switch to using --check #4
Conversation
checksum.sh
Outdated
| @@ -1,18 +1,17 @@ | |||
| #!/bin/bash | |||
|
|
|||
| function checksum() { | |||
| local s | |||
| s=$(curl -fsSL "$1") | |||
| if ! command -v shasum >/dev/null | |||
| then | |||
| shasum() { sha1sum "$@"; } | |||
There was a problem hiding this comment.
sha1sum doesn't support the -a option you always give below. You just shouldn't pass -a. I only used it when contriving an example (where I had to mock having something to download which has a hash already).
And you can just use a variable for the command (you don't need eval or anything like that to do such things).
local hasher
if command -v shasum >/dev/null ; then
hasher=shasum
else
hasher=sha1sum
fi
...
printf %s\\n "$s" | "$hasher" --check --status ...
There was a problem hiding this comment.
Updated. Great suggestion. Thanks!
| @@ -1,18 +1,17 @@ | |||
| #!/bin/bash | |||
|
|
|||
| function checksum() { | |||
| local s | |||
| s=$(curl -fsSL "$1") | |||
There was a problem hiding this comment.
Note that shell truncates trailing newlines from variables, so if a script ends with several newlines, it'll only keep the last one. Example exhibiting the problem:
# In another shell, run `python -m http.server --bind localhost 8980`
$ printf %s\\n 1 2 3 "" "" "" > f # File contents: "1\n2\n3\n\n\n\n"
$ printf %s\\n 1 2 3 > t # File contents: "1\n2\n3\n"
$ shasum -a 256 f
09bc489de9097269db796e13a5d79c0bdb021a4ba90e1ac1e7f56aecc60b5b7c *f
$ shasum -a 256 t
14c5e74c4b96ccef41cd94db73a9ec3348038ac094feca4fd897cecffa07cdae *t
$ curl -fsSL http://localhost:8980/f | shasum -a 256
09bc489de9097269db796e13a5d79c0bdb021a4ba90e1ac1e7f56aecc60b5b7c *-
$ curl -fsSL http://localhost:8980/t | shasum -a 256
14c5e74c4b96ccef41cd94db73a9ec3348038ac094feca4fd897cecffa07cdae *-
$ t=$(curl -fsSL http://localhost:8980/t)
$ f=$(curl -fsSL http://localhost:8980/f)
$ printf %s\\n "$t" | shasum -a 256
14c5e74c4b96ccef41cd94db73a9ec3348038ac094feca4fd897cecffa07cdae *-
$ printf %s\\n "$f" | shasum -a 256
14c5e74c4b96ccef41cd94db73a9ec3348038ac094feca4fd897cecffa07cdae *-
So printf %s\\n "$f" | shasum -a 256 does not give the same as curl -fsSL http://localhost:8980/f | shasum -a 256, it gives the same result as curl -fsSL http://localhost:8980/t | shasum -a 256 and printf %s\\n "$t" | shasum -a 256.
It's quite likely there exist scripts in the wild that have trailing newlines, so the shell variable capture is probably non-viable.
(I ran this experiment in msys zsh on windows, but ran it based on knowledge of the newline chomping of POSIX sh -- I just double-checked and ran it on bash on linux and it was the same result, only difference being the weird "*" in the shasum output is now another space as expected)
There was a problem hiding this comment.
the shell variable capture is probably non-viable.
@dundarious given that, downloading the script to a tmp file may be the best solution
Implementing the suggestions from https://news.ycombinator.com/item?id=33377273