Meta: Add support for verifying downloaded files with their SHA-256 hash

This commit is contained in:
Timothy Flynn 2024-05-23 12:04:02 -04:00 committed by Tim Flynn
commit ec63f442f9
Notes: sideshowbarker 2024-07-18 00:34:07 +09:00
3 changed files with 50 additions and 10 deletions

View file

@ -8,6 +8,7 @@ It's intended to be used for files that are cached between runs.
"""
import argparse
import hashlib
import os
import pathlib
import shutil
@ -16,10 +17,24 @@ import tempfile
import urllib.request
def compute_sha256(path):
sha256 = hashlib.sha256()
with open(path, 'rb') as file:
while True:
data = file.read(256 << 10)
if not data:
break
sha256.update(data)
return sha256.hexdigest()
def main():
parser = argparse.ArgumentParser(
epilog=__doc__,
formatter_class=argparse.RawDescriptionHelpFormatter)
epilog=__doc__,
formatter_class=argparse.RawDescriptionHelpFormatter)
parser.add_argument('url', help='input url')
parser.add_argument('-o', '--output', required=True,
help='output file')
@ -29,6 +44,8 @@ def main():
help='filesystem location to cache version')
parser.add_argument('-c', "--cache-path", required=False,
help='path for cached files to clear on version mismatch')
parser.add_argument('-s', "--sha256", required=False,
help='expected SHA-256 hash of the downloaded file')
args = parser.parse_args()
version_from_file = ''
@ -41,23 +58,30 @@ def main():
return 0
# Fresh build or version mismatch, delete old cache
if (args.cache_path):
if args.cache_path:
cache_path = pathlib.Path(args.cache_path)
shutil.rmtree(cache_path, ignore_errors=True)
cache_path.mkdir(parents=True)
print(f"Downloading version {args.version} of {args.output}...", end='')
output_file = pathlib.Path(args.output)
print(f"Downloading file {output_file} from {args.url}")
with urllib.request.urlopen(args.url) as f:
try:
with tempfile.NamedTemporaryFile(delete=False,
dir=pathlib.Path(args.output).parent) as out:
with tempfile.NamedTemporaryFile(delete=False, dir=output_file.parent) as out:
out.write(f.read())
os.rename(out.name, args.output)
os.rename(out.name, output_file)
except IOError:
os.unlink(out.name)
print("done")
if args.sha256:
actual_sha256 = compute_sha256(output_file)
if args.sha256 != actual_sha256:
print(f"SHA-256 mismatch for downloaded file {output_file}")
print(f"Expected: {args.sha256}")
print(f"Actual: {actual_sha256}")
return 1
with open(version_file, 'w') as f:
f.write(args.version)