Add hash check for Kotlin, Minikube, AWS SAM CLI (#8596)

Author: erik-bershel

images/linux/scripts/installers/aws.sh

@@ -2,6 +2,7 @@
 ################################################################################
 ##  File:  aws.sh
 ##  Desc:  Installs the AWS CLI, Session Manager plugin for the AWS CLI, and AWS SAM CLI
+##  Supply chain security: AWS SAM CLI - checksum validation
 ################################################################################
 
 # Source the helpers for use with the script
@@ -15,11 +16,16 @@ unzip -qq /tmp/awscliv2.zip -d /tmp
 download_with_retries "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" "/tmp" "session-manager-plugin.deb"
 apt install /tmp/session-manager-plugin.deb
 
-# Download & install the latest aws sam cli release
-zipName="aws-sam-cli-linux-x86_64.zip"
-zipUrl="https://github.com/aws/aws-sam-cli/releases/latest/download/${zipName}"
-download_with_retries $zipUrl "/tmp" $zipName
-unzip /tmp/${zipName} -d /tmp
+# Download the latest aws sam cli release
+aws_sam_cli_zip_name="aws-sam-cli-linux-x86_64.zip"
+download_with_retries "https://github.com/aws/aws-sam-cli/releases/latest/download/${aws_sam_cli_zip_name}" "/tmp" $aws_sam_cli_zip_name
+
+# Supply chain security - AWS SAM CLI
+aws_sam_cli_hash=$(get_github_package_hash "aws" "aws-sam-cli" "${aws_sam_cli_zip_name}.. ")
+use_checksum_comparison "/tmp/${aws_sam_cli_zip_name}" "$aws_sam_cli_hash"
+
+# Install the latest aws sam cli release
+unzip /tmp/${aws_sam_cli_zip_name} -d /tmp
 /tmp/install
 
 invoke_tests "CLI.Tools" "AWS"

images/linux/scripts/installers/kotlin.sh

@@ -2,16 +2,22 @@
 ################################################################################
 ##  File:  kotlin.sh
 ##  Desc:  Installs Kotlin
+##  Supply chain security: Kotlin - checksum validation
 ################################################################################
 
 source $HELPER_SCRIPTS/install.sh
 
 KOTLIN_ROOT="/usr/share"
-downloadUrl=$(get_github_package_download_url "JetBrains/kotlin" "contains(\"kotlin-compiler\")")
-download_with_retries "$downloadUrl" "/tmp"
+kotlin_zip_name="kotlin-compiler.zip"
+download_url=$(get_github_package_download_url "JetBrains/kotlin" "contains(\"kotlin-compiler\")")
+download_with_retries "$download_url" "/tmp" "$kotlin_zip_name"
 
-unzip -qq /tmp/kotlin-compiler*.zip -d $KOTLIN_ROOT
+# Supply chain security - Kotlin
+kotlin_hash=$(get_github_package_hash "JetBrains" "kotlin" "kotlin-compiler" "" "latest" "false" "|" 3)
+use_checksum_comparison "/tmp/${kotlin_zip_name}" "$kotlin_hash"
+
+unzip -qq /tmp/${kotlin_zip_name} -d $KOTLIN_ROOT
 rm $KOTLIN_ROOT/kotlinc/bin/*.bat
 ln -sf $KOTLIN_ROOT/kotlinc/bin/* /usr/bin
 
-invoke_tests "Tools" "Kotlin"
+invoke_tests "Tools" "Kotlin"

images/linux/scripts/installers/kubernetes-tools.sh

@@ -2,6 +2,7 @@
 ################################################################################
 ##  File:  kubernetes-tools.sh
 ##  Desc:  Installs kubectl, helm, kustomize
+##  Supply chain security: minikube - checksum validation
 ################################################################################
 
 # Source the helpers for use with the script
@@ -24,6 +25,11 @@ curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
 
 # Install minikube
 curl -fsSL -O https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
+
+# Supply chain security - minikube
+minikube_hash=$(get_github_package_hash "kubernetes" "minikube" "linux-amd64" "" "latest" "false" ":" 2)
+use_checksum_comparison "minikube-linux-amd64" "$minikube_hash"
+
 sudo install minikube-linux-amd64 /usr/local/bin/minikube
 
 # Install kustomize