From e1ac652396a578559eb8a2541225746a6f2fcbfa Mon Sep 17 00:00:00 2001 From: Erik Bershel <110455084+erik-bershel@users.noreply.github.com> Date: Fri, 22 Sep 2023 11:26:00 +0200 Subject: [PATCH] [Windows] Add checksum verification for Kotlin (#8318) --- images/win/scripts/Installers/Install-Kotlin.ps1 | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/images/win/scripts/Installers/Install-Kotlin.ps1 b/images/win/scripts/Installers/Install-Kotlin.ps1 index 09009433..b5084fd5 100644 --- a/images/win/scripts/Installers/Install-Kotlin.ps1 +++ b/images/win/scripts/Installers/Install-Kotlin.ps1 @@ -1,6 +1,7 @@ ################################################################################ ## File: Install-Kotlin.ps1 ## Desc: Install Kotlin +## Supply chain security: Kotlin - checksum validation ################################################################################ # Install Kotlin @@ -10,6 +11,12 @@ $kotlinBinaryName = (Get-ToolsetContent).kotlin.binary_name $kotlinDownloadUrl = Get-GitHubPackageDownloadUrl -RepoOwner "JetBrains" -RepoName "kotlin" -BinaryName $kotlinBinaryName -Version $kotlinVersion -UrlFilter "*{BinaryName}-{Version}.zip" $kotlinInstallerPath = Start-DownloadWithRetry -Url $kotlinDownloadUrl -Name "$kotlinBinaryName.zip" +#region Supply chain security +$fileHash = (Get-FileHash -Path $kotlinInstallerPath -Algorithm SHA256).Hash +$externalHash = Get-HashFromGitHubReleaseBody -RepoOwner "JetBrains" -RepoName "kotlin" -FileName "$kotlinBinaryName" -Version $kotlinVersion -WordNumber 2 +Use-ChecksumComparison $fileHash $externalHash +#endregion + Write-Host "Expand Kotlin archive" $kotlinPath = "C:\tools" Extract-7Zip -Path $kotlinInstallerPath -DestinationPath $kotlinPath @@ -17,4 +24,4 @@ Extract-7Zip -Path $kotlinInstallerPath -DestinationPath $kotlinPath # Add to PATH Add-MachinePathItem "$kotlinPath\kotlinc\bin" -Invoke-PesterTests -TestFile "Tools" -TestName "Kotlin" \ No newline at end of file +Invoke-PesterTests -TestFile "Tools" -TestName "Kotlin"