actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2025-12-20 06:35:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

[windows] implement PyPy checksum validation (#8338)

Browse Source
This commit is contained in:
ilia-shipitsin
2023-09-29 12:14:12 +02:00
committed by GitHub
parent b427c0b2b3
commit fca7da3969
1 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
images/win/scripts/Installers/Install-PyPy.ps1
View File

@@ -2,6 +2,7 @@
## File: Install-PyPy.ps1 ## File: Install-PyPy.ps1
## Team: CI-Build ## Team: CI-Build
## Desc: Install PyPy ## Desc: Install PyPy
## Supply chain security: checksum validation
################################################################################ ################################################################################
function Install-PyPy function Install-PyPy
{ {
@@ -82,6 +83,11 @@ $toolsetVersions = Get-ToolsetContent | Select-Object -ExpandProperty toolcache
# Get PyPy releases # Get PyPy releases
$pypyVersions = Invoke-RestMethod https://downloads.python.org/pypy/versions.json $pypyVersions = Invoke-RestMethod https://downloads.python.org/pypy/versions.json
# required for html parsing
Install-Module PowerHTML -Scope CurrentUser
Import-Module PowerHTML
$checksums = (Invoke-RestMethod -Uri 'https://www.pypy.org/checksums.html' | ConvertFrom-HTML).SelectNodes('//*[@id="content"]/article/div/pre')
Write-Host "Starting installation PyPy..." Write-Host "Starting installation PyPy..."
foreach($toolsetVersion in $toolsetVersions.versions) foreach($toolsetVersion in $toolsetVersions.versions)
{ {
@@ -93,8 +99,23 @@ foreach($toolsetVersion in $toolsetVersions.versions)
if ($latestMajorPyPyVersion) if ($latestMajorPyPyVersion)
{ {
Write-Host "Found PyPy '$($latestMajorPyPyVersion.filename)' package" $filename = $latestMajorPyPyVersion.filename
$tempPyPyPackagePath = Start-DownloadWithRetry -Url $latestMajorPyPyVersion.download_url -Name $latestMajorPyPyVersion.filename Write-Host "Found PyPy '$filename' package"
$tempPyPyPackagePath = Start-DownloadWithRetry -Url $latestMajorPyPyVersion.download_url -Name $filename
#region Supply chain security
$localFileHash = (Get-FileHash -Path $tempPyPyPackagePath -Algorithm SHA256).Hash
$distributorFileHash = $null
ForEach($node in $checksums) {
if($node.InnerText -ilike "*${filename}*") {
$distributorFileHash = $node.InnerText.ToString().Split("`n").Where({ $_ -ilike "*${filename}*" }).Split(' ')[0]
}
}
Use-ChecksumComparison -LocalFileHash $localFileHash -DistributorFileHash $distributorFileHash
#endregion
Install-PyPy -PackagePath $tempPyPyPackagePath -Architecture $toolsetVersions.arch Install-PyPy -PackagePath $tempPyPyPackagePath -Architecture $toolsetVersions.arch
} }
else else