diff options
| author | Simon Brulhart | 2018-01-29 08:49:11 +0100 |
|---|---|---|
| committer | Simon Brulhart | 2018-01-29 08:50:50 +0100 |
| commit | 37628217f89933f818ac349b2746df293a5ae4ac (patch) | |
| tree | 8e52c100188063e1356f1fd48023a820246a0d9c /ff-downloader.pl | |
| parent | d12d83897792a2e94c2fb7e4029f3b0194d6b173 (diff) | |
| download | aur-37628217f89933f818ac349b2746df293a5ae4ac.tar.gz | |
Revert "Remove integrity check"
Checksums are there again.
This reverts commit 8b2816b05696d3acb8506106471aa9c44ac15299.
Diffstat (limited to 'ff-downloader.pl')
| -rw-r--r--[-rwxr-xr-x] | ff-downloader.pl | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/ff-downloader.pl b/ff-downloader.pl index c24412eeaf9e..3992ceba6082 100755..100644 --- a/ff-downloader.pl +++ b/ff-downloader.pl @@ -239,11 +239,50 @@ if (!$BUILD) { my $ff_destname = "firefox-${FULLVER}.tar.bz2"; my $ff_bz2 = "firefox-${VER}.tar.bz2"; if (! -e $ff_destname) { - my $ff_url = URI->new('https://releases.mozilla.org'); + # Use HTTP because it downloads much faster in practice. + # This is not a security issue because checksums are downloaded via HTTPS. + my $ff_url = URI->new('http://releases.mozilla.org'); my $ff_path = "${ff_basepath}/linux-${ARCH}/${LANG}/${ff_bz2}"; $ff_url->path($ff_path); get_url( $ff_url, $ff_destname ) or die qq(:: ERROR - can't download $ff_destname\n); } else { say qq{:: "$ff_destname" already present in the filesystem, skip download} } -say 'DONE'; + +##downloading sha512sums## +my $checksums_fname = "firefox-${FULLVER}-SHA512SUMS"; +if (! -e $checksums_fname) { + my $ff_url = URI->new('https://releases.mozilla.org'); + $ff_url->path("${ff_basepath}/SHA512SUMS"); + get_url( $ff_url, $checksums_fname ) or die qq(:: ERROR - can't download $checksums_fname\n); +} else { + say qq{:: "$checksums_fname" already present in the filesystem, skip download} +} + +## calculating & comparing sha512 digest +say ':: verifying sha512 checksum ... '; + +my @sha512_file = read_file($checksums_fname); +my $search_string = "linux-${ARCH}/${LANG}/${ff_bz2}"; +my $sha512s; +for (@sha512_file) +{ + if ($_ =~ /([a-z0-9]+)\s{2}[\.\/]*$search_string/) + { + $sha512s= $1; + last; + } +} +$sha512s or die qq{:: ERROR - can't find a valid SHA512 checksum in file "$checksums_fname"!}; + +open(FILE, $ff_destname) or die qq{:: ERROR - can't open "$ff_destname": $!}; +binmode(FILE); +my $digest = Digest::SHA->new(512)->addfile(*FILE)->hexdigest; +close(FILE); + +if ( $digest eq $sha512s ) { + say 'DONE'; +} else { + say qq{:: ERROR - checksum does not match. Try to delete "$ff_destname" and start again.}; + exit 1; +} |