Skip to content

Commit 2eaa7c0

Browse files
anphel31anphel31
authored
[2.0] add msopenjdk rpm hash verification (#12523)
1 parent 71a0307 commit 2eaa7c0

1 file changed

Lines changed: 16 additions & 11 deletions

File tree

toolkit/scripts/toolchain/build_official_toolchain_rpms.sh

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -338,6 +338,22 @@ start_record_timestamp "build packages"
338338
start_record_timestamp "build packages/build"
339339
start_record_timestamp "build packages/install"
340340

341+
# Download JDK rpm
342+
echo "Downloading MsOpenJDK rpm"
343+
MSOPENJDK_FILENAME="msopenjdk-11-11.0.18-1.$(uname -m).rpm"
344+
MSOPENJDK_URL="https://packages.microsoft.com/cbl-mariner/2.0/prod/Microsoft/$(uname -m)/$MSOPENJDK_FILENAME"
345+
case $(uname -m) in
346+
x86_64) MSOPENJDK_EXPECTED_HASH="556ffa796970d913e4dc7ed6b28a0ac6e9dab5b8eae6063f1f060b2819857957" ;;
347+
aarch64) MSOPENJDK_EXPECTED_HASH="535bce10952ae9421ee7d9ccdcb6430f683f7448633430e3ff7d6ca8c586f0bc" ;;
348+
esac
349+
wget -nv --server-response --no-clobber --timeout=30 --tries=3 --waitretry=10 --retry-connrefused $MSOPENJDK_URL --directory-prefix=$CHROOT_RPMS_DIR_ARCH
350+
MSOPENJDK_ACTUAL_HASH=$(sha256sum "$CHROOT_RPMS_DIR_ARCH/$MSOPENJDK_FILENAME" | awk '{print $1}')
351+
if [[ "$MSOPENJDK_EXPECTED_HASH" != "$MSOPENJDK_ACTUAL_HASH" ]]; then
352+
echo "Error, incorrect msopenjdk hash: '$MSOPENJDK_ACTUAL_HASH'. Expected hash: '$MSOPENJDK_EXPECTED_HASH'"
353+
rm -vf "$CHROOT_RPMS_DIR_ARCH/$MSOPENJDK_FILENAME"
354+
exit 1
355+
fi
356+
341357
echo Building final list of toolchain RPMs
342358
build_rpm_in_chroot_no_install mariner-rpm-macros
343359
chroot_and_install_rpms mariner-rpm-macros
@@ -452,17 +468,6 @@ chroot_and_install_rpms python3 python3
452468
build_rpm_in_chroot_no_install libxml2
453469
chroot_and_install_rpms libxml2
454470

455-
# Download JDK rpms
456-
echo Download JDK rpms
457-
case $(uname -m) in
458-
x86_64)
459-
wget -nv --no-clobber --timeout=30 https://packages.microsoft.com/cbl-mariner/2.0/prod/Microsoft/x86_64/msopenjdk-11-11.0.18-1.x86_64.rpm --directory-prefix=$CHROOT_RPMS_DIR_ARCH
460-
;;
461-
aarch64)
462-
wget -nv --no-clobber --timeout=30 https://packages.microsoft.com/cbl-mariner/2.0/prod/Microsoft/aarch64/msopenjdk-11-11.0.18-1.aarch64.rpm --directory-prefix=$CHROOT_RPMS_DIR_ARCH
463-
;;
464-
esac
465-
466471
# PCRE needs to be installed (above) for grep to build with perl regexp support
467472
build_rpm_in_chroot_no_install grep
468473

0 commit comments

Comments
 (0)