[ubuntu] Refactor functions for GitHub assets and hashes (#9040)

images/ubuntu/scripts/build/install-actions-cache.sh

@@ -17,7 +17,7 @@ echo "Setting up ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE variable to ${ACTION_ARCHIV
 setEtcEnvironmentVariable "ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE" "${ACTION_ARCHIVE_CACHE_DIR}"
 
 # Download latest release from github.com/actions/action-versions and untar to /opt/actionarchivecache
-downloadUrl=$(resolve_github_release_asset_url "actions/action-versions" "contains(\"action-versions.tar.gz\")" "latest")
+downloadUrl=$(resolve_github_release_asset_url "actions/action-versions" "endswith(\"action-versions.tar.gz\")" "latest")
 archive_path=$(download_with_retry "$downloadUrl")
 tar -xzf "$archive_path" -C $ACTION_ARCHIVE_CACHE_DIR
 

images/ubuntu/scripts/build/install-aliyun-cli.sh

@@ -25,7 +25,7 @@ archive_path=$(download_with_retry "$download_url")
 if isUbuntu20; then
     external_hash=$(get_toolset_value '.aliyunCli.sha256')
 else
-    external_hash=$(get_hash_from_remote_file "$hash_url" "aliyun-cli-linux" "amd64.tgz")
+    external_hash=$(get_checksum_from_url "$hash_url" "aliyun-cli-linux.*amd64.tgz" "SHA256")
 fi
 
 use_checksum_comparison "$archive_path" "$external_hash"

images/ubuntu/scripts/build/install-aws-tools.sh

@@ -18,10 +18,11 @@ apt install "$smplugin_deb_path"
 
 # Download the latest aws sam cli release
 aws_sam_cli_archive_name="aws-sam-cli-linux-x86_64.zip"
-aws_sam_cli_archive_path=$(download_with_retry "https://github.com/aws/aws-sam-cli/releases/latest/download/${aws_sam_cli_archive_name}")
+sam_cli_download_url=$(resolve_github_release_asset_url "aws/aws-sam-cli" "endswith(\"$aws_sam_cli_archive_name\")" "latest")
+aws_sam_cli_archive_path=$(download_with_retry "$sam_cli_download_url")
 
 # Supply chain security - AWS SAM CLI
-aws_sam_cli_hash=$(get_github_package_hash "aws" "aws-sam-cli" "${aws_sam_cli_archive_name}.. ")
+aws_sam_cli_hash=$(get_checksum_from_github_release "aws/aws-sam-cli" "${aws_sam_cli_archive_name}.. " "latest" "SHA256")
 use_checksum_comparison "$aws_sam_cli_archive_path" "$aws_sam_cli_hash"
 
 # Install the latest aws sam cli release

images/ubuntu/scripts/build/install-cmake.sh

@@ -18,7 +18,7 @@ else
 	curl -fsSL "${download_url}" -o cmakeinstall.sh
 	# Supply chain security - CMake
 	hash_url=$(resolve_github_release_asset_url "Kitware/CMake" "endswith(\"SHA-256.txt\")" "latest")
-	external_hash=$(get_hash_from_remote_file "$hash_url" "linux-x86_64.sh")
+	external_hash=$(get_checksum_from_url "$hash_url" "linux-x86_64.sh" "SHA256")
 	use_checksum_comparison "cmakeinstall.sh" "$external_hash"
 	# Install CMake and remove the install script
 	chmod +x cmakeinstall.sh \

images/ubuntu/scripts/build/install-docker.sh

@@ -19,11 +19,11 @@ apt-get update
 apt-get install --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin
 
 # Download docker compose v2 from releases
-URL=$(resolve_github_release_asset_url "docker/compose" "contains(\"compose-linux-x86_64\")" "latest")
+URL=$(resolve_github_release_asset_url "docker/compose" "endswith(\"compose-linux-x86_64\")" "latest")
 curl -fsSL "${URL}" -o /tmp/docker-compose
 # Supply chain security - Docker Compose v2
-compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "contains(\"checksums.txt\")" "latest")
-compose_external_hash=$(get_hash_from_remote_file "${compose_hash_url}" "compose-linux-x86_64")
+compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "endswith(\"checksums.txt\")" "latest")
+compose_external_hash=$(get_checksum_from_url "${compose_hash_url}" "compose-linux-x86_64" "SHA256")
 use_checksum_comparison "/tmp/docker-compose" "${compose_external_hash}"
 # Install docker compose v2
 install /tmp/docker-compose /usr/libexec/docker/cli-plugins/docker-compose
@@ -68,7 +68,7 @@ aws_latest_release_url="https://api.github.com/repos/awslabs/amazon-ecr-credenti
 aws_helper_url=$(curl "${authString[@]}" -fsSL "${aws_latest_release_url}" | jq -r '.body' | awk -F'[()]' '/linux-amd64/ {print $2}')
 aws_helper_binary_path=$(download_with_retry "$aws_helper_url")
 # Supply chain security - amazon-ecr-credential-helper
-aws_helper_external_hash=$(get_hash_from_remote_file "${aws_helper_url}.sha256" "docker-credential-ecr-login")
+aws_helper_external_hash=$(get_checksum_from_url "${aws_helper_url}.sha256" "docker-credential-ecr-login" "SHA256")
 use_checksum_comparison "$aws_helper_binary_path" "$aws_helper_external_hash"
 # Install amazon-ecr-credential-helper
 install "$aws_helper_binary_path" "/usr/bin/docker-credential-ecr-login"

images/ubuntu/scripts/build/install-github-cli.sh

@@ -10,11 +10,11 @@
 source $HELPER_SCRIPTS/install.sh
 
 # Download GitHub CLI
-gh_cli_url=$(resolve_github_release_asset_url "cli/cli" "contains(\"linux\") and contains(\"amd64\") and contains(\".deb\")" "latest")
+gh_cli_url=$(resolve_github_release_asset_url "cli/cli" "contains(\"linux\") and contains(\"amd64\") and endswith(\".deb\")" "latest")
 gh_cli_deb_path=$(download_with_retry "$gh_cli_url")
 # Supply chain security - GitHub CLI
-hash_url=$(resolve_github_release_asset_url "cli/cli" "contains(\"checksums.txt\")" "latest")
-external_hash=$(get_hash_from_remote_file "$hash_url" "linux_amd64.deb")
+hash_url=$(resolve_github_release_asset_url "cli/cli" "endswith(\"checksums.txt\")" "latest")
+external_hash=$(get_checksum_from_url "$hash_url" "linux_amd64.deb" "SHA256")
 use_checksum_comparison "$gh_cli_deb_path" "$external_hash"
 # Install GitHub CLI
 apt install "$gh_cli_deb_path"

images/ubuntu/scripts/build/install-kotlin.sh

@@ -8,11 +8,11 @@
 source $HELPER_SCRIPTS/install.sh
 
 KOTLIN_ROOT="/usr/share"
-download_url=$(resolve_github_release_asset_url "JetBrains/kotlin" "contains(\"kotlin-compiler\")" "latest")
+download_url=$(resolve_github_release_asset_url "JetBrains/kotlin" "contains(\"kotlin-compiler\") and endswith(\".zip\")" "latest")
 archive_path=$(download_with_retry "$download_url")
 
 # Supply chain security - Kotlin
-kotlin_hash=$(get_github_package_hash "JetBrains" "kotlin" "kotlin-compiler-.*\.zip" "" "latest" "false" "|" 3)
+kotlin_hash=$(get_checksum_from_github_release "JetBrains/kotlin" "kotlin-compiler-.*\.zip" "latest" "SHA256")
 use_checksum_comparison "$archive_path" "$kotlin_hash"
 
 unzip -qq "$archive_path" -d $KOTLIN_ROOT

images/ubuntu/scripts/build/install-kubernetes-tools.sh

@@ -9,10 +9,10 @@
 source $HELPER_SCRIPTS/install.sh
 
 # Download KIND
-kind_url=$(resolve_github_release_asset_url "kubernetes-sigs/kind" "contains(\"kind-linux-amd64\")" "latest")
+kind_url=$(resolve_github_release_asset_url "kubernetes-sigs/kind" "endswith(\"kind-linux-amd64\")" "latest")
 curl -fsSL -o /tmp/kind "${kind_url}"
 # Supply chain security - KIND
-kind_external_hash=$(get_hash_from_remote_file "${kind_url}.sha256sum" "kind-linux-amd64")
+kind_external_hash=$(get_checksum_from_url "${kind_url}.sha256sum" "kind-linux-amd64" "SHA256")
 use_checksum_comparison "/tmp/kind" "${kind_external_hash}"
 # Install KIND
 sudo install /tmp/kind /usr/local/bin/kind
@@ -30,7 +30,7 @@ curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
 # Download minikube
 curl -fsSL -O https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
 # Supply chain security - minikube
-minikube_hash=$(get_github_package_hash "kubernetes" "minikube" "linux-amd64" "" "latest" "false" ":" 2)
+minikube_hash=$(get_checksum_from_github_release "kubernetes/minikube" "linux-amd64" "latest" "SHA256")
 use_checksum_comparison "minikube-linux-amd64" "${minikube_hash}"
 # Install minikube
 sudo install minikube-linux-amd64 /usr/local/bin/minikube

images/ubuntu/scripts/build/install-oras-cli.sh

@@ -14,8 +14,8 @@ download_url=$(resolve_github_release_asset_url "oras-project/oras" "endswith(\"
 archive_path=$(download_with_retry "$download_url")
 
 # Supply chain security - ORAS CLI
-hash_url=$(resolve_github_release_asset_url "oras-project/oras" "contains(\"checksums.txt\")" "latest")
-external_hash=$(get_hash_from_remote_file "${hash_url}" "linux_amd64.tar.gz")
+hash_url=$(resolve_github_release_asset_url "oras-project/oras" "endswith(\"checksums.txt\")" "latest")
+external_hash=$(get_checksum_from_url "${hash_url}" "linux_amd64.tar.gz" "SHA256")
 use_checksum_comparison "$archive_path" "${external_hash}"
 
 # Unzip ORAS CLI

images/ubuntu/scripts/build/install-pulumi.sh

@@ -14,7 +14,7 @@ download_url="https://get.pulumi.com/releases/sdk/pulumi-v${version}-linux-x64.t
 archive_path=$(download_with_retry "$download_url")
 
 # Supply chain security - Pulumi
-external_hash=$(get_hash_from_remote_file "https://github.com/pulumi/pulumi/releases/download/v${version}/SHA512SUMS" "linux-x64.tar.gz")
+external_hash=$(get_checksum_from_url "https://github.com/pulumi/pulumi/releases/download/v${version}/SHA512SUMS" "linux-x64.tar.gz" "SHA512")
 use_checksum_comparison "$archive_path" "$external_hash" "512"
 
 # Unzipping Pulumi

images/ubuntu/scripts/build/install-runner-package.sh

@@ -7,7 +7,7 @@
 # Source the helpers for use with the script
 source $HELPER_SCRIPTS/install.sh
 
-download_url=$(resolve_github_release_asset_url "actions/runner" 'test("actions-runner-linux-x64-[0-9]+\\.[0-9]{3}\\.[0-9]+\\.tar\\.gz")' "latest")
+download_url=$(resolve_github_release_asset_url "actions/runner" 'test("actions-runner-linux-x64-[0-9]+\\.[0-9]{3}\\.[0-9]+\\.tar\\.gz$")' "latest")
 archive_name="${download_url##*/}"
 archive_path=$(download_with_retry "$download_url")
 

images/ubuntu/scripts/build/install-selenium.sh

@@ -11,7 +11,7 @@ source $HELPER_SCRIPTS/etc-environment.sh
 SELENIUM_MAJOR_VERSION=$(get_toolset_value '.selenium.version')
 
 # Download Selenium server
-SELENIUM_DOWNLOAD_URL=$(resolve_github_release_asset_url "SeleniumHQ/selenium" "contains(\"selenium-server-\") and endswith(\".jar\")" "$SELENIUM_MAJOR_VERSION\.*")
+SELENIUM_DOWNLOAD_URL=$(resolve_github_release_asset_url "SeleniumHQ/selenium" "contains(\"selenium-server-\") and endswith(\".jar\")" "$SELENIUM_MAJOR_VERSION\.+" "" "true")
 SELENIUM_JAR_PATH=$(download_with_retry "$SELENIUM_DOWNLOAD_URL" "/usr/share/java/selenium-server.jar")
 
 # Create an epmty file to retrive selenium version

images/ubuntu/scripts/build/install-yq.sh

@@ -13,7 +13,7 @@ base_url="https://github.com/mikefarah/yq/releases/latest/download"
 binary_path=$(download_with_retry "${base_url}/yq_linux_amd64")
 
 # Supply chain security - yq
-external_hash=$(get_hash_from_remote_file "${base_url}/checksums" "yq_linux_amd64 " "" " " "19")
+external_hash=$(get_checksum_from_url "${base_url}/checksums" "yq_linux_amd64 " "SHA256" "true" " " "19")
 use_checksum_comparison "$binary_path" "$external_hash"
 
 # Install yq

images/ubuntu/scripts/build/install-zstd.sh

@@ -15,7 +15,7 @@ download_url="https://github.com/facebook/zstd/releases/download/${release_tag}/
 archive_path=$(download_with_retry "${download_url}")
 
 # Supply chain security - zstd
-external_hash=$(get_hash_from_remote_file "${download_url}.sha256" "${release_name}.tar.gz")
+external_hash=$(get_checksum_from_url "${download_url}.sha256" "${release_name}.tar.gz" "SHA256")
 use_checksum_comparison "$archive_path" "$external_hash"
 
 # Install zstd

images/ubuntu/scripts/helpers/install.sh

@@ -61,137 +61,171 @@ get_toolset_value() {
     echo "$(jq -r "$query" $toolset_path)"
 }
 
-resolve_github_release_asset_url() {
+get_github_releases_by_version() {
     local repo=$1
-    local filter=$2
-    local version=${3:-"*"}
-    local allow_pre_release=${4:-false}
+    local version=${2:-".+"}
+    local allow_pre_release=${3:-false}
+    local with_assets_only=${4:-false}
 
     page_size="100"
 
     json=$(curl -fsSL "https://api.github.com/repos/${repo}/releases?per_page=${page_size}")
 
-    if [[ $allow_pre_release == "true" ]]; then
-        json=$(echo $json | jq -r '.[] | select(.assets | length > 0)')
-    else
-        json=$(echo $json | jq -r '.[] | select((.prerelease==false) and (.assets | length > 0))')
-    fi
-
-    if [[ $version == "latest" ]]; then
-        tag_name=$(echo $json | jq -r '.tag_name' | sort --unique --version-sort | egrep -v ".*-[a-z]|beta" | tail -n 1)
-    elif [[ $version == *"*"* ]]; then
-        tag_name=$(echo $json | jq -r '.tag_name' | sort --unique --version-sort | egrep -v ".*-[a-z]|beta" | egrep "${version}" | tail -n 1)
-    else
-        tag_names=$(echo $json | jq -r '.tag_name' | sort --unique --version-sort | egrep -v ".*-[a-z]|beta" | egrep "${version}")
-
-        for element in $tag_names; do
-            semver=$(echo "$element" | awk 'match($0, /[0-9]+\.[0-9]+\.[0-9]+/) {print substr($0, RSTART, RLENGTH)}')
-
-            if [[ $semver == $version ]]; then
-                tag_name=$element
-            fi
-        done
-    fi
-
-    download_url=$(echo $json | jq -r ". | select(.tag_name==\"${tag_name}\").assets[].browser_download_url | select(${filter})" | head -n 1)
-    if [ -z "$download_url" ]; then
-        echo "Failed to parse a download url for the '${tag_name}' tag using '${filter}' filter"
+    if [[ -z "$json" ]]; then
+        echo "Failed to get releases"
         exit 1
     fi
 
-    echo $download_url
+    if [[ $with_assets_only == "true" ]]; then
+        json=$(echo $json | jq -r '.[] | select(.assets | length > 0)')
+    else
+        json=$(echo $json | jq -r '.[]')
+    fi
+
+    if [[ $allow_pre_release == "true" ]]; then
+        json=$(echo $json | jq -r '.')
+    else
+        json=$(echo $json | jq -r '. | select(.prerelease==false)')
+    fi
+
+    # Filter out rc/beta/etc releases, convert to numeric version and sort
+    json=$(echo $json | jq '. | select(.tag_name | test(".*-[a-z]|beta") | not)' | jq '.tag_name |= gsub("[^\\d.]"; "")' | jq -s 'sort_by(.tag_name | split(".") | map(tonumber))')
+
+    # Select releases matching version
+    if [[ $version == "latest" ]]; then
+        json_filtered=$(echo $json | jq .[-1])
+    elif [[ $version == *"+"* ]] || [[ $version == *"*"* ]]; then
+        json_filtered=$(echo $json | jq --arg version $version '.[] | select(.tag_name | test($version))')
+    else
+        json_filtered=$(echo $json | jq --arg version $version '.[] | select(.tag_name | contains($version))')
+    fi
+
+    if [[ -z "$json_filtered" ]]; then
+        echo "Failed to get releases from ${repo} matching version ${version}"
+        echo "Available versions: $(echo "$json" | jq -r '.tag_name')"
+        exit 1
+    fi
+
+    echo $json_filtered
 }
 
-get_github_package_hash() {
-    local repo_owner=$1
-    local repo_name=$2
-    local file_name=$3
-    local url=$4
-    local version=${5:-"latest"}
-    local prerelease=${6:-false}
-    local delimiter=${7:-'|'}
-    local word_number=${8:-2}
+resolve_github_release_asset_url() {
+    local repo=$1
+    local url_filter=$2
+    local version=${3:-".+"}
+    local allow_pre_release=${4:-false}
+    local allow_multiple_matches=${5:-false}
+
+    matching_releases=$(get_github_releases_by_version "${repo}" "${version}" "${allow_pre_release}" "true")
+    matched_url=$(echo $matching_releases | jq -r ".assets[].browser_download_url | select(${url_filter})")
+
+    if [[ -z "$matched_url" ]]; then
+        echo "Found no download urls matching pattern: ${url_filter}"
+        echo "Available download urls: $(echo "$matching_releases" | jq -r '.assets[].browser_download_url')"
+        exit 1
+    fi
+
+    if [[ "$(echo "$matched_url" | wc -l)" -gt 1 ]]; then
+        if [[ $allow_multiple_matches == "true" ]]; then
+            matched_url=$(echo "$matched_url" | tail -n 1)
+        else
+            echo "Multiple matches found for ${version} version and ${url_filter} URL filter. Please make filters more specific"
+            exit 1
+        fi
+    fi
+
+    echo $matched_url
+}
+
+get_checksum_from_github_release() {
+    local repo=$1
+    local file_name=$2
+    local version=${3:-".+"}
+    local hash_type=$4
+    local allow_pre_release=${5:-false}
 
     if [[ -z "$file_name" ]]; then
         echo "File name is not specified."
         exit 1
     fi
 
-    if [[ -n "$url" ]]; then
-        release_url="$url"
+    if [[ "$hash_type" == "SHA256" ]]; then
+        hash_pattern="[A-Fa-f0-9]{64}"
+    elif [[ "$hash_type" == "SHA512" ]]; then
+        hash_pattern="[A-Fa-f0-9]{128}"
     else
-        if [ "$version" == "latest" ]; then
-            release_url="https://api.github.com/repos/${repo_owner}/${repo_name}/releases/latest"
-        else
-            json=$(curl -fsSL "https://api.github.com/repos/${repo_owner}/${repo_name}/releases?per_page=100")
-            tags=$(echo "$json" | jq -r --arg prerelease "$prerelease" '.[] | select(.prerelease == ($prerelease | test("true"; "i"))) | .tag_name')
-            tag=$(echo "$tags" | grep -o "$version")
-            if [[ "$(echo "$tag" | wc -l)" -gt 1 ]]; then
-                echo "Multiple tags found matching the version $version. Please specify a more specific version."
-                exit 1
-            fi
-            if [[ -z "$tag" ]]; then
-                echo "Failed to get a tag name for version $version."
-                exit 1
-            fi
-            release_url="https://api.github.com/repos/${repo_owner}/${repo_name}/releases/tags/$tag"
-        fi
-    fi
-
-    body=$(curl -fsSL "$release_url" | jq -r '.body' | tr -d '`')
-    matching_line=$(echo "$body" | grep "$file_name")
-    if [[ "$(echo "$matching_line" | wc -l)" -gt 1 ]]; then
-        echo "Multiple lines found included the file $file_name. Please specify a more specific file name."
-        exit 1
-    fi
-    if [[ -z "$matching_line" ]]; then
-        echo "File name '$file_name' not found in release body."
+        echo "Unknown hash type: ${hash_type}"
         exit 1
     fi
 
-    result=$(echo "$matching_line" | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]')
-    if [[ -z "$result" ]]; then
-        echo "Empty result. Check parameters delimiter and/or word_number for the matching line."
+    matching_releases=$(get_github_releases_by_version "${repo}" "${version}" "${allow_pre_release}" "true")
+    matched_line=$(printf "$(echo $matching_releases | jq '.body')\n" | grep "$file_name")
+
+    if [[ -z "$matched_line" ]]; then
+        echo "File name ${file_name} not found in release body"
         exit 1
     fi
 
-    echo "$result"
+    if [[ "$(echo "$matched_line" | wc -l)" -gt 1 ]]; then
+        echo "Multiple matches found for ${file_name} in release body: ${matched_line}"
+        exit 1
+    fi
+
+    hash=$(echo $matched_line | grep -oP "$hash_pattern")
+
+    if [[ -z "$hash" ]]; then
+        echo "Found ${file_name} in body of release, but failed to get hash from it: ${matched_line}"
+        exit 1
+    fi
+
+    echo "$hash"
 }
 
-get_hash_from_remote_file() {
+get_checksum_from_url() {
     local url=$1
-    local keywords=("$2" "$3")
-    local delimiter=${4:-' '}
-    local word_number=${5:-1}
+    local file_name=$2
+    local hash_type=$3
+    local use_custom_search_pattern=${4:-false}
+    local delimiter=${5:-' '}
+    local word_number=${6:-1}
 
-    if [[ -z "${keywords[0]}" || -z "$url" ]]; then
-        echo "File name and/or URL is not specified."
+    if [[ "$hash_type" == "SHA256" ]]; then
+        hash_pattern="[A-Fa-f0-9]{64}"
+    elif [[ "$hash_type" == "SHA512" ]]; then
+        hash_pattern="[A-Fa-f0-9]{128}"
+    else
+        echo "Unknown hash type: ${hash_type}"
         exit 1
     fi
 
-    matching_line=$(curl -fsSL "$url" | sed 's/  */ /g' | tr -d '`')
-    for keyword in "${keywords[@]}"; do
-        matching_line=$(echo "$matching_line" | grep "$keyword")
-    done
+    checksums_file_path=$(download_with_retry "$url")
+    checksums=$(cat "$checksums_file_path")
+    rm "$checksums_file_path"
 
-    if [[ "$(echo "$matching_line" | wc -l)" -gt 1 ]]; then
-        echo "Multiple lines found including the words: ${keywords[*]}. Please use a more specific filter."
+    matched_line=$(printf "$checksums\n" | grep "$file_name")
+
+    if [[ "$(echo "$matched_line" | wc -l)" -gt 1 ]]; then
+        echo "Found multiple lines matching file name ${file_name} in checksum file."
         exit 1
     fi
 
-    if [[ -z "$matching_line" ]]; then
-        echo "Keywords (${keywords[*]}) not found in the file with hashes."
+    if [[ -z "$matched_line" ]]; then
+        echo "File name ${file_name} not found in checksum file."
         exit 1
     fi
 
-    result=$(echo "$matching_line" | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]')
-    if [[ ${#result} -ne 64 && ${#result} -ne 128 ]]; then
-        echo "Invalid result length. Expected 64 or 128 characters. Please check delimiter and/or word_number parameters."
-        echo "Result: $result"
+    if [[ $use_custom_search_pattern == "true" ]]; then
+        hash=$(echo "$matched_line" | sed 's/  */ /g' | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]')
+    else
+        hash=$(echo $matched_line | grep -oP "$hash_pattern")
+    fi
+
+    if [[ -z "$hash" ]]; then
+        echo "Found ${file_name} in checksum file, but failed to get hash from it: ${matched_line}"
         exit 1
     fi
 
-    echo "$result"
+    echo "$hash"
 }
 
 use_checksum_comparison() {