mirror of
https://github.com/monero-project/monero-site.git
synced 2025-01-25 12:05:55 +00:00
187 lines
8.8 KiB
YAML
187 lines
8.8 KiB
YAML
---
|
|
name: Validate Hashes
|
|
on:
|
|
push:
|
|
paths:
|
|
- 'downloads/hashes.txt'
|
|
- '_data/downloads.yml'
|
|
pull_request:
|
|
paths:
|
|
- 'downloads/hashes.txt'
|
|
- '_data/downloads.yml'
|
|
jobs:
|
|
validate-hashes:
|
|
name: Validate Hashes
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Install dependencies
|
|
run: |
|
|
sudo apt-get install -y --no-install-recommends curl gpg jq python3-pip
|
|
sudo pip3 install yq
|
|
- name: Verify hashes.txt signature
|
|
run: |
|
|
curl -sL https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/binaryfate.asc |
|
|
gpg --import
|
|
gpg --verify downloads/hashes.txt
|
|
- name: Verify filenames
|
|
run: |
|
|
lines="$(grep -v ^# downloads/hashes.txt)"
|
|
SAVEIFS=$IFS
|
|
IFS=$'\n'
|
|
lines=($lines)
|
|
IFS=$SAVEIFS
|
|
|
|
version_gui=$(awk '/monero-gui-source-v/ {print $2}' downloads/hashes.txt | awk -F".tar.bz2" '{print $1}' | awk -F"-" '{print $4}')
|
|
version_cli=$(awk '/monero-source-v/ {print $2}' downloads/hashes.txt | awk -F".tar.bz2" '{print $1}' | awk -F"-" '{print $3}')
|
|
|
|
filenames_cli=()
|
|
filenames_gui=()
|
|
|
|
get_filename(){
|
|
line=$1
|
|
the_line=($line)
|
|
length="${#the_line[@]}"
|
|
((length-=1))
|
|
filename="${the_line[$length]}"
|
|
echo "${filename}"
|
|
}
|
|
# expects cli files between lines 2-13 and gui 14-18 (comments do not count, 1st line = 0)
|
|
# to add a new file to the cli, $num must be -gt 1 and -lt 15.
|
|
# gui $num is now -gt 14 and -lt 20 (new line has been added above)
|
|
# a new gui file will only increase the -lt number by 1
|
|
# changes to extensions / new files must be reflected in the cli_files / gui_files lists below
|
|
num=0
|
|
for line in "${lines[@]}"; do
|
|
if [ $num -gt 1 ] && [ $num -lt 14 ] ; then
|
|
#CLI
|
|
filename=$(get_filename "${line}")
|
|
filenames_cli+=("${filename}")
|
|
elif [ $num -gt 13 ] && [ $num -lt 19 ] ; then
|
|
#GUI
|
|
filename=$(get_filename "${line}")
|
|
filenames_gui+=("${filename}")
|
|
fi
|
|
((num+=1))
|
|
done
|
|
# edit/add/remove filenames below
|
|
cli_files=(\
|
|
"monero-android-armv7-${version_cli}.tar.bz2" \
|
|
"monero-android-armv8-${version_cli}.tar.bz2" \
|
|
"monero-freebsd-x64-${version_cli}.tar.bz2" \
|
|
"monero-linux-armv7-${version_cli}.tar.bz2" \
|
|
"monero-linux-armv8-${version_cli}.tar.bz2" \
|
|
"monero-linux-x64-${version_cli}.tar.bz2" \
|
|
"monero-linux-x86-${version_cli}.tar.bz2" \
|
|
"monero-mac-armv8-${version_cli}.tar.bz2" \
|
|
"monero-mac-x64-${version_cli}.tar.bz2" \
|
|
"monero-win-x64-${version_cli}.zip" \
|
|
"monero-win-x86-${version_cli}.zip" \
|
|
"monero-source-${version_cli}.tar.bz2")
|
|
|
|
gui_files=(\
|
|
"monero-gui-install-win-x64-${version_gui}.exe" \
|
|
"monero-gui-linux-x64-${version_gui}.tar.bz2" \
|
|
"monero-gui-mac-x64-${version_gui}.dmg" \
|
|
"monero-gui-win-x64-${version_gui}.zip" \
|
|
"monero-gui-source-${version_gui}.tar.bz2")
|
|
|
|
check_filenames(){
|
|
local -n file_list=$1
|
|
local -n hardcoded=$2
|
|
for f in "${file_list[@]}"; do
|
|
if [[ "${hardcoded[*]}" =~ "${f}" ]]; then
|
|
echo "Filename OK: ${f}"
|
|
else
|
|
echo "Filename BAD: ${f}"
|
|
exit 1
|
|
fi
|
|
done
|
|
}
|
|
|
|
check_filenames filenames_cli cli_files
|
|
check_filenames filenames_gui gui_files
|
|
- name: Download releases
|
|
run: |
|
|
for file in $(awk '/monero-/ {print $2}' downloads/hashes.txt); do
|
|
[ -f $file ] && continue
|
|
echo Downloading $file...
|
|
dir=cli
|
|
if [[ $file =~ gui ]]; then
|
|
dir=gui
|
|
fi
|
|
url=https://dlsrc.getmonero.org/${dir}/${file}
|
|
curl -sLO $url
|
|
done
|
|
- name: Verify hashes.txt hashes
|
|
run: |
|
|
grep monero- downloads/hashes.txt | sha256sum -c
|
|
- name: Verify downloads.yml hashes
|
|
run: |
|
|
yq -r '.[] | .[0].downloads[] | "\(.link)|\(.hash)"' _data/downloads.yml | grep -v github |
|
|
while read line; do
|
|
[ -z "$line" ] && continue
|
|
url=$(echo $line | cut -d'|' -f1)
|
|
hash=$(echo $line | cut -d'|' -f2)
|
|
filename=
|
|
case $url in
|
|
*gui/win64install) filename=monero-gui-install-win-x64 ;;
|
|
*gui/win64) filename=monero-gui-win-x64 ;;
|
|
*gui/mac64) filename=monero-gui-mac-x64 ;;
|
|
*gui/linux64) filename=monero-gui-linux-x64 ;;
|
|
*gui/source) filename=monero-gui-source ;;
|
|
*cli/win64) filename=monero-win-x64 ;;
|
|
*cli/win32) filename=monero-win-x86 ;;
|
|
*cli/mac64) filename=monero-mac-x64 ;;
|
|
*cli/macarm8) filename=monero-mac-armv8 ;;
|
|
*cli/linux64) filename=monero-linux-x64 ;;
|
|
*cli/linux32) filename=monero-linux-x86 ;;
|
|
*cli/linuxarm8) filename=monero-linux-armv8 ;;
|
|
*cli/linuxarm7) filename=monero-linux-armv7 ;;
|
|
*cli/androidarm8) filename=monero-android-armv8 ;;
|
|
*cli/androidarm7) filename=monero-android-armv7 ;;
|
|
*cli/freebsd64) filename=monero-freebsd-x64 ;;
|
|
*cli/source) filename=monero-source ;;
|
|
*)
|
|
echo "Unknown url $url" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
filename=$(awk "/${filename}/ {print \$2}" downloads/hashes.txt)
|
|
echo "$hash $filename" | sha256sum -c
|
|
done
|
|
- name: Validate source integrity
|
|
run: |
|
|
version_gui=$(awk '/monero-gui-source-v/ {print $2}' downloads/hashes.txt | awk -F".tar.bz2" '{print $1}' | awk -F"-" '{print $4}')
|
|
version_cli=$(awk '/monero-source-v/ {print $2}' downloads/hashes.txt | awk -F".tar.bz2" '{print $1}' | awk -F"-" '{print $3}')
|
|
echo -e "\n--> GUI version: $version_gui \n--> CLI version: $version_cli"
|
|
mkdir validate_sources
|
|
cd validate_sources
|
|
# Download / verify git-archive-all.sh
|
|
curl -O https://raw.githubusercontent.com/fabacab/git-archive-all.sh/fc86194f00b678438f9210859597f6eead28e765/git-archive-all.sh
|
|
echo "db62e9a824866989c9d080f008ec06d81421cf94bed3762acba3b9148607af2d git-archive-all.sh" | sha256sum -c
|
|
chmod +x git-archive-all.sh
|
|
echo -e "--> Generating tarballs..."
|
|
# CLI
|
|
git clone --recursive -b $version_cli --depth 1 --shallow-submodule https://github.com/monero-project/monero.git monero.git && cd monero.git && ../git-archive-all.sh --prefix monero-source-${version_cli}/ --format tar --tree-ish $version_cli ../monero-source-${version_cli}.tar && cd .. && bzip2 monero-source-${version_cli}.tar
|
|
# GUI
|
|
git clone --recursive -b $version_gui --depth 1 --shallow-submodule https://github.com/monero-project/monero-gui.git monero-gui.git && cd monero-gui.git && ../git-archive-all.sh --prefix monero-gui-source-${version_gui}/ --format tar --tree-ish $version_gui ../monero-gui-source-${version_gui}.tar && cd .. && bzip2 monero-gui-source-${version_gui}.tar
|
|
mkdir yours
|
|
cp monero-gui-source-${version_gui}.tar.bz2 yours/.
|
|
cp monero-source-${version_cli}.tar.bz2 yours/.
|
|
mkdir from_website
|
|
echo -e "\n--> Move tarballs from getmonero..."
|
|
mv ../monero-gui-source-${version_gui}.tar.bz2 from_website/.
|
|
mv ../monero-source-${version_cli}.tar.bz2 from_website/.
|
|
echo -e "\n--> Unpacking all..."
|
|
bunzip2 yours/*.bz2
|
|
bunzip2 from_website/*.bz2
|
|
tar xf yours/monero-source-${version_cli}.tar -C yours/
|
|
tar xf yours/monero-gui-source-${version_gui}.tar -C yours/
|
|
tar xf from_website/monero-source-${version_cli}.tar -C from_website/
|
|
tar xf from_website/monero-gui-source-${version_gui}.tar -C from_website
|
|
# Compare directories
|
|
echo -e "\n--> Comparing CLI directories"
|
|
diff -r yours/monero-source-$version_cli from_website/monero-source-$version_cli
|
|
echo -e "\n--> Comparing GUI directories"
|
|
diff -r yours/monero-gui-source-$version_gui from_website/monero-gui-source-$version_gui
|