diff --git a/Scripts/go.sh b/Scripts/go.sh index 038ff95..18e1d18 100644 --- a/Scripts/go.sh +++ b/Scripts/go.sh @@ -12,6 +12,7 @@ NC='\033[0m' export GVM_ROOT="$HOME/.programming/go" BOOTSTRAP_GO="$GVM_ROOT/bootstrap" +GO_BOOTSTRAP_VERSION="1.20.5" OS_NAME="$(uname -s)" ARCH="$(uname -m)" @@ -42,6 +43,79 @@ case "$OS_NAME" in ;; esac +GO_BOOTSTRAP_FILENAME="go${GO_BOOTSTRAP_VERSION}.${GO_BOOTSTRAP_OS}-${GO_BOOTSTRAP_ARCH}.tar.gz" +GO_BOOTSTRAP_URL="https://go.dev/dl/${GO_BOOTSTRAP_FILENAME}" +GO_RELEASE_METADATA_URL="https://go.dev/dl/?mode=json&include=all" + +sha256_file() { + local file_path="$1" + + if command -v sha256sum >/dev/null 2>&1; then + sha256sum "$file_path" | awk '{print $1}' + elif command -v shasum >/dev/null 2>&1; then + shasum -a 256 "$file_path" | awk '{print $1}' + else + echo -e "${RED} ERROR:${NC} No SHA256 tool found (need sha256sum or shasum)." + exit 1 + fi +} + +get_go_release_sha256() { + python3 - "$GO_RELEASE_METADATA_URL" "$GO_BOOTSTRAP_FILENAME" <<'PY' +import json +import sys +import urllib.request + +metadata_url = sys.argv[1] +target_filename = sys.argv[2] + +with urllib.request.urlopen(metadata_url, timeout=30) as response: + releases = json.load(response) + +for release in releases: + for file_info in release.get("files", []): + if file_info.get("filename") == target_filename: + print(file_info.get("sha256", "")) + raise SystemExit(0) + +raise SystemExit(1) +PY +} + +download_and_verify_go_bootstrap() { + local destination_path="$1" + local expected_sha256="" + local actual_sha256="" + local temp_tarball="" + + temp_tarball="$(mktemp "${TMPDIR:-/tmp}/go-bootstrap.XXXXXX")" + + cleanup_go_bootstrap_download() { + rm -f "$temp_tarball" + } + + trap cleanup_go_bootstrap_download RETURN + + echo -e "${BLUE} LOG:${YELLOW} Downloading pinned Bootstrap Go ${GO_BOOTSTRAP_VERSION}...${NC}" + curl -fsSL "$GO_BOOTSTRAP_URL" -o "$temp_tarball" + + expected_sha256="$(get_go_release_sha256)" + if [ -z "$expected_sha256" ]; then + echo -e "${RED} ERROR:${NC} Could not find official SHA256 for ${GO_BOOTSTRAP_FILENAME}." + exit 1 + fi + + actual_sha256="$(sha256_file "$temp_tarball")" + if [ "$actual_sha256" != "$expected_sha256" ]; then + echo -e "${RED} ERROR:${NC} Bootstrap Go checksum mismatch for ${GO_BOOTSTRAP_FILENAME}." + echo -e "${RED} ERROR:${NC} Expected: ${expected_sha256}" + echo -e "${RED} ERROR:${NC} Actual: ${actual_sha256}" + exit 1 + fi + + tar -C "$destination_path" -xzf "$temp_tarball" --strip-components=1 +} + echo -e "${BLUE} LOG:${YELLOW} Setting up Go and GVM in ${GVM_ROOT}...${NC}" if [ ! -d "$GVM_ROOT/scripts" ]; then @@ -66,12 +140,8 @@ else fi if [ ! -d "$BOOTSTRAP_GO" ]; then - echo -e "${BLUE} LOG:${YELLOW} Downloading Bootstrap Go...${NC}" mkdir -p "$BOOTSTRAP_GO" - - wget -q "https://go.dev/dl/go1.20.5.${GO_BOOTSTRAP_OS}-${GO_BOOTSTRAP_ARCH}.tar.gz" -O /tmp/go-bootstrap.tar.gz - tar -C "$BOOTSTRAP_GO" -xzf /tmp/go-bootstrap.tar.gz --strip-components=1 - rm /tmp/go-bootstrap.tar.gz + download_and_verify_go_bootstrap "$BOOTSTRAP_GO" echo -e "${GREEN} SUCCESS:${NC} Bootstrap Go installed." else