install_with_python: Secure Python download with sha256 checks.

Includes a fallback using md5sum and a refactor to ensure files are cleaned up on failure. Signed-off-by: Adrian Cochrane <[email protected]> Reviewed-by: Andrew Bartlett <[email protected]> Reviewed-by: Martin Schwenke <[email protected]> Autobuild-User(master): Andrew Bartlett <[email protected]> Autobuild-Date(master): Fri Jul 24 05:19:06 CEST 2015 on sn-devel-104
joankaradimov · Jul 24, 2015 · c596ac6 · c596ac6
1 parent 509c37d
commit c596ac6
Showing 1 changed file with 30 additions and 11 deletions.
diff --git a/install_with_python.sh b/install_with_python.sh
@@ -18,20 +18,39 @@ export LD_LIBRARY_PATH
 VERSION="Python-2.6.5"
 
 do_install_python() {
-       mkdir -p python_install || exit 1
-       rsync -avz samba.org::ftp/tridge/python/$VERSION.tar python_install || exit 1
-       cd python_install || exit 1;
-       rm -rf $VERSION || exit 1
-       tar -xf $VERSION.tar || exit 1
-       cd $VERSION || exit 1
-       ./configure --prefix=$PREFIX/python --enable-shared --disable-ipv6 || exit 1
-       make || exit 1
-       make install || exit 1
-       cd ../.. || exit 1
-       rm -rf python_install || exit 1
+       set -e
+       mkdir -p python_install
+       rsync -avz samba.org::ftp/tridge/python/$VERSION.tar python_install
+       cd python_install
+       rm -rf $VERSION
+
+       # Verify that the download hasn't been corrupted
+       # This checks Python-2.6.5, while more hashes my be added later.
+       if command -v sha256sum
+       then
+            echo "2f1ec5e52d122bf1864529c1bbac7fe6afc10e3a083217b3a7bff5ded37efcc3  Python-2.6.5.tar" > checksums.sha256
+            sha256sum --status -c checksums.sha256
+       else
+            echo "c83cf77f32463c3949b85c94f661c090  Python-2.6.5.tar" > checksums.md5
+            md5sum --status -c checksums.md5
+       fi
+
+       tar -xf $VERSION.tar
+       cd $VERSION
+       ./configure --prefix=$PREFIX/python --enable-shared --disable-ipv6
+       make
+       make install
+       cd ../..
+       rm -rf python_install
+}
+
+cleanup_install_python() {
+       rm -rf python_install
+       exit 1
 }
 
 if [ ! -d $PREFIX/python ]; then
+   trap "cleanup_install_python" 0
    # needs to be installed
    do_install_python
 fi