actions/runner-images-sangeeth
1
0
Fork 0
mirror of https://github.com/actions/runner-images-sangeeth.git synced 2025-12-20 06:29:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Windows] Add checksum validation for JDKs (#8404)

Browse Source
This commit is contained in:
Erik Bershel
2023-10-04 14:59:44 +02:00
committed by GitHub
parent ae487529f3
commit e1bcc61827
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
images/win/scripts/Installers/Install-JavaTools.ps1
View File

@@ -1,6 +1,7 @@
################################################################################ ################################################################################
## File: Install-JavaTools.ps1 ## File: Install-JavaTools.ps1
## Desc: Install various JDKs and java tools ## Desc: Install various JDKs and java tools
## Supply chain security: JDK - checksum validation
################################################################################ ################################################################################
function Set-JavaPath { function Set-JavaPath {
@@ -64,6 +65,12 @@ function Install-JavaJDK {
$downloadUrl = $asset.binary.package.link $downloadUrl = $asset.binary.package.link
$archivePath = Start-DownloadWithRetry -Url $downloadUrl -Name $([IO.Path]::GetFileName($downloadUrl)) $archivePath = Start-DownloadWithRetry -Url $downloadUrl -Name $([IO.Path]::GetFileName($downloadUrl))
#region Supply chain security - JDK
$fileHash = (Get-FileHash -Path $archivePath -Algorithm SHA256).Hash
$externalHash = $asset.binary.package.checksum
Use-ChecksumComparison $fileHash $externalHash
#endregion
# We have to replace '+' sign in the version to '-' due to the issue with incorrect path in Android builds https://github.com/actions/runner-images/issues/3014 # We have to replace '+' sign in the version to '-' due to the issue with incorrect path in Android builds https://github.com/actions/runner-images/issues/3014
$fullJavaVersion = $asset.version.semver -replace '\+', '-' $fullJavaVersion = $asset.version.semver -replace '\+', '-'
# Create directories in toolcache path # Create directories in toolcache path