diff options
author | Adrian Cochrane <adrianc@catalyst.net.nz> | 2015-06-08 16:31:38 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2015-07-24 05:19:05 +0200 |
commit | c596ac60a568fdcace8e73e9649e91faf6cba0c8 (patch) | |
tree | b54e70ec31ad11cf6f3082c29af42b86775e9b97 /install_with_python.sh | |
parent | 509c37da1300b843e089dfcd6657e68fa8c8c746 (diff) | |
download | samba-c596ac60a568fdcace8e73e9649e91faf6cba0c8.tar.gz |
install_with_python: Secure Python download with sha256 checks.
Includes a fallback using md5sum and a refactor to ensure files are cleaned up on failure.
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 24 05:19:06 CEST 2015 on sn-devel-104
Diffstat (limited to 'install_with_python.sh')
-rwxr-xr-x | install_with_python.sh | 41 |
1 files changed, 30 insertions, 11 deletions
diff --git a/install_with_python.sh b/install_with_python.sh index e545ecc3223..9335cfe2be8 100755 --- a/install_with_python.sh +++ b/install_with_python.sh @@ -18,20 +18,39 @@ export LD_LIBRARY_PATH VERSION="Python-2.6.5" do_install_python() { - mkdir -p python_install || exit 1 - rsync -avz samba.org::ftp/tridge/python/$VERSION.tar python_install || exit 1 - cd python_install || exit 1; - rm -rf $VERSION || exit 1 - tar -xf $VERSION.tar || exit 1 - cd $VERSION || exit 1 - ./configure --prefix=$PREFIX/python --enable-shared --disable-ipv6 || exit 1 - make || exit 1 - make install || exit 1 - cd ../.. || exit 1 - rm -rf python_install || exit 1 + set -e + mkdir -p python_install + rsync -avz samba.org::ftp/tridge/python/$VERSION.tar python_install + cd python_install + rm -rf $VERSION + + # Verify that the download hasn't been corrupted + # This checks Python-2.6.5, while more hashes my be added later. + if command -v sha256sum + then + echo "2f1ec5e52d122bf1864529c1bbac7fe6afc10e3a083217b3a7bff5ded37efcc3 Python-2.6.5.tar" > checksums.sha256 + sha256sum --status -c checksums.sha256 + else + echo "c83cf77f32463c3949b85c94f661c090 Python-2.6.5.tar" > checksums.md5 + md5sum --status -c checksums.md5 + fi + + tar -xf $VERSION.tar + cd $VERSION + ./configure --prefix=$PREFIX/python --enable-shared --disable-ipv6 + make + make install + cd ../.. + rm -rf python_install +} + +cleanup_install_python() { + rm -rf python_install + exit 1 } if [ ! -d $PREFIX/python ]; then + trap "cleanup_install_python" 0 # needs to be installed do_install_python fi |