[Ubuntu] Add more checksum validations (#8660)

2026-01-06 18:17:26 +08:00 · 2023-11-02 15:40:32 +01:00
parent 3146c7010e
commit 53416cd923
9 changed files with 86 additions and 41 deletions
--- a/images/linux/scripts/installers/yq.sh
+++ b/images/linux/scripts/installers/yq.sh
@@ -2,13 +2,19 @@
 ################################################################################
 ##  File:  yq.sh
 ##  Desc:  Installs YQ
+##  Supply chain security: YQ - checksum validation
 ################################################################################

 # Source the helpers for use with the script
 source $HELPER_SCRIPTS/install.sh

-YQ_URL="https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64"
-download_with_retries "$YQ_URL" "/usr/bin" "yq"
-chmod +x /usr/bin/yq
+# Download YQ
+base_url="https://github.com/mikefarah/yq/releases/latest/download"
+download_with_retries "${base_url}/yq_linux_amd64" "/tmp" "yq"
+# Supply chain security - YQ
+external_hash=$(get_hash_from_remote_file "${base_url}/checksums" "yq_linux_amd64 " "" " " "19")
+use_checksum_comparison "/tmp/yq" "${external_hash}"
+# Install YQ
+sudo install /tmp/yq /usr/bin/yq

 invoke_tests "Tools" "yq"