summary refs log tree commit diff
path: root/src/bootstrap
diff options
context:
space:
mode:
authorNick Platt <platt.nicholas@gmail.com>2016-04-13 22:10:42 -0400
committerNick Platt <platt.nicholas@gmail.com>2016-04-13 22:10:42 -0400
commite0f997d3477fe28c2c5d99229bd1cd0de81604b4 (patch)
tree4a53d33ea7087f2e81a830032545e3cbc40ac6cc /src/bootstrap
parentffff91a8e8d1b29164db89019429a712feca4a18 (diff)
downloadrust-e0f997d3477fe28c2c5d99229bd1cd0de81604b4.tar.gz
rust-e0f997d3477fe28c2c5d99229bd1cd0de81604b4.zip
rustbuild: Verify sha256 of downloaded tarballs
Diffstat (limited to 'src/bootstrap')
-rw-r--r--src/bootstrap/bootstrap.py31
1 files changed, 24 insertions, 7 deletions
diff --git a/src/bootstrap/bootstrap.py b/src/bootstrap/bootstrap.py
index 5c50599fbf4..84b8ad333c1 100644
--- a/src/bootstrap/bootstrap.py
+++ b/src/bootstrap/bootstrap.py
@@ -10,6 +10,7 @@
 
 import argparse
 import contextlib
+import hashlib
 import os
 import shutil
 import subprocess
@@ -18,13 +19,29 @@ import tarfile
 
 def get(url, path, verbose=False):
     print("downloading " + url)
-    # see http://serverfault.com/questions/301128/how-to-download
-    if sys.platform == 'win32':
-        run(["PowerShell.exe", "/nologo", "-Command",
-             "(New-Object System.Net.WebClient).DownloadFile('" + url +
-                "', '" + path + "')"], verbose=verbose)
-    else:
-        run(["curl", "-o", path, url], verbose=verbose)
+    sha_url = url + ".sha256"
+    sha_path = path + ".sha256"
+    for _url, _path in ((url, path), (sha_url, sha_path)):
+        # see http://serverfault.com/questions/301128/how-to-download
+        if sys.platform == 'win32':
+            run(["PowerShell.exe", "/nologo", "-Command",
+                 "(New-Object System.Net.WebClient)"
+                 ".DownloadFile('{}', '{}')".format(_url, _path)],
+                verbose=verbose)
+        else:
+            run(["curl", "-o", _path, _url], verbose=verbose)
+    print("verifying " + path)
+    with open(path, "rb") as f:
+        found = hashlib.sha256(f.read()).hexdigest()
+    with open(sha_path, "r") as f:
+        expected, _ = f.readline().split()
+    if found != expected:
+        err = ("invalid checksum:\n"
+               "    found:    {}\n"
+               "    expected: {}".format(found, expected))
+        if verbose:
+            raise RuntimeError(err)
+        sys.exit(err)
 
 def unpack(tarball, dst, verbose=False, match=None):
     print("extracting " + tarball)