[Windows] Add checksum verification for Kotlin (#8318)

erik-bershel · web-flow · commit e1ac652396a5 · 2023-09-22T11:26:00.000+02:00
diff --git a/images/win/scripts/Installers/Install-Kotlin.ps1 b/images/win/scripts/Installers/Install-Kotlin.ps1
@@ -1,6 +1,7 @@
 ################################################################################
 ##  File:  Install-Kotlin.ps1
 ##  Desc:  Install Kotlin
+##  Supply chain security: Kotlin - checksum validation
 ################################################################################
 
 # Install Kotlin
@@ -10,11 +11,17 @@ $kotlinBinaryName = (Get-ToolsetContent).kotlin.binary_name
 $kotlinDownloadUrl = Get-GitHubPackageDownloadUrl -RepoOwner "JetBrains" -RepoName "kotlin" -BinaryName $kotlinBinaryName -Version $kotlinVersion -UrlFilter "*{BinaryName}-{Version}.zip"
 $kotlinInstallerPath = Start-DownloadWithRetry -Url $kotlinDownloadUrl -Name "$kotlinBinaryName.zip"
 
+#region Supply chain security
+$fileHash = (Get-FileHash -Path $kotlinInstallerPath -Algorithm SHA256).Hash
+$externalHash = Get-HashFromGitHubReleaseBody -RepoOwner "JetBrains" -RepoName "kotlin" -FileName "$kotlinBinaryName" -Version $kotlinVersion -WordNumber 2
+Use-ChecksumComparison $fileHash $externalHash
+#endregion
+
 Write-Host "Expand Kotlin archive"
 $kotlinPath = "C:\tools"
 Extract-7Zip -Path $kotlinInstallerPath -DestinationPath $kotlinPath
 
 # Add to PATH
 Add-MachinePathItem "$kotlinPath\kotlinc\bin"
 
-Invoke-PesterTests -TestFile "Tools" -TestName "Kotlin"
+Invoke-PesterTests -TestFile "Tools" -TestName "Kotlin"
