windows" ;; + esac + echo "$os" +} +uname_arch() { + arch=$(uname -m) + case $arch in + x86_64) arch="amd64" ;; + x86) arch="386" ;; + i686) arch="386" ;; + i386) arch="386" ;; + aarch64) arch="arm64" ;; + armv5*) arch="armv5" ;; + armv6*) arch="armv6" ;; + armv7*) arch="armv7" ;; + esac + echo ${arch} +} +uname_os_check() { + os=$(uname_os) + case "$os" in + darwin) return 0 ;; + dragonfly) return 0 ;; + freebsd) return 0 ;; + linux) return 0 ;; + android) return 0 ;; + nacl) return 0 ;; + netbsd) return 0 ;; + openbsd) return 0 ;; + plan9) return 0 ;; + solaris) return 0 ;; + windows) return 0 ;; + esac + log_crit "uname_os_check '$(uname -s)' got converted to '$os' which is not a GOOS value. Please file bug at https://github.com/client9/shlib" + return 1 +} +uname_arch_check() { + arch=$(uname_arch) + case "$arch" in + 386) return 0 ;; + amd64) return 0 ;; + arm64) return 0 ;; + armv5) return 0 ;; + armv6) return 0 ;; + armv7) return 0 ;; + ppc64) return 0 ;; + ppc64le) return 0 ;; + mips) return 0 ;; + mipsle) return 0 ;; + mips64) return 0 ;; + mips64le) return 0 ;; + s390x) return 0 ;; + amd64p32) return 0 ;; + esac + log_crit "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value. Please file bug report at https://github.com/client9/shlib" + return 1 +} +untar() { + tarball=$1 + case "${tarball}" in + *.tar.gz | *.tgz) tar -xzf "${tarball}" ;; + *.tar) tar -xf "${tarball}" ;; + *.zip) unzip "${tarball}" ;; + *) + log_err "untar unknown archive format for ${tarball}" + return 1 + ;; + esac +} +http_download_curl() { + local_file=$1 + source_url=$2 + header=$3 + if [ -z "$header" ]; then + code=$(curl -w '%{http_code}' -sL -o "$local_file" "$source_url") + else + code=$(curl -w '%{http_code}' -sL -H "$header" -o "$local_file" "$source_url") + fi + if [ "$code" != "200" ]; then + log_debug "http_download_curl received HTTP status $code" + return 1 + fi + return 0 +} +http_download_wget() { + local_file=$1 + source_url=$2 + header=$3 + if [ -z "$header" ]; then + wget -q -O "$local_file" "$source_url" + else + wget -q --header "$header" -O "$local_file" "$source_url" + fi +} +http_download() { + log_debug "http_download $2" + if is_command curl; then + http_download_curl "$@" + return + elif is_command wget; then + http_download_wget "$@" + return + fi + log_crit "http_download unable to find wget or curl" + return 1 +} +http_copy() { + tmp=$(mktemp) + http_download "${tmp}" "$1" "$2" || return 1 + body=$(cat "$tmp") + rm -f "${tmp}" + echo "$body" +} +github_release() { + owner_repo=$1 + version=$2 + test -z "$version" && version="latest" + giturl="https://github.com/${owner_repo}/releases/${version}" + json=$(http_copy "$giturl" "Accept:application/json") + test -z "$json" && return 1 + version=$(echo "$json" | tr -s '\n' ' ' | sed 's/.*"tag_name":"//' | sed 's/".*//') + test -z "$version" && return 1 + echo "$version" +} +hash_sha256() { + TARGET=${1:-/dev/stdin} + if is_command gsha256sum; then + hash=$(gsha256sum "$TARGET") || return 1 + echo "$hash" | cut -d ' ' -f 1 + elif is_command sha256sum; then + hash=$(sha256sum "$TARGET") || return 1 + echo "$hash" | cut -d ' ' -f 1 + elif is_command shasum; then + hash=$(shasum -a 256 "$TARGET" 2>/dev/null) || return 1 + echo "$hash" | cut -d ' ' -f 1 + elif is_command openssl; then + hash=$(openssl -dst openssl dgst -sha256 "$TARGET") || return 1 + echo "$hash" | cut -d ' ' -f a + else + log_crit "hash_sha256 unable to find command to compute sha-256 hash" + return 1 + fi +} +hash_sha256_verify() { + TARGET=$1 + checksums=$2 + if [ -z "$checksums" ]; then + log_err "hash_sha256_verify checksum file not specified in arg2" + return 1 + fi + BASENAME=${TARGET##*/} + want=$(grep "${BASENAME}" "${checksums}" 2>/dev/null | tr '\t' ' ' | cut -d ' ' -f 1) + if [ -z "$want" ]; then + log_err "hash_sha256_verify unable to find checksum for '${TARGET}' in '${checksums}'" + return 1 + fi + got=$(hash_sha256 "$TARGET") + if [ "$want" != "$got" ]; then + log_err "hash_sha256_verify checksum for '$TARGET' did not verify ${want} vs $got" + return 1 + fi +} +cat /dev/null <