Skip to content

Commit 7fe17c7

Browse files
sergei-pyshnoisergei-pyshnoi
authored
[MacOS] Pin sha256 for xcode (#9007)
* pin sha256 for xcode * add sha256 for xcode 15.1
1 parent 1cb4323 commit 7fe17c7

File tree

6 files changed

+40
-30
lines changed

6 files changed

+40
-30
lines changed

images/macos/scripts/build/Install-Xcode.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ $xcodeVersions | ForEach-Object -ThrottleLimit $threadCount -Parallel {
2121
Import-Module "$env:HOME/image-generation/helpers/Common.Helpers.psm1"
2222
Import-Module "$env:HOME/image-generation/helpers/Xcode.Installer.psm1" -DisableNameChecking
2323

24-
Install-XcodeVersion -Version $_.version -LinkTo $_.link
24+
Install-XcodeVersion -Version $_.version -LinkTo $_.link -Sha256Sum $_.sha256
2525
Confirm-XcodeIntegrity -Version $_.link
2626
}
2727

images/macos/scripts/helpers/Xcode.Installer.psm1

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,9 @@ function Install-XcodeVersion {
66
[Parameter(Mandatory)]
77
[string] $Version,
88
[Parameter(Mandatory)]
9-
[string] $LinkTo
9+
[string] $LinkTo,
10+
[Parameter(Mandatory)]
11+
[string] $Sha256Sum
1012
)
1113

1214
$xcodeDownloadDirectory = "$env:HOME/Library/Caches/XcodeInstall"
@@ -28,8 +30,15 @@ function Invoke-DownloadXcodeArchive {
2830
$tempXipDirectory = New-Item -Path $DownloadDirectory -Name "Xcode$Version" -ItemType "Directory"
2931
$xcodeFileName = 'Xcode-{0}.xip' -f $Version
3032
$xcodeUri = '{0}{1}?{2}'-f ${env:XCODE_INSTALL_STORAGE_URL}, $xcodeFileName, ${env:XCODE_INSTALL_SAS}
31-
Invoke-DownloadWithRetry -Url $xcodeUri -Path (Join-Path $tempXipDirectory.FullName $xcodeFileName) | Out-Null
33+
$xcodeFullPath = Join-Path $tempXipDirectory.FullName $xcodeFileName
34+
Invoke-DownloadWithRetry -Url $xcodeUri -Path $xcodeFullPath | Out-Null
3235

36+
# Validating checksum
37+
$xcodeSha256 = Get-FileHash -Path $xcodeFullPath -Algorithm SHA256 | Select-Object -ExpandProperty Hash
38+
if ($xcodeSha256 -ne $Sha256Sum) {
39+
throw "Xcode $Version checksum mismatch. Expected: $Sha256Sum, Actual: $xcodeSha256"
40+
}
41+
3342
return $tempXipDirectory
3443
}
3544

images/macos/toolsets/toolset-11.json

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,12 @@
33
"default": "13.2.1",
44
"x64": {
55
"versions": [
6-
{ "link": "13.2.1", "version": "13.2.1+13C100", "symlinks": ["13.2"] },
7-
{ "link": "13.1", "version": "13.1.0+13A1030d" },
8-
{ "link": "13.0", "version": "13.0.0+13A233" },
9-
{ "link": "12.5.1", "version": "12.5.1+12E507", "symlinks": ["12.5"] },
10-
{ "link": "12.4", "version": "12.4.0+12D4e" },
11-
{ "link": "11.7", "version": "11.7.0-GM+11E801a", "symlinks": ["11.7_beta"] }
6+
{ "link": "13.2.1", "version": "13.2.1+13C100", "symlinks": ["13.2"], "sha256": "D3BFCC6225D531587490C0DFC0926C80B7D50D17671DC8F25868F965F5D65F9D" },
7+
{ "link": "13.1", "version": "13.1.0+13A1030d", "sha256": "4EFDEEA0EEEDA1957BB394128CCCD1DAAC3CB0A3D074224E0FAB90855CCA09C4" },
8+
{ "link": "13.0", "version": "13.0.0+13A233", "sha256": "1D8257750A4E0333A2B372B32381BE5EC9B29704C8A0D44CE2E6D26D1CF4301E" },
9+
{ "link": "12.5.1", "version": "12.5.1+12E507", "symlinks": ["12.5"], "sha256": "2592BF58E654440B3DF7062219DBBD24BDF345FAE6BA000756D6D5B1166A7168" },
10+
{ "link": "12.4", "version": "12.4.0+12D4e", "sha256": "CC8D10155258F9DDAA5E422AB8F50E6058758C95208E58E59B5DB1DB033CE2FF" },
11+
{ "link": "11.7", "version": "11.7.0-GM+11E801a", "symlinks": ["11.7_beta"], "sha256": "A53FDEAB92326CD9BF93A1B5FAE01E3D658B04DA60DFF5DE74141CABA0808B03" }
1212
]
1313
}
1414
},

images/macos/toolsets/toolset-12.json

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,13 @@
33
"default": "14.2",
44
"x64": {
55
"versions": [
6-
{ "link": "14.2", "version": "14.2.0+14C18", "install_runtimes": "true" },
7-
{ "link": "14.1", "version": "14.1.0+14B47b", "install_runtimes": "true" },
8-
{ "link": "14.0.1", "version": "14.0.1+14A400", "symlinks": ["14.0"], "install_runtimes": "true" },
9-
{ "link": "13.4.1", "version": "13.4.1+13F100", "symlinks": ["13.4"] },
10-
{ "link": "13.3.1", "version": "13.3.1+13E500a", "symlinks": ["13.3"] },
11-
{ "link": "13.2.1", "version": "13.2.1+13C100", "symlinks": ["13.2"] },
12-
{ "link": "13.1", "version": "13.1.0+13A1030d" }
6+
{ "link": "14.2", "version": "14.2.0+14C18", "install_runtimes": "true", "sha256": "686B9D53CA49E50D563BC0104B1E8B4F7CCFE80064A6D689965FB819BF8EFE72" },
7+
{ "link": "14.1", "version": "14.1.0+14B47b", "install_runtimes": "true", "sha256": "12F8A3AEF78BF354470AD8B351ADDD925C8EDAD888137D138CA50A8130EB9F2F" },
8+
{ "link": "14.0.1", "version": "14.0.1+14A400", "symlinks": ["14.0"], "install_runtimes": "true", "sha256": "EDB4DDCE02F92338E3D10B011FC86CD26520E3238585F06F3C182880DDD3B2AF" },
9+
{ "link": "13.4.1", "version": "13.4.1+13F100", "symlinks": ["13.4"], "sha256": "A1E0DBD6D5A96C4A6D3D63600B58486759AA836C2D9F7E8FA6D7DA4C7399638B" },
10+
{ "link": "13.3.1", "version": "13.3.1+13E500a", "symlinks": ["13.3"], "sha256": "D10B4644DB84BA43F7B18CE94FB3CA1ACD255D39781F4AF8FC88BD8581E08F97" },
11+
{ "link": "13.2.1", "version": "13.2.1+13C100", "symlinks": ["13.2"], "sha256": "D3BFCC6225D531587490C0DFC0926C80B7D50D17671DC8F25868F965F5D65F9D" },
12+
{ "link": "13.1", "version": "13.1.0+13A1030d", "sha256": "4EFDEEA0EEEDA1957BB394128CCCD1DAAC3CB0A3D074224E0FAB90855CCA09C4" }
1313
]
1414
}
1515
},

images/macos/toolsets/toolset-13.json

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,20 +3,21 @@
33
"default": "14.3.1",
44
"x64": {
55
"versions": [
6-
{ "link": "15.1", "version": "15.1.0+15C65", "install_runtimes": "true"},
7-
{ "link": "15.0.1", "version": "15.0.1+15A507", "symlinks": ["15.0"], "install_runtimes": "true"},
8-
{ "link": "14.3.1", "version": "14.3.1+14E300c","symlinks": ["14.3"], "install_runtimes": "true"},
9-
{ "link": "14.2", "version": "14.2.0+14C18", "install_runtimes": "true"},
10-
{ "link": "14.1", "version": "14.1.0+14B47b", "install_runtimes": "true"}
6+
{ "link": "15.1", "version": "15.1.0+15C65", "install_runtimes": "true", "sha256": "857D8DB537BAC82BF99DE0E1D3895D214D4D02101C1340CEF3DAF6E821BA1D05"},
7+
{ "link": "15.0.1", "version": "15.0.1+15A507", "symlinks": ["15.0"], "install_runtimes": "true", "sha256": "5AC17AE6060CAFC3C7112C6DA0B153450BE21F1DE6632777FBA9FBC9D999C9E8"},
8+
{ "link": "14.3.1", "version": "14.3.1+14E300c","symlinks": ["14.3"], "install_runtimes": "true", "sha256": "B5CC7BF37447C32A971B37D71C7DA1AF7ABB45CEE4B96FE126A1D3B0D2C260AF"},
9+
{ "link": "14.2", "version": "14.2.0+14C18", "install_runtimes": "true", "sha256": "686B9D53CA49E50D563BC0104B1E8B4F7CCFE80064A6D689965FB819BF8EFE72"},
10+
{ "link": "14.1", "version": "14.1.0+14B47b", "install_runtimes": "true", "sha256": "12F8A3AEF78BF354470AD8B351ADDD925C8EDAD888137D138CA50A8130EB9F2F"}
11+
1112
]
1213
},
1314
"arm64":{
1415
"versions": [
15-
{ "link": "15.1", "version": "15.1.0+15C65", "install_runtimes": "true"},
16-
{ "link": "15.0.1", "version": "15.0.1+15A507", "symlinks": ["15.0"], "install_runtimes": "true"},
17-
{ "link": "14.3.1", "version": "14.3.1+14E300c","symlinks": ["14.3"], "install_runtimes": "true" },
18-
{ "link": "14.2", "version": "14.2.0+14C18", "install_runtimes": "true" },
19-
{ "link": "14.1", "version": "14.1.0+14B47b", "install_runtimes": "true" }
16+
{ "link": "15.1", "version": "15.1.0+15C65", "install_runtimes": "true", "sha256": "857D8DB537BAC82BF99DE0E1D3895D214D4D02101C1340CEF3DAF6E821BA1D05"},
17+
{ "link": "15.0.1", "version": "15.0.1+15A507", "symlinks": ["15.0"], "install_runtimes": "true", "sha256": "5AC17AE6060CAFC3C7112C6DA0B153450BE21F1DE6632777FBA9FBC9D999C9E8"},
18+
{ "link": "14.3.1", "version": "14.3.1+14E300c","symlinks": ["14.3"], "install_runtimes": "true", "sha256": "B5CC7BF37447C32A971B37D71C7DA1AF7ABB45CEE4B96FE126A1D3B0D2C260AF"},
19+
{ "link": "14.2", "version": "14.2.0+14C18", "install_runtimes": "true", "sha256": "686B9D53CA49E50D563BC0104B1E8B4F7CCFE80064A6D689965FB819BF8EFE72"},
20+
{ "link": "14.1", "version": "14.1.0+14B47b", "install_runtimes": "true", "sha256": "12F8A3AEF78BF354470AD8B351ADDD925C8EDAD888137D138CA50A8130EB9F2F"}
2021
]
2122
}
2223
},

images/macos/toolsets/toolset-14.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,14 @@
33
"default": "15.0.1",
44
"x64": {
55
"versions": [
6-
{ "link": "15.0.1", "version": "15.0.1+15A507", "symlinks": ["15.0"], "install_runtimes": "true"},
7-
{ "link": "14.3.1", "version": "14.3.1+14E300c","symlinks": ["14.3"], "install_runtimes": "true"}
6+
{ "link": "15.0.1", "version": "15.0.1+15A507", "symlinks": ["15.0"], "install_runtimes": "true", "sha256": "5AC17AE6060CAFC3C7112C6DA0B153450BE21F1DE6632777FBA9FBC9D999C9E8"},
7+
{ "link": "14.3.1", "version": "14.3.1+14E300c","symlinks": ["14.3"], "install_runtimes": "true", "sha256": "B5CC7BF37447C32A971B37D71C7DA1AF7ABB45CEE4B96FE126A1D3B0D2C260AF"}
88
]
99
},
1010
"arm64":{
1111
"versions": [
12-
{ "link": "15.0.1", "version": "15.0.1+15A507", "symlinks": ["15.0"], "install_runtimes": "true"},
13-
{ "link": "14.3.1", "version": "14.3.1+14E300c","symlinks": ["14.3"], "install_runtimes": "true"}
12+
{ "link": "15.0.1", "version": "15.0.1+15A507", "symlinks": ["15.0"], "install_runtimes": "true", "sha256": "5AC17AE6060CAFC3C7112C6DA0B153450BE21F1DE6632777FBA9FBC9D999C9E8"},
13+
{ "link": "14.3.1", "version": "14.3.1+14E300c","symlinks": ["14.3"], "install_runtimes": "true", "sha256": "B5CC7BF37447C32A971B37D71C7DA1AF7ABB45CEE4B96FE126A1D3B0D2C260AF"}
1414
]
1515
}
1616
},

0 commit comments

Comments
 (0)