Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SHA checking to get.sh download script #425

Merged
merged 1 commit into from
Jul 3, 2018

Conversation

rgee0
Copy link
Contributor

@rgee0 rgee0 commented Jun 30, 2018

Description

A new function has been introduced called checkHash which checks that shasum is available on the system and if it does goes on to test the newly received binary against the checksum calculated at build time. A sub-shell is invoked within this function as shasum needs to be called in the same dir as the binary and this location can vary depending on the user context. Using a sub-shell means the directory switching is transparent to the user, who remains where they started regardless of the script outcome.

Motivation and Context

SHA256 checksum files were recently added to the releases page. This change uses these in order to check the received binary.

How Has This Been Tested?

Tested on MacOS, Ubuntu 18.04 & RPi3.

  • MacOS:
$ sudo ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli-darwin as /tmp/faas-cli-darwin

Download complete.

Running as root - Attemping to move faas-cli to /usr/local/bin

New version of faas-cli installed to /usr/local/bin

  ___                   _____           ____

 / _ \ _ __   ___ _ __ |  ___|_ _  __ _/ ___|

| | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \

| |_| | |_) |  __/ | | |  _| (_| | (_| |___) |

 \___/| .__/ \___|_| |_|_|  \__,_|\__,_|____/

      |_|

Commit: d33cb5cdc128b75fc7a9856c30fc0eded39fec1e

Version: 0.6.12

$ ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli-darwin as /Users/rgee0/go/src/github.com/rgee0/faas-cli/faas-cli-darwin

Download complete.

=========================================================

==    As the script was run as a non-root user the     ==

==    following commands may need to be run manually   ==

=========================================================

  sudo cp faas-cli-darwin /usr/local/bin/faas-cli

  sudo ln -sf /usr/local/bin/faas-cli /usr/local/bin/faas

Then forcing failure:

$ sudo ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli-darwin as /tmp/faas-cli-darwin

shasum: standard input: no properly formatted SHA1 checksum lines found
Binary checksum didn't match. Exiting

$ ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli-darwin as /Users/rgee0/go/src/github.com/rgee0/faas-cli/faas-cli-darwin

shasum: standard input: no properly formatted SHA1 checksum lines found

Binary checksum didn't match. Exiting
  • Ubuntu 18.04:
$ ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

x86_64

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli as /home/ubuntu/faas-cli

Download complete.

=========================================================

==    As the script was run as a non-root user the     ==

==    following commands may need to be run manually   ==

=========================================================

  sudo cp faas-cli /usr/local/bin/faas-cli

  sudo ln -sf /usr/local/bin/faas-cli /usr/local/bin/faas

$ sudo ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

x86_64

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli as /tmp/faas-cli

Download complete.

Running as root - Attemping to move faas-cli to /usr/local/bin

New version of faas-cli installed to /usr/local/bin

  ___                   _____           ____

 / _ \ _ __   ___ _ __ |  ___|_ _  __ _/ ___|

| | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \

| |_| | |_) |  __/ | | |  _| (_| | (_| |___) |

 \___/| .__/ \___|_| |_|_|  \__,_|\__,_|____/

      |_|

Commit: d33cb5cdc128b75fc7a9856c30fc0eded39fec1e

Version: 0.6.12

Then forcing failure:

$ sudo ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

x86_64

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli as /tmp/faas-cli

shasum: standard input: no properly formatted SHA1 checksum lines found

Binary checksum didn't match. Exiting

$ ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

x86_64

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli as /home/ubuntu/faas-cli

shasum: standard input: no properly formatted SHA1 checksum lines found

Binary checksum didn't match. Exiting

  • RPi:
$ sudo ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

armv7l

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli-armhf as /tmp/faas-cli-armhf

Download complete.

Running as root - Attemping to move faas-cli to /usr/local/bin

New version of faas-cli installed to /usr/local/bin

  ___                   _____           ____

 / _ \ _ __   ___ _ __ |  ___|_ _  __ _/ ___|

| | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \

| |_| | |_) |  __/ | | |  _| (_| | (_| |___) |

 \___/| .__/ \___|_| |_|_|  \__,_|\__,_|____/

      |_|

Commit: d33cb5cdc128b75fc7a9856c30fc0eded39fec1e

Version: 0.6.12

$ ./get.sh

You already have the faas-cli!

Overwriting in 1 seconds.. Press Control+C to cancel.

armv7l

Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli-armhf as /home/pi/tmp/faas-cli-armhf

Download complete.

=========================================================

==    As the script was run as a non-root user the     ==

==    following commands may need to be run manually   ==

=========================================================

  sudo cp faas-cli-armhf /usr/local/bin/faas-cli

  sudo ln -sf /usr/local/bin/faas-cli /usr/local/bin/faas

$ sudo ./get.sh

You already have the faas-cli!
Overwriting in 1 seconds.. Press Control+C to cancel.

armv7l
Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli-armhf as /tmp/faas-cli-armhf
shasum: standard input: no properly formatted SHA1 checksum lines found
Binary checksum didn't match. Exiting

$ ./get.sh

You already have the faas-cli!
Overwriting in 1 seconds.. Press Control+C to cancel.

armv7l
Downloading package https://github.com/openfaas/faas-cli/releases/download/0.6.12/faas-cli-armhf as /home/pi/tmp/faas-cli-armhf
shasum: standard input: no properly formatted SHA1 checksum lines found
Binary checksum didn't match. Exiting

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I've read the CONTRIBUTION guide
  • I have signed-off my commits with git commit -s
  • I have added tests to cover my changes.
  • All new and existing tests passed.

SHA256 checksum files were recently added to the releases page.  This change uses these
in order to check the received binary. A new function has been introduced called checkHash
which checks that shasum is available on the system and if it does goes on to test the
newly received binary against the checksum calculated at build time.  A subshell is invoked
within this function as shasum needs to be called in the same dir aas the binary and this location
can vary depending on the user context.  Using a subshell means the directory switching is transparent
to the user, who remains where they started regardless of the script outcome.

Signed-off-by: Richard Gee <[email protected]>
@alexellis alexellis merged commit e52c664 into openfaas:master Jul 3, 2018
@alexellis
Copy link
Member

@rgee0 this was released and deployed, but it won't work on Alpine Linux i.e. play-with-docker due to the lack of shasum, instead there they use sha256sum instead. Please could you see the approach taken in my PR for faas auto-auth? openfaas/faas#743

@rgee0
Copy link
Contributor Author

rgee0 commented Jul 7, 2018

Interestingly I started with sha256sum but was finding command not found on MacOS. Graceful degradation as per openfaas/faas#743 will fix that.

@alexellis
Copy link
Member

sha256sum is available on busybox/Alpine Linux i.e. play with Docker.

@alexellis
Copy link
Member

Derek set milestone: 0.6.14

@derek derek bot added this to the 0.6.14 milestone Jul 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants