diff --git a/images/ubuntu/scripts/build/install-actions-cache.sh b/images/ubuntu/scripts/build/install-actions-cache.sh index 1761c8a0b..3adfaa177 100644 --- a/images/ubuntu/scripts/build/install-actions-cache.sh +++ b/images/ubuntu/scripts/build/install-actions-cache.sh @@ -17,7 +17,7 @@ echo "Setting up ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE variable to ${ACTION_ARCHIV setEtcEnvironmentVariable "ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE" "${ACTION_ARCHIVE_CACHE_DIR}" # Download latest release from github.com/actions/action-versions and untar to /opt/actionarchivecache -downloadUrl=$(resolve_github_release_asset_url "actions/action-versions" "contains(\"action-versions.tar.gz\")" "latest") +downloadUrl=$(resolve_github_release_asset_url "actions/action-versions" "endswith(\"action-versions.tar.gz\")" "latest") archive_path=$(download_with_retry "$downloadUrl") tar -xzf "$archive_path" -C $ACTION_ARCHIVE_CACHE_DIR diff --git a/images/ubuntu/scripts/build/install-aliyun-cli.sh b/images/ubuntu/scripts/build/install-aliyun-cli.sh index 2603ae3d5..fd9414606 100644 --- a/images/ubuntu/scripts/build/install-aliyun-cli.sh +++ b/images/ubuntu/scripts/build/install-aliyun-cli.sh @@ -25,7 +25,7 @@ archive_path=$(download_with_retry "$download_url") if isUbuntu20; then external_hash=$(get_toolset_value '.aliyunCli.sha256') else - external_hash=$(get_hash_from_remote_file "$hash_url" "aliyun-cli-linux" "amd64.tgz") + external_hash=$(get_checksum_from_url "$hash_url" "aliyun-cli-linux.*amd64.tgz" "SHA256") fi use_checksum_comparison "$archive_path" "$external_hash" diff --git a/images/ubuntu/scripts/build/install-aws-tools.sh b/images/ubuntu/scripts/build/install-aws-tools.sh index be2980538..78b13d6b6 100644 --- a/images/ubuntu/scripts/build/install-aws-tools.sh +++ b/images/ubuntu/scripts/build/install-aws-tools.sh @@ -18,10 +18,11 @@ apt install "$smplugin_deb_path" # Download the latest aws sam cli release aws_sam_cli_archive_name="aws-sam-cli-linux-x86_64.zip" -aws_sam_cli_archive_path=$(download_with_retry "https://github.com/aws/aws-sam-cli/releases/latest/download/${aws_sam_cli_archive_name}") +sam_cli_download_url=$(resolve_github_release_asset_url "aws/aws-sam-cli" "endswith(\"$aws_sam_cli_archive_name\")" "latest") +aws_sam_cli_archive_path=$(download_with_retry "$sam_cli_download_url") # Supply chain security - AWS SAM CLI -aws_sam_cli_hash=$(get_github_package_hash "aws" "aws-sam-cli" "${aws_sam_cli_archive_name}.. ") +aws_sam_cli_hash=$(get_checksum_from_github_release "aws/aws-sam-cli" "${aws_sam_cli_archive_name}.. " "latest" "SHA256") use_checksum_comparison "$aws_sam_cli_archive_path" "$aws_sam_cli_hash" # Install the latest aws sam cli release diff --git a/images/ubuntu/scripts/build/install-cmake.sh b/images/ubuntu/scripts/build/install-cmake.sh index 373388bca..249f905e1 100644 --- a/images/ubuntu/scripts/build/install-cmake.sh +++ b/images/ubuntu/scripts/build/install-cmake.sh @@ -18,7 +18,7 @@ else curl -fsSL "${download_url}" -o cmakeinstall.sh # Supply chain security - CMake hash_url=$(resolve_github_release_asset_url "Kitware/CMake" "endswith(\"SHA-256.txt\")" "latest") - external_hash=$(get_hash_from_remote_file "$hash_url" "linux-x86_64.sh") + external_hash=$(get_checksum_from_url "$hash_url" "linux-x86_64.sh" "SHA256") use_checksum_comparison "cmakeinstall.sh" "$external_hash" # Install CMake and remove the install script chmod +x cmakeinstall.sh \ diff --git a/images/ubuntu/scripts/build/install-docker.sh b/images/ubuntu/scripts/build/install-docker.sh index 967dd3567..e03e4d520 100644 --- a/images/ubuntu/scripts/build/install-docker.sh +++ b/images/ubuntu/scripts/build/install-docker.sh @@ -19,11 +19,11 @@ apt-get update apt-get install --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin # Download docker compose v2 from releases -URL=$(resolve_github_release_asset_url "docker/compose" "contains(\"compose-linux-x86_64\")" "latest") +URL=$(resolve_github_release_asset_url "docker/compose" "endswith(\"compose-linux-x86_64\")" "latest") curl -fsSL "${URL}" -o /tmp/docker-compose # Supply chain security - Docker Compose v2 -compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "contains(\"checksums.txt\")" "latest") -compose_external_hash=$(get_hash_from_remote_file "${compose_hash_url}" "compose-linux-x86_64") +compose_hash_url=$(resolve_github_release_asset_url "docker/compose" "endswith(\"checksums.txt\")" "latest") +compose_external_hash=$(get_checksum_from_url "${compose_hash_url}" "compose-linux-x86_64" "SHA256") use_checksum_comparison "/tmp/docker-compose" "${compose_external_hash}" # Install docker compose v2 install /tmp/docker-compose /usr/libexec/docker/cli-plugins/docker-compose @@ -68,7 +68,7 @@ aws_latest_release_url="https://api.github.com/repos/awslabs/amazon-ecr-credenti aws_helper_url=$(curl "${authString[@]}" -fsSL "${aws_latest_release_url}" | jq -r '.body' | awk -F'[()]' '/linux-amd64/ {print $2}') aws_helper_binary_path=$(download_with_retry "$aws_helper_url") # Supply chain security - amazon-ecr-credential-helper -aws_helper_external_hash=$(get_hash_from_remote_file "${aws_helper_url}.sha256" "docker-credential-ecr-login") +aws_helper_external_hash=$(get_checksum_from_url "${aws_helper_url}.sha256" "docker-credential-ecr-login" "SHA256") use_checksum_comparison "$aws_helper_binary_path" "$aws_helper_external_hash" # Install amazon-ecr-credential-helper install "$aws_helper_binary_path" "/usr/bin/docker-credential-ecr-login" diff --git a/images/ubuntu/scripts/build/install-github-cli.sh b/images/ubuntu/scripts/build/install-github-cli.sh index dc14febaa..b38844756 100644 --- a/images/ubuntu/scripts/build/install-github-cli.sh +++ b/images/ubuntu/scripts/build/install-github-cli.sh @@ -10,11 +10,11 @@ source $HELPER_SCRIPTS/install.sh # Download GitHub CLI -gh_cli_url=$(resolve_github_release_asset_url "cli/cli" "contains(\"linux\") and contains(\"amd64\") and contains(\".deb\")" "latest") +gh_cli_url=$(resolve_github_release_asset_url "cli/cli" "contains(\"linux\") and contains(\"amd64\") and endswith(\".deb\")" "latest") gh_cli_deb_path=$(download_with_retry "$gh_cli_url") # Supply chain security - GitHub CLI -hash_url=$(resolve_github_release_asset_url "cli/cli" "contains(\"checksums.txt\")" "latest") -external_hash=$(get_hash_from_remote_file "$hash_url" "linux_amd64.deb") +hash_url=$(resolve_github_release_asset_url "cli/cli" "endswith(\"checksums.txt\")" "latest") +external_hash=$(get_checksum_from_url "$hash_url" "linux_amd64.deb" "SHA256") use_checksum_comparison "$gh_cli_deb_path" "$external_hash" # Install GitHub CLI apt install "$gh_cli_deb_path" diff --git a/images/ubuntu/scripts/build/install-kotlin.sh b/images/ubuntu/scripts/build/install-kotlin.sh index 3b144443a..2b7d2367e 100644 --- a/images/ubuntu/scripts/build/install-kotlin.sh +++ b/images/ubuntu/scripts/build/install-kotlin.sh @@ -8,11 +8,11 @@ source $HELPER_SCRIPTS/install.sh KOTLIN_ROOT="/usr/share" -download_url=$(resolve_github_release_asset_url "JetBrains/kotlin" "contains(\"kotlin-compiler\")" "latest") +download_url=$(resolve_github_release_asset_url "JetBrains/kotlin" "contains(\"kotlin-compiler\") and endswith(\".zip\")" "latest") archive_path=$(download_with_retry "$download_url") # Supply chain security - Kotlin -kotlin_hash=$(get_github_package_hash "JetBrains" "kotlin" "kotlin-compiler-.*\.zip" "" "latest" "false" "|" 3) +kotlin_hash=$(get_checksum_from_github_release "JetBrains/kotlin" "kotlin-compiler-.*\.zip" "latest" "SHA256") use_checksum_comparison "$archive_path" "$kotlin_hash" unzip -qq "$archive_path" -d $KOTLIN_ROOT diff --git a/images/ubuntu/scripts/build/install-kubernetes-tools.sh b/images/ubuntu/scripts/build/install-kubernetes-tools.sh index 03383065c..50c36bd11 100644 --- a/images/ubuntu/scripts/build/install-kubernetes-tools.sh +++ b/images/ubuntu/scripts/build/install-kubernetes-tools.sh @@ -9,10 +9,10 @@ source $HELPER_SCRIPTS/install.sh # Download KIND -kind_url=$(resolve_github_release_asset_url "kubernetes-sigs/kind" "contains(\"kind-linux-amd64\")" "latest") +kind_url=$(resolve_github_release_asset_url "kubernetes-sigs/kind" "endswith(\"kind-linux-amd64\")" "latest") curl -fsSL -o /tmp/kind "${kind_url}" # Supply chain security - KIND -kind_external_hash=$(get_hash_from_remote_file "${kind_url}.sha256sum" "kind-linux-amd64") +kind_external_hash=$(get_checksum_from_url "${kind_url}.sha256sum" "kind-linux-amd64" "SHA256") use_checksum_comparison "/tmp/kind" "${kind_external_hash}" # Install KIND sudo install /tmp/kind /usr/local/bin/kind @@ -30,7 +30,7 @@ curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 # Download minikube curl -fsSL -O https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 # Supply chain security - minikube -minikube_hash=$(get_github_package_hash "kubernetes" "minikube" "linux-amd64" "" "latest" "false" ":" 2) +minikube_hash=$(get_checksum_from_github_release "kubernetes/minikube" "linux-amd64" "latest" "SHA256") use_checksum_comparison "minikube-linux-amd64" "${minikube_hash}" # Install minikube sudo install minikube-linux-amd64 /usr/local/bin/minikube diff --git a/images/ubuntu/scripts/build/install-oras-cli.sh b/images/ubuntu/scripts/build/install-oras-cli.sh index 43cfefc93..cf0126705 100644 --- a/images/ubuntu/scripts/build/install-oras-cli.sh +++ b/images/ubuntu/scripts/build/install-oras-cli.sh @@ -14,8 +14,8 @@ download_url=$(resolve_github_release_asset_url "oras-project/oras" "endswith(\" archive_path=$(download_with_retry "$download_url") # Supply chain security - ORAS CLI -hash_url=$(resolve_github_release_asset_url "oras-project/oras" "contains(\"checksums.txt\")" "latest") -external_hash=$(get_hash_from_remote_file "${hash_url}" "linux_amd64.tar.gz") +hash_url=$(resolve_github_release_asset_url "oras-project/oras" "endswith(\"checksums.txt\")" "latest") +external_hash=$(get_checksum_from_url "${hash_url}" "linux_amd64.tar.gz" "SHA256") use_checksum_comparison "$archive_path" "${external_hash}" # Unzip ORAS CLI diff --git a/images/ubuntu/scripts/build/install-pulumi.sh b/images/ubuntu/scripts/build/install-pulumi.sh index 33d4d9533..9310466f7 100644 --- a/images/ubuntu/scripts/build/install-pulumi.sh +++ b/images/ubuntu/scripts/build/install-pulumi.sh @@ -14,7 +14,7 @@ download_url="https://get.pulumi.com/releases/sdk/pulumi-v${version}-linux-x64.t archive_path=$(download_with_retry "$download_url") # Supply chain security - Pulumi -external_hash=$(get_hash_from_remote_file "https://github.com/pulumi/pulumi/releases/download/v${version}/SHA512SUMS" "linux-x64.tar.gz") +external_hash=$(get_checksum_from_url "https://github.com/pulumi/pulumi/releases/download/v${version}/SHA512SUMS" "linux-x64.tar.gz" "SHA512") use_checksum_comparison "$archive_path" "$external_hash" "512" # Unzipping Pulumi diff --git a/images/ubuntu/scripts/build/install-runner-package.sh b/images/ubuntu/scripts/build/install-runner-package.sh index b18fdbc49..019689ee4 100644 --- a/images/ubuntu/scripts/build/install-runner-package.sh +++ b/images/ubuntu/scripts/build/install-runner-package.sh @@ -7,7 +7,7 @@ # Source the helpers for use with the script source $HELPER_SCRIPTS/install.sh -download_url=$(resolve_github_release_asset_url "actions/runner" 'test("actions-runner-linux-x64-[0-9]+\\.[0-9]{3}\\.[0-9]+\\.tar\\.gz")' "latest") +download_url=$(resolve_github_release_asset_url "actions/runner" 'test("actions-runner-linux-x64-[0-9]+\\.[0-9]{3}\\.[0-9]+\\.tar\\.gz$")' "latest") archive_name="${download_url##*/}" archive_path=$(download_with_retry "$download_url") diff --git a/images/ubuntu/scripts/build/install-selenium.sh b/images/ubuntu/scripts/build/install-selenium.sh index fa30d5e7d..1a18510fb 100644 --- a/images/ubuntu/scripts/build/install-selenium.sh +++ b/images/ubuntu/scripts/build/install-selenium.sh @@ -11,7 +11,7 @@ source $HELPER_SCRIPTS/etc-environment.sh SELENIUM_MAJOR_VERSION=$(get_toolset_value '.selenium.version') # Download Selenium server -SELENIUM_DOWNLOAD_URL=$(resolve_github_release_asset_url "SeleniumHQ/selenium" "contains(\"selenium-server-\") and endswith(\".jar\")" "$SELENIUM_MAJOR_VERSION\.*") +SELENIUM_DOWNLOAD_URL=$(resolve_github_release_asset_url "SeleniumHQ/selenium" "contains(\"selenium-server-\") and endswith(\".jar\")" "$SELENIUM_MAJOR_VERSION\.+" "" "true") SELENIUM_JAR_PATH=$(download_with_retry "$SELENIUM_DOWNLOAD_URL" "/usr/share/java/selenium-server.jar") # Create an epmty file to retrive selenium version diff --git a/images/ubuntu/scripts/build/install-yq.sh b/images/ubuntu/scripts/build/install-yq.sh index f4f26dce8..07a192651 100644 --- a/images/ubuntu/scripts/build/install-yq.sh +++ b/images/ubuntu/scripts/build/install-yq.sh @@ -13,7 +13,7 @@ base_url="https://github.com/mikefarah/yq/releases/latest/download" binary_path=$(download_with_retry "${base_url}/yq_linux_amd64") # Supply chain security - yq -external_hash=$(get_hash_from_remote_file "${base_url}/checksums" "yq_linux_amd64 " "" " " "19") +external_hash=$(get_checksum_from_url "${base_url}/checksums" "yq_linux_amd64 " "SHA256" "true" " " "19") use_checksum_comparison "$binary_path" "$external_hash" # Install yq diff --git a/images/ubuntu/scripts/build/install-zstd.sh b/images/ubuntu/scripts/build/install-zstd.sh index 5f4db375f..84d5932dd 100644 --- a/images/ubuntu/scripts/build/install-zstd.sh +++ b/images/ubuntu/scripts/build/install-zstd.sh @@ -15,7 +15,7 @@ download_url="https://github.com/facebook/zstd/releases/download/${release_tag}/ archive_path=$(download_with_retry "${download_url}") # Supply chain security - zstd -external_hash=$(get_hash_from_remote_file "${download_url}.sha256" "${release_name}.tar.gz") +external_hash=$(get_checksum_from_url "${download_url}.sha256" "${release_name}.tar.gz" "SHA256") use_checksum_comparison "$archive_path" "$external_hash" # Install zstd diff --git a/images/ubuntu/scripts/helpers/install.sh b/images/ubuntu/scripts/helpers/install.sh index 68df9f68d..40a0b8161 100644 --- a/images/ubuntu/scripts/helpers/install.sh +++ b/images/ubuntu/scripts/helpers/install.sh @@ -61,137 +61,171 @@ get_toolset_value() { echo "$(jq -r "$query" $toolset_path)" } -resolve_github_release_asset_url() { +get_github_releases_by_version() { local repo=$1 - local filter=$2 - local version=${3:-"*"} - local allow_pre_release=${4:-false} + local version=${2:-".+"} + local allow_pre_release=${3:-false} + local with_assets_only=${4:-false} page_size="100" json=$(curl -fsSL "https://api.github.com/repos/${repo}/releases?per_page=${page_size}") - if [[ $allow_pre_release == "true" ]]; then - json=$(echo $json | jq -r '.[] | select(.assets | length > 0)') - else - json=$(echo $json | jq -r '.[] | select((.prerelease==false) and (.assets | length > 0))') - fi - - if [[ $version == "latest" ]]; then - tag_name=$(echo $json | jq -r '.tag_name' | sort --unique --version-sort | egrep -v ".*-[a-z]|beta" | tail -n 1) - elif [[ $version == *"*"* ]]; then - tag_name=$(echo $json | jq -r '.tag_name' | sort --unique --version-sort | egrep -v ".*-[a-z]|beta" | egrep "${version}" | tail -n 1) - else - tag_names=$(echo $json | jq -r '.tag_name' | sort --unique --version-sort | egrep -v ".*-[a-z]|beta" | egrep "${version}") - - for element in $tag_names; do - semver=$(echo "$element" | awk 'match($0, /[0-9]+\.[0-9]+\.[0-9]+/) {print substr($0, RSTART, RLENGTH)}') - - if [[ $semver == $version ]]; then - tag_name=$element - fi - done - fi - - download_url=$(echo $json | jq -r ". | select(.tag_name==\"${tag_name}\").assets[].browser_download_url | select(${filter})" | head -n 1) - if [ -z "$download_url" ]; then - echo "Failed to parse a download url for the '${tag_name}' tag using '${filter}' filter" + if [[ -z "$json" ]]; then + echo "Failed to get releases" exit 1 fi - echo $download_url + if [[ $with_assets_only == "true" ]]; then + json=$(echo $json | jq -r '.[] | select(.assets | length > 0)') + else + json=$(echo $json | jq -r '.[]') + fi + + if [[ $allow_pre_release == "true" ]]; then + json=$(echo $json | jq -r '.') + else + json=$(echo $json | jq -r '. | select(.prerelease==false)') + fi + + # Filter out rc/beta/etc releases, convert to numeric version and sort + json=$(echo $json | jq '. | select(.tag_name | test(".*-[a-z]|beta") | not)' | jq '.tag_name |= gsub("[^\\d.]"; "")' | jq -s 'sort_by(.tag_name | split(".") | map(tonumber))') + + # Select releases matching version + if [[ $version == "latest" ]]; then + json_filtered=$(echo $json | jq .[-1]) + elif [[ $version == *"+"* ]] || [[ $version == *"*"* ]]; then + json_filtered=$(echo $json | jq --arg version $version '.[] | select(.tag_name | test($version))') + else + json_filtered=$(echo $json | jq --arg version $version '.[] | select(.tag_name | contains($version))') + fi + + if [[ -z "$json_filtered" ]]; then + echo "Failed to get releases from ${repo} matching version ${version}" + echo "Available versions: $(echo "$json" | jq -r '.tag_name')" + exit 1 + fi + + echo $json_filtered } -get_github_package_hash() { - local repo_owner=$1 - local repo_name=$2 - local file_name=$3 - local url=$4 - local version=${5:-"latest"} - local prerelease=${6:-false} - local delimiter=${7:-'|'} - local word_number=${8:-2} +resolve_github_release_asset_url() { + local repo=$1 + local url_filter=$2 + local version=${3:-".+"} + local allow_pre_release=${4:-false} + local allow_multiple_matches=${5:-false} + + matching_releases=$(get_github_releases_by_version "${repo}" "${version}" "${allow_pre_release}" "true") + matched_url=$(echo $matching_releases | jq -r ".assets[].browser_download_url | select(${url_filter})") + + if [[ -z "$matched_url" ]]; then + echo "Found no download urls matching pattern: ${url_filter}" + echo "Available download urls: $(echo "$matching_releases" | jq -r '.assets[].browser_download_url')" + exit 1 + fi + + if [[ "$(echo "$matched_url" | wc -l)" -gt 1 ]]; then + if [[ $allow_multiple_matches == "true" ]]; then + matched_url=$(echo "$matched_url" | tail -n 1) + else + echo "Multiple matches found for ${version} version and ${url_filter} URL filter. Please make filters more specific" + exit 1 + fi + fi + + echo $matched_url +} + +get_checksum_from_github_release() { + local repo=$1 + local file_name=$2 + local version=${3:-".+"} + local hash_type=$4 + local allow_pre_release=${5:-false} if [[ -z "$file_name" ]]; then echo "File name is not specified." exit 1 fi - if [[ -n "$url" ]]; then - release_url="$url" + if [[ "$hash_type" == "SHA256" ]]; then + hash_pattern="[A-Fa-f0-9]{64}" + elif [[ "$hash_type" == "SHA512" ]]; then + hash_pattern="[A-Fa-f0-9]{128}" else - if [ "$version" == "latest" ]; then - release_url="https://api.github.com/repos/${repo_owner}/${repo_name}/releases/latest" - else - json=$(curl -fsSL "https://api.github.com/repos/${repo_owner}/${repo_name}/releases?per_page=100") - tags=$(echo "$json" | jq -r --arg prerelease "$prerelease" '.[] | select(.prerelease == ($prerelease | test("true"; "i"))) | .tag_name') - tag=$(echo "$tags" | grep -o "$version") - if [[ "$(echo "$tag" | wc -l)" -gt 1 ]]; then - echo "Multiple tags found matching the version $version. Please specify a more specific version." - exit 1 - fi - if [[ -z "$tag" ]]; then - echo "Failed to get a tag name for version $version." - exit 1 - fi - release_url="https://api.github.com/repos/${repo_owner}/${repo_name}/releases/tags/$tag" - fi - fi - - body=$(curl -fsSL "$release_url" | jq -r '.body' | tr -d '`') - matching_line=$(echo "$body" | grep "$file_name") - if [[ "$(echo "$matching_line" | wc -l)" -gt 1 ]]; then - echo "Multiple lines found included the file $file_name. Please specify a more specific file name." - exit 1 - fi - if [[ -z "$matching_line" ]]; then - echo "File name '$file_name' not found in release body." + echo "Unknown hash type: ${hash_type}" exit 1 fi - result=$(echo "$matching_line" | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]') - if [[ -z "$result" ]]; then - echo "Empty result. Check parameters delimiter and/or word_number for the matching line." + matching_releases=$(get_github_releases_by_version "${repo}" "${version}" "${allow_pre_release}" "true") + matched_line=$(printf "$(echo $matching_releases | jq '.body')\n" | grep "$file_name") + + if [[ -z "$matched_line" ]]; then + echo "File name ${file_name} not found in release body" exit 1 fi - echo "$result" + if [[ "$(echo "$matched_line" | wc -l)" -gt 1 ]]; then + echo "Multiple matches found for ${file_name} in release body: ${matched_line}" + exit 1 + fi + + hash=$(echo $matched_line | grep -oP "$hash_pattern") + + if [[ -z "$hash" ]]; then + echo "Found ${file_name} in body of release, but failed to get hash from it: ${matched_line}" + exit 1 + fi + + echo "$hash" } -get_hash_from_remote_file() { +get_checksum_from_url() { local url=$1 - local keywords=("$2" "$3") - local delimiter=${4:-' '} - local word_number=${5:-1} + local file_name=$2 + local hash_type=$3 + local use_custom_search_pattern=${4:-false} + local delimiter=${5:-' '} + local word_number=${6:-1} - if [[ -z "${keywords[0]}" || -z "$url" ]]; then - echo "File name and/or URL is not specified." + if [[ "$hash_type" == "SHA256" ]]; then + hash_pattern="[A-Fa-f0-9]{64}" + elif [[ "$hash_type" == "SHA512" ]]; then + hash_pattern="[A-Fa-f0-9]{128}" + else + echo "Unknown hash type: ${hash_type}" exit 1 fi - matching_line=$(curl -fsSL "$url" | sed 's/ */ /g' | tr -d '`') - for keyword in "${keywords[@]}"; do - matching_line=$(echo "$matching_line" | grep "$keyword") - done + checksums_file_path=$(download_with_retry "$url") + checksums=$(cat "$checksums_file_path") + rm "$checksums_file_path" - if [[ "$(echo "$matching_line" | wc -l)" -gt 1 ]]; then - echo "Multiple lines found including the words: ${keywords[*]}. Please use a more specific filter." + matched_line=$(printf "$checksums\n" | grep "$file_name") + + if [[ "$(echo "$matched_line" | wc -l)" -gt 1 ]]; then + echo "Found multiple lines matching file name ${file_name} in checksum file." exit 1 fi - if [[ -z "$matching_line" ]]; then - echo "Keywords (${keywords[*]}) not found in the file with hashes." + if [[ -z "$matched_line" ]]; then + echo "File name ${file_name} not found in checksum file." exit 1 fi - result=$(echo "$matching_line" | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]') - if [[ ${#result} -ne 64 && ${#result} -ne 128 ]]; then - echo "Invalid result length. Expected 64 or 128 characters. Please check delimiter and/or word_number parameters." - echo "Result: $result" + if [[ $use_custom_search_pattern == "true" ]]; then + hash=$(echo "$matched_line" | sed 's/ */ /g' | cut -d "$delimiter" -f "$word_number" | tr -d -c '[:alnum:]') + else + hash=$(echo $matched_line | grep -oP "$hash_pattern") + fi + + if [[ -z "$hash" ]]; then + echo "Found ${file_name} in checksum file, but failed to get hash from it: ${matched_line}" exit 1 fi - echo "$result" + echo "$hash" } use_checksum_comparison() {