Pchen0/electron

Browse Source

build: add hashes to the external binary downloader (#21328)

Samuel Attard 5 years ago

parent

b26a6793ba

commit

0a60f455a9

2 changed files with 38 additions and 13 deletions

Split View Show Diff Stats

						
							+ 16
							
							- 8
						
script/external-binaries.json
							 
								View File
							
				@@ -4,37 +4,45 @@
			
				   "binaries": [
			
				     {
			
				       "url": "Mantle.zip",
			
				-      "platform": "darwin"
			
				+      "platform": "darwin",
			
				+      "sha": "f9865e115c03871b45d3a2d8734220cb147a02dace46c92f766ca5d3059281dd"
			
				     },
			
				     {
			
				       "url": "ReactiveCocoa.zip",
			
				-      "platform": "darwin"
			
				+      "platform": "darwin",
			
				+      "sha": "8ae85cd226fa4076472bfdfcda4745b5c7edf31fbe695868068eeaf62e7fa962"
			
				     },
			
				     {
			
				       "url": "Squirrel.zip",
			
				-      "platform": "darwin"
			
				+      "platform": "darwin",
			
				+      "sha": "e516fd5c24c0ad267fd854848b04be0552be977aa846fa7f3c65ef4618699511"
			
				     },
			
				     {
			
				       "url": "directxsdk-ia32.zip",
			
				       "platform": "win32",
			
				-      "targetArch": "ia32"
			
				+      "targetArch": "ia32",
			
				+      "sha": "f777bd5ab524bf39c3bfc68ac2b3f95ff2136c92328cf63e857f399e849db037"
			
				     },
			
				     {
			
				       "url": "directxsdk-x64.zip",
			
				       "platform": "win32",
			
				-      "targetArch": "x64"
			
				+      "targetArch": "x64",
			
				+      "sha": "46c1f8afb9180516013c39e8d73182a7f15f0ea89c61dc94f92605b4734d447b"
			
				     },
			
				     {
			
				       "url": "sccache-darwin-x64.zip",
			
				-      "platform": "darwin"
			
				+      "platform": "darwin",
			
				+      "sha": "3bfe114b49a15e4f15e2e3a9ee6699f1acdb89446badbaa4144869c72a7690ca"
			
				     },
			
				     {
			
				       "url": "sccache-linux-x64.zip",
			
				-      "platform": "linux"
			
				+      "platform": "linux",
			
				+      "sha": "dd379b494122f9e85bdae3597b02c67b0a46192f20f4f16cae3f1258a57b39dd"
			
				     },
			
				     {
			
				       "url": "sccache-win32-x64.zip",
			
				-      "platform": "win32"
			
				+      "platform": "win32",
			
				+      "sha": "b6a20fd1c2026f3792e7286bc768a7ebc261847b76449b49f55455e1f841fecd"
			
				     }
			
				   ]
			
				 }

						
							+ 22
							
							- 5
						
script/update-external-binaries.py
							 
								View File
							
				@@ -2,6 +2,7 @@
			
				 import argparse
			
				 import errno
			
				+import hashlib
			
				 import json
			
				 import os
			
				@@ -17,6 +18,7 @@ def parse_args():
			
				   parser.add_argument('--base-url', required=False,
			
				                       help="Base URL for all downloads")
			
				+  parser.add_argument('--force', action='store_true', default=False, required=False)
			
				   return parser.parse_args()
			
				@@ -37,7 +39,7 @@ def main():
			
				   output_dir = os.path.join(SOURCE_ROOT, 'external_binaries')
			
				   version_file = os.path.join(output_dir, '.version')
			
				-  if (is_updated(version_file, version)):
			
				+  if (is_updated(version_file, version) and not args.force):
			
				     return
			
				   rm_rf(output_dir)
			
				@@ -47,7 +49,7 @@ def main():
			
				     if not binary_should_be_downloaded(binary):
			
				       continue
			
				-    temp_path = download_binary(base_url, version, binary['url'])
			
				+    temp_path = download_binary(base_url, version, binary['url'], binary['sha'])
			
				     # We assume that all binaries are in zip archives.
			
				     extract_zip(temp_path, output_dir)
			
				@@ -82,16 +84,31 @@ def binary_should_be_downloaded(binary):
			
				   return True
			
				-def download_binary(base_url, version, binary_url):
			
				+def sha256(file_path):
			
				+  hash_256 = hashlib.sha256()
			
				+  with open(file_path, "rb") as f:
			
				+      for chunk in iter(lambda: f.read(4096), b""):
			
				+          hash_256.update(chunk)
			
				+  return hash_256.hexdigest()
			
				+
			
				+
			
				+def download_binary(base_url, version, binary_url, sha):
			
				   full_url = '{0}/{1}/{2}'.format(base_url, version, binary_url)
			
				-  temp_path = download_to_temp_dir(full_url, filename=binary_url)
			
				+  temp_path = download_to_temp_dir(full_url, filename=binary_url, sha=sha)
			
				   return temp_path
			
				-def download_to_temp_dir(url, filename):
			
				+def validate_sha(file_path, sha):
			
				+  downloaded_sha = sha256(file_path)
			
				+  if downloaded_sha != sha:
			
				+    raise Exception("SHA for external binary file {} does not match expected '{}' != '{}'".format(file_path, downloaded_sha, sha))
			
				+
			
				+
			
				+def download_to_temp_dir(url, filename, sha):
			
				   download_dir = tempdir(prefix='electron-')
			
				   file_path = os.path.join(download_dir, filename)
			
				   download(text='Download ' + filename, url=url, path=file_path)
			
				+  validate_sha(file_path, sha)
			
				   return file_path

build: add hashes to the external binary downloader (#21328)

+ 16 - 8 script/external-binaries.json View File

+ 22 - 5 script/update-external-binaries.py View File

+ 16 - 8
script/external-binaries.json
View File

+ 22 - 5
script/update-external-binaries.py
View File