Make tarball downloading smarter

This commit is contained in:
Salt 2020-12-02 19:16:17 -06:00
parent 603d7e41b0
commit 1efc45ad5f

View File

@ -97,10 +97,27 @@ build-gentoo() {
| uniq \ | uniq \
| head -n 1 | head -n 1
)" )"
stage3file="$(mktemp "tmp.$USER.$_name.XXXXXX-stage3.tar.xz" -p "/tmp")" stage3file="/tmp/tmp.$USER.$_name.stage3.tar.xz"
stage3sig="/tmp/tmp.$USER.$_name.stage3.tar.xz.DIGESTS.asc"
for file in "$stage3file" "$stage3sig"; do
touch "$file"
chmod 0600 "$file"
done
trap "cleanup $stage3file" EXIT trap "cleanup $stage3file" EXIT
log "Getting tarball from: $stage3" # We grab the signature first to verify the integrity of any tarball leftover from a previous run
curl -s "$stage3" -o "$stage3file" log "Downloading stage3 signature"
curl -s "$stage3.DIGESTS.asc" -o "$stage3sig"
if ! [ -f "$stage3file" ]; then
log "Downloading stage3"
curl -s "$stage3" -o "$stage3file"
elif ! openssl dgst -r -sha512 "$stage3file"; then
log "Signature verification failed; downloading new stage3"
curl -s "$stage3" -o "$stage3file"
fi
# At this point, we should have a new stage3 that matches our signature; die of not
if ! openssl dgst -r -sha512 "$stage3file"; then
error "stage3 signature verification failed" 50
fi
log "Decompressing tarball; this will prompt for root privileges" log "Decompressing tarball; this will prompt for root privileges"
sudo tar xf "$stage3file" -C "$_optdest" sudo tar xf "$stage3file" -C "$_optdest"