Commit b4154d11 authored by Thomas Johansen's avatar Thomas Johansen Committed by Mislav Marohnić
Browse files

Re-introduce legacy MD5 checksum verification based on checksum length 

This is so any 3rd-party definitions continue to work even if they have
MD5 checksums embedded.
parent fb5e2b1a

bin/ruby-build

+14 −1
Original line number Diff line number Diff line
@@ -200,6 +200,7 @@ compute_md5() { 
verify_checksum() {

  # If there's no SHA2 support, return success

  [ -n "$HAS_SHA2_SUPPORT" ] || return 0

  local checksum_command="compute_sha2"



  # If the specified filename doesn't exist, return success

  local filename="$1"
@@ -209,8 +210,14 @@ verify_checksum() { 
  local expected_checksum=`echo "$2" | tr [A-Z] [a-z]`

  [ -n "$expected_checksum" ] || return 0



  # If the checksum length is 32 chars, assume MD5, otherwise SHA2

  if [ "${#expected_checksum}" -eq 32 ]; then

    [ -n "$HAS_MD5_SUPPORT" ] || return 0

    checksum_command="compute_md5"

  fi



  # If the computed checksum is empty, return failure

  local computed_checksum=`echo "$(compute_sha2 < "$filename")" | tr [A-Z] [a-z]`

  local computed_checksum=`echo "$($checksum_command < "$filename")" | tr [A-Z] [a-z]`

  [ -n "$computed_checksum" ] || return 1



  if [ "$expected_checksum" != "$computed_checksum" ]; then
@@ -1007,6 +1014,12 @@ else 
  unset RUBY_BUILD_MIRROR_URL

fi



if echo test | compute_md5 >/dev/null; then

  HAS_MD5_SUPPORT=1

else

  unset HAS_MD5_SUPPORT

fi



SEED="$(date "+%Y%m%d%H%M%S").$$"

LOG_PATH="${TMP}/ruby-build.${SEED}.log"

RUBY_BIN="${PREFIX_PATH}/bin/ruby"

test/checksum.bats

+26 −0
Original line number Diff line number Diff line
@@ -57,6 +57,32 @@ export RUBY_BUILD_CACHE_PATH= 
}





@test "package URL with valid md5 checksum" {

  stub md5 true "echo 83e6d7725e20166024a1eb74cde80677"

  stub curl "-q -o * -*S* http://example.com/* : cp $FIXTURE_ROOT/\${5##*/} \$3"



  install_fixture definitions/with-md5-checksum

  [ "$status" -eq 0 ]

  [ -x "${INSTALL_ROOT}/bin/package" ]



  unstub curl

  unstub md5

}





@test "package URL with md5 checksum but no md5 support" {

  stub md5 false

  stub curl "-q -o * -*S* http://example.com/* : cp $FIXTURE_ROOT/\${5##*/} \$3"



  install_fixture definitions/with-md5-checksum

  [ "$status" -eq 0 ]

  [ -x "${INSTALL_ROOT}/bin/package" ]



  unstub curl

  unstub md5

}





@test "package with invalid checksum" {

  stub shasum true "echo invalid"

  stub curl "-q -o * -*S* http://example.com/* : cp $FIXTURE_ROOT/\${5##*/} \$3"

test/fixtures/definitions/with-md5-checksum

0 → 100644
+1 −0
Original line number Diff line number Diff line 
install_package "package-1.0.0" "http://example.com/packages/package-1.0.0.tar.gz#83e6d7725e20166024a1eb74cde80677" copy