2020-07-13 11:44:07 +03:00
|
|
|
---
|
|
|
|
|
name: Validate Hashes
|
|
|
|
|
on:
|
|
|
|
|
push:
|
|
|
|
|
paths:
|
|
|
|
|
- 'downloads/hashes.txt'
|
|
|
|
|
- '_data/downloads.yml'
|
|
|
|
|
pull_request:
|
|
|
|
|
paths:
|
|
|
|
|
- 'downloads/hashes.txt'
|
|
|
|
|
- '_data/downloads.yml'
|
|
|
|
|
jobs:
|
|
|
|
|
validate-hashes:
|
|
|
|
|
name: Validate Hashes
|
2021-04-11 13:42:45 +03:00
|
|
|
runs-on: ubuntu-18.04
|
2020-07-13 11:44:07 +03:00
|
|
|
steps:
|
|
|
|
|
- uses: actions/checkout@v2
|
|
|
|
|
- name: Install dependencies
|
|
|
|
|
run: |
|
|
|
|
|
sudo apt-get install -y --no-install-recommends curl gpg jq python-pip
|
|
|
|
|
sudo pip install yq
|
|
|
|
|
- name: Verify hashes.txt signature
|
2020-08-19 21:31:15 +03:00
|
|
|
run: |
|
|
|
|
|
curl -sL https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/binaryfate.asc |
|
|
|
|
|
gpg --import
|
2020-07-13 11:44:07 +03:00
|
|
|
gpg --verify downloads/hashes.txt
|
|
|
|
|
- name: Download releases
|
|
|
|
|
run: |
|
|
|
|
|
for file in $(awk '/monero-/ {print $2}' downloads/hashes.txt); do
|
|
|
|
|
[ -f $file ] && continue
|
|
|
|
|
echo Downloading $file...
|
|
|
|
|
dir=cli
|
|
|
|
|
if [[ $file =~ gui ]]; then
|
|
|
|
|
dir=gui
|
|
|
|
|
fi
|
|
|
|
|
url=https://dlsrc.getmonero.org/${dir}/${file}
|
|
|
|
|
curl -sLO $url
|
|
|
|
|
done
|
|
|
|
|
- name: Verify hashes.txt hashes
|
|
|
|
|
run: |
|
|
|
|
|
grep monero- downloads/hashes.txt | sha256sum -c
|
|
|
|
|
- name: Verify downloads.yml hashes
|
|
|
|
|
run: |
|
|
|
|
|
yq -r '.[] | .[0].downloads[] | "\(.link)|\(.hash)"' _data/downloads.yml | grep -v github |
|
|
|
|
|
while read line; do
|
|
|
|
|
[ -z "$line" ] && continue
|
|
|
|
|
url=$(echo $line | cut -d'|' -f1)
|
|
|
|
|
hash=$(echo $line | cut -d'|' -f2)
|
2020-08-19 21:31:15 +03:00
|
|
|
filename=
|
|
|
|
|
case $url in
|
|
|
|
|
*gui/win64install) filename=monero-gui-install-win-x64 ;;
|
|
|
|
|
*gui/win64) filename=monero-gui-win-x64 ;;
|
|
|
|
|
*gui/mac64) filename=monero-gui-mac-x64 ;;
|
|
|
|
|
*gui/linux64) filename=monero-gui-linux-x64 ;;
|
2021-06-30 12:06:04 +03:00
|
|
|
*gui/source) filename=monero-gui-source ;;
|
2020-08-19 21:31:15 +03:00
|
|
|
*cli/win64) filename=monero-win-x64 ;;
|
|
|
|
|
*cli/win32) filename=monero-win-x86 ;;
|
|
|
|
|
*cli/mac64) filename=monero-mac-x64 ;;
|
2022-07-19 04:25:05 +03:00
|
|
|
*cli/macarm8) filename=monero-mac-armv8 ;;
|
2020-08-19 21:31:15 +03:00
|
|
|
*cli/linux64) filename=monero-linux-x64 ;;
|
|
|
|
|
*cli/linux32) filename=monero-linux-x86 ;;
|
|
|
|
|
*cli/linuxarm8) filename=monero-linux-armv8 ;;
|
|
|
|
|
*cli/linuxarm7) filename=monero-linux-armv7 ;;
|
|
|
|
|
*cli/androidarm8) filename=monero-android-armv8 ;;
|
|
|
|
|
*cli/androidarm7) filename=monero-android-armv7 ;;
|
|
|
|
|
*cli/freebsd64) filename=monero-freebsd-x64 ;;
|
2021-06-30 12:06:04 +03:00
|
|
|
*cli/source) filename=monero-source ;;
|
2020-08-19 21:31:15 +03:00
|
|
|
*)
|
|
|
|
|
echo "Unknown url $url" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
filename=$(awk "/${filename}/ {print \$2}" downloads/hashes.txt)
|
2020-07-13 11:44:07 +03:00
|
|
|
echo "$hash $filename" | sha256sum -c
|
|
|
|
|
done
|
2022-05-29 06:30:09 +03:00
|
|
|
- name: Validate source integrity
|
|
|
|
|
run: |
|
|
|
|
|
version_gui=$(awk '/monero-gui-source-v/ {print $2}' downloads/hashes.txt | awk -F".tar.bz2" '{print $1}' | awk -F"-" '{print $4}')
|
|
|
|
|
version_cli=$(awk '/monero-source-v/ {print $2}' downloads/hashes.txt | awk -F".tar.bz2" '{print $1}' | awk -F"-" '{print $3}')
|
|
|
|
|
echo -e "\n--> GUI version: $version_gui \n--> CLI version: $version_cli"
|
|
|
|
|
mkdir validate_sources
|
|
|
|
|
cd validate_sources
|
|
|
|
|
# Download / verify git-archive-all.sh
|
|
|
|
|
curl -O https://raw.githubusercontent.com/fabacab/git-archive-all.sh/fc86194f00b678438f9210859597f6eead28e765/git-archive-all.sh
|
|
|
|
|
echo "db62e9a824866989c9d080f008ec06d81421cf94bed3762acba3b9148607af2d git-archive-all.sh" | sha256sum -c
|
|
|
|
|
chmod +x git-archive-all.sh
|
|
|
|
|
echo -e "--> Generating tarballs..."
|
|
|
|
|
# CLI
|
|
|
|
|
git clone --recursive -b $version_cli --depth 1 --shallow-submodule https://github.com/monero-project/monero.git monero.git && cd monero.git && ../git-archive-all.sh --prefix monero-source-${version_cli}/ --format tar --tree-ish $version_cli ../monero-source-${version_cli}.tar && cd .. && bzip2 monero-source-${version_cli}.tar
|
|
|
|
|
# GUI
|
|
|
|
|
git clone --recursive -b $version_gui --depth 1 --shallow-submodule https://github.com/monero-project/monero-gui.git monero-gui.git && cd monero-gui.git && ../git-archive-all.sh --prefix monero-gui-source-${version_gui}/ --format tar --tree-ish $version_gui ../monero-gui-source-${version_gui}.tar && cd .. && bzip2 monero-gui-source-${version_gui}.tar
|
|
|
|
|
mkdir yours
|
|
|
|
|
cp monero-gui-source-${version_gui}.tar.bz2 yours/.
|
|
|
|
|
cp monero-source-${version_cli}.tar.bz2 yours/.
|
|
|
|
|
mkdir from_website
|
|
|
|
|
echo -e "\n--> Move tarballs from getmonero..."
|
|
|
|
|
mv ../monero-gui-source-${version_gui}.tar.bz2 from_website/.
|
|
|
|
|
mv ../monero-source-${version_cli}.tar.bz2 from_website/.
|
|
|
|
|
echo -e "\n--> Unpacking all..."
|
|
|
|
|
bunzip2 yours/*.bz2
|
|
|
|
|
bunzip2 from_website/*.bz2
|
|
|
|
|
tar xf yours/monero-source-${version_cli}.tar -C yours/
|
|
|
|
|
tar xf yours/monero-gui-source-${version_gui}.tar -C yours/
|
|
|
|
|
tar xf from_website/monero-source-${version_cli}.tar -C from_website/
|
|
|
|
|
tar xf from_website/monero-gui-source-${version_gui}.tar -C from_website
|
|
|
|
|
# Compare directories
|
|
|
|
|
echo -e "\n--> Comparing CLI directories"
|
|
|
|
|
diff -r yours/monero-source-$version_cli from_website/monero-source-$version_cli
|
|
|
|
|
echo -e "\n--> Comparing GUI directories"
|
|
|
|
|
diff -r yours/monero-gui-source-$version_gui from_website/monero-gui-source-$version_gui
|
