technofab/jsonnet-bundler
1
0
Fork 0
mirror of https://github.com/TECHNOFAB11/jsonnet-bundler.git synced 2025-12-11 23:50:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: check sum after download

Browse source 
To see if we actually got what we expected
This commit is contained in:
sh0rez 2019-10-16 16:48:44 +02:00
parent 36311f1601
commit 4b6e2d89e9
No known key found for this signature in database
GPG key ID: 87C71DF9F8181FF1
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/packages.go
View file

@ -18,6 +18,7 @@ import (
"context"
"crypto/sha256"
"encoding/base64"
"fmt"
"io"
"os"
"path/filepath"
@ -42,6 +43,7 @@ func Ensure(want spec.JsonnetFile, vendorDir string, locks map[string]spec.Depen
list = append(list, l)
continue
}
expectedSum := d.Sum
// either not present or not intact: download again
dir := filepath.Join(vendorDir, d.Name)
@ -51,6 +53,9 @@ func Ensure(want spec.JsonnetFile, vendorDir string, locks map[string]spec.Depen
if err != nil {
return nil, errors.Wrap(err, "downloading")
}
if expectedSum != "" && d.Sum != expectedSum {
return fmt.Errorf("checksum mismatch for %s. Expected %s but got %s", d.Name, expectedSum, d.Sum)
}
list = append(list, *locked)
}