actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2026-01-08 11:30:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

[windows] implement DotNETSDK checksum validation (#8355)

Browse Source
This commit is contained in:
ilia-shipitsin
2023-09-28 11:57:30 +02:00
committed by GitHub
parent 620e2c26b2
commit 8de4497f77
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
images/win/scripts/Installers/Install-DotnetSDK.ps1
View File

@@ -2,6 +2,7 @@
## File: Install-DotnetSDK.ps1 ## File: Install-DotnetSDK.ps1
## Desc: Install all released versions of the dotnet sdk and populate package ## Desc: Install all released versions of the dotnet sdk and populate package
## cache. Should run after VS and Node ## cache. Should run after VS and Node
## Supply chain security: checksum validation
################################################################################ ################################################################################
# Set environment variables # Set environment variables
@@ -52,13 +53,22 @@ function Invoke-Warmup (
function InstallSDKVersion ( function InstallSDKVersion (
$SdkVersion, $SdkVersion,
$dotnetVersion,
$Warmup $Warmup
) )
{ {
if (!(Test-Path -Path "C:\Program Files\dotnet\sdk\$sdkVersion")) if (!(Test-Path -Path "C:\Program Files\dotnet\sdk\$sdkVersion"))
{ {
Write-Host "Installing dotnet $sdkVersion" Write-Host "Installing dotnet $sdkVersion"
.\dotnet-install.ps1 -Version $sdkVersion -InstallDir $(Join-Path -Path $env:ProgramFiles -ChildPath 'dotnet') $ZipPath = [System.IO.Path]::combine([System.IO.Path]::GetTempPath(), [System.IO.Path]::GetRandomFileName())
.\dotnet-install.ps1 -Version $sdkVersion -InstallDir $(Join-Path -Path $env:ProgramFiles -ChildPath 'dotnet') -ZipPath $ZipPath -KeepZip
#region Supply chain security
$distributorFileHash = (Invoke-RestMethod -Uri "https://dotnetcli.blob.core.windows.net/dotnet/release-metadata/$dotnetVersion/releases.json").releases.sdks.Where({$_.version -eq $SdkVersion}).files.Where({ $_.name -eq 'dotnet-sdk-win-x64.zip'}).hash
$localFileHash = (Get-FileHash -Path $ZipPath -Algorithm 'SHA512').Hash
Use-ChecksumComparison -LocalFileHash $localFileHash -DistributorFileHash $distributorFileHash
#endregion
} }
else else
{ {
@@ -89,7 +99,7 @@ function InstallAllValidSdks()
ForEach ($sdkVersion in $sdkVersionsToInstall) ForEach ($sdkVersion in $sdkVersionsToInstall)
{ {
InstallSDKVersion -SdkVersion $sdkVersion -Warmup $warmup InstallSDKVersion -SdkVersion $sdkVersion -DotnetVersion $dotnetVersion -Warmup $warmup
} }
} }
} }