mshillam
/
nvm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add GnuPG (gpg) verification of checksum file 

This is an acknowledged partial implementation: to finalize it I'm
waiting for #664 to be merged. All comments are welcome still.

It's partial because it's only done for Node.js recent archives. But it
may still be useful. At least it works for me :-)
This commit is contained in:
Marc-Aurèle DARCHE 2015-04-19 21:55:29 +02:00
parent 64c88ce62e
commit 320c2403bc
1 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
nvm.sh
View File

@ -700,20 +700,24 @@ nvm_ls_remote_iojs() {
echo "$VERSIONS" echo "$VERSIONS"
} }
nvm_checksum() { nvm_checksig() {
local NVM_CHECKSUM if nvm_has 'gpg'; then
if nvm_has "sha1sum" && ! nvm_is_alias "sha1sum"; then if ! LC_ALL=C gpg --verify $1; then
NVM_CHECKSUM="$(command sha1sum "$1" | command awk '{print $1}')" return 1
elif nvm_has "sha1" && ! nvm_is_alias "sha1"; then fi
NVM_CHECKSUM="$(command sha1 -q "$1")" else
elif nvm_has "shasum" && ! nvm_is_alias "shasum"; then echo "You should install GnuPG to verify the authenticity of the archives to download: https://www.gnupg.org/" >&2
NVM_CHECKSUM="$(shasum "$1" | command awk '{print $1}')" fi
else }
echo "Unaliased sha1sum, sha1, or shasum not found." >&2
return 2
fi
if [ "_$NVM_CHECKSUM" = "_$2" ]; then nvm_checksum() {
local tmptarball_path=$1
local archive_name=$2
local sum_file_path=$3
local SUM=$(command grep $archive_name $sum_file_path | command awk '{print $1}')
local NVM_CHECKSUM="$(command sha256sum "$tmptarball_path" | command awk '{print $1}')"
if [ "_$NVM_CHECKSUM" = "_$SUM" ]; then
return return
elif [ -z "$2" ]; then elif [ -z "$2" ]; then
echo 'Checksums empty' #missing in raspberry pi binary echo 'Checksums empty' #missing in raspberry pi binary
@ -977,18 +981,22 @@ nvm_install_node_binary() {
NVM_ARCH="arm-pi" NVM_ARCH="arm-pi"
fi fi
t="$VERSION-$NVM_OS-$NVM_ARCH" t="$VERSION-$NVM_OS-$NVM_ARCH"
url="$NVM_NODEJS_ORG_MIRROR/$VERSION/node-${t}.tar.gz"
sum=`nvm_download -L -s $NVM_NODEJS_ORG_MIRROR/$VERSION/SHASUMS.txt -o - | command grep node-${t}.tar.gz | command awk '{print $1}'`
local tmpdir local tmpdir
tmpdir="$NVM_DIR/bin/node-${t}" tmpdir="$NVM_DIR/bin/node-${t}"
command mkdir -p "$tmpdir"
archive_name=node-${t}.tar.gz
url="$NVM_NODEJS_ORG_MIRROR/$VERSION/$archive_name"
sum_file_name=SHASUMS256.txt.asc
sum_file_url="$NVM_NODEJS_ORG_MIRROR/$VERSION/$sum_file_name"
sum_file_path="$tmpdir/$sum_file_name"
local tmptarball local tmptarball
tmptarball="$tmpdir/node-${t}.tar.gz" tmptarball="$tmpdir/node-${t}.tar.gz"
if ( if (
command mkdir -p "$tmpdir" && \ nvm_download -L -s --progress-bar $sum_file_url -o "$sum_file_path" && \
nvm_checksig $sum_file_path && \
nvm_download -L -C - --progress-bar $url -o "$tmptarball" && \ nvm_download -L -C - --progress-bar $url -o "$tmptarball" && \
nvm_checksum "$tmptarball" $sum && \ nvm_checksum "$tmptarball" $archive_name $sum_file_path && \
command tar -xzf "$tmptarball" -C "$tmpdir" --strip-components 1 && \ command tar -xzf "$tmptarball" -C "$tmpdir" --strip-components 1 && \
command rm -f "$tmptarball" && \
command mkdir -p "$VERSION_PATH" && \ command mkdir -p "$VERSION_PATH" && \
command mv "$tmpdir"/* "$VERSION_PATH" command mv "$tmpdir"/* "$VERSION_PATH"
); then ); then