Install scripts should always fetch and verify checksums. #2824
Conversation
mitchell-as
commented
Oct 17, 2023
•
mitchell-as
commented
 DX-2266 Install.ps1 and install.sh should ALWAYS verify the checksum
|
mitchell-as
force-pushed
the
mitchell/dx-2266
branch
2 times, most recently
from
9a17939 to
2826ad1
Compare
mitchell-as
force-pushed
the
mitchell/dx-2266
branch
from
2826ad1 to
697cfa9
Compare
|
Test failures are not due to this PR. They are due to existing, known issues and the usual timeouts. |
| # Fetch version info. | ||
| try { | ||
| $infoJson = ConvertFrom-Json -InputObject (download $jsonURL) | ||
| } catch [System.Exception] { |
There was a problem hiding this comment.
I think we should report what the exception was, otherwise debugging will be painful.
There was a problem hiding this comment.
Exceptions are output to stdout, so there's no need for additional work. I tested this and it's pretty clear what the issue is (e.g. network unreachable). Or do you mean reported to us via rollbar or something?
installers/install.sh
Outdated
| RELURL="$CHANNEL/$VERSIONNOSHA/$OS-amd64/state-$OS-amd64-$VERSION$DOWNLOADEXT" | ||
| fi | ||
|
|
||
| rm $INSTALLERTMPDIR/info.json |
There was a problem hiding this comment.
| VERSIONNOSHA="`echo $VERSION | sed 's/-SHA.*$//'`" | ||
| JSONURL="$BASE_INFO_URL?channel=$CHANNEL&source=install&platform=$OS&target-version=$VERSIONNOSHA" |
There was a problem hiding this comment.
This means that we basically ignore the SHA part. I think we should at least verify that the returned info matches the SHA in this scenario.
| $versionNoSHA = $version -replace "-SHA.*", "" | ||
| $jsonURL = "$script:BASEINFOURL/?channel=$script:CHANNEL&platform=windows&source=install&target-version=$versionNoSHA" |
There was a problem hiding this comment.
This means that we basically ignore the SHA part. I think we should at least verify that the returned info matches the SHA in this scenario.
