Skip to content

Commit eb02f2b

Browse files
ogriselogrisel
committed
Check sha256 digests of downloaded components
1 parent 8c21e9d commit eb02f2b

File tree

2 files changed

+23
-4
lines changed

2 files changed

+23
-4
lines changed

docker/build_scripts/build.sh

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ CPYTHON_VERSIONS="2.6.9 2.7.11 3.3.6 3.4.4 3.5.1"
1111
# archive
1212
OPENSSL_ROOT=openssl-1.0.2g
1313
OPENSSL_HASH=b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33
14+
EPEL_RPM_HASH=0dcc89f9bf67a2a515bad64569b7a9615edc5e018f676a578d5fd0f17d3c81d4
15+
DEVTOOLS_HASH=a8ebeb4bed624700f727179e6ef771dafe47651131a00a78b342251415646acc
16+
PATCHELF_HASH=d9afdff4baeacfbc64861454f368b7f2c15c44d245293f7587bbf726bfe722fb
1417

1518
# Dependencies for compiling Python that we want to remove from
1619
# the final image after compiling Python
@@ -26,8 +29,12 @@ source $MY_DIR/build_utils.sh
2629
# EPEL support
2730
yum -y install wget curl
2831
curl -sLO https://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
32+
check_sha256sum epel-release-5-4.noarch.rpm $EPEL_RPM_HASH
33+
2934
# Dev toolset (for LLVM and other projects requiring C++11 support)
30-
curl -sL http://people.centos.org/tru/devtools-2/devtools-2.repo > /etc/yum.repos.d/devtools-2.repo
35+
curl -sLO http://people.centos.org/tru/devtools-2/devtools-2.repo
36+
check_sha256sum devtools-2.repo $DEVTOOLS_HASH
37+
mv devtools-2.repo /etc/yum.repos.d/devtools-2.repo
3138
rpm -Uvh --replacepkgs epel-release-5*.rpm
3239
rm -f epel-release-5*.rpm
3340

@@ -50,6 +57,7 @@ rm -rf /usr/local/ssl
5057

5158
# Install patchelf and auditwheel (latest with unreleased bug fixes)
5259
curl -sLO https://nipy.bic.berkeley.edu/manylinux/patchelf-0.9njs2.tar.gz
60+
check_sha256sum patchelf-0.9njs2.tar.gz $PATCHELF_HASH
5361
tar -xzf patchelf-0.9njs2.tar.gz
5462
(cd patchelf-0.9njs2 && ./configure && make && make install)
5563
rm -rf patchelf-0.9njs2.tar.gz patchelf-0.9njs2

docker/build_scripts/build_utils.sh

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -89,16 +89,27 @@ function do_openssl_build {
8989
}
9090

9191

92+
function check_sha256sum {
93+
local fname=$1
94+
check_var $fname
95+
local sha256=$2
96+
check_var $sha256
97+
98+
echo "${sha256} ${fname}" > ${fname}.sha256
99+
sha256sum -c ${fname}.sha256
100+
rm ${fname}.sha256
101+
}
102+
103+
92104
function build_openssl {
93105
local openssl_fname=$1
94106
check_var $openssl_fname
95107
local openssl_sha256=$2
96108
check_var $openssl_sha256
97109
check_var $OPENSSL_DOWNLOAD_URL
98-
echo "${openssl_sha256} ${openssl_fname}.tar.gz" > ${openssl_fname}.tar.gz.sha256
99110
curl -sLO $OPENSSL_DOWNLOAD_URL/${openssl_fname}.tar.gz
100-
sha256sum -c ${openssl_fname}.tar.gz.sha256
111+
check_sha256sum $openssl_fname.tar.gz $openssl_sha256
101112
tar -xzf ${openssl_fname}.tar.gz
102113
(cd ${openssl_fname} && do_openssl_build)
103-
rm -rf ${openssl_fname} ${openssl_fname}.tar.gz ${openssl_fname}.tar.gz.sha256
114+
rm -rf ${openssl_fname} ${openssl_fname}.tar.gz
104115
}

0 commit comments

Comments
 (0)