diff --git a/INSTALL.md b/INSTALL.md index c744bf1a72..857954b6ff 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -299,14 +299,15 @@ Get the toxcore source code and navigate to `other/docker/windows`. Build the container image based on the Dockerfile. The following options are available to customize the building of the container image. -| Name | Description | Expected Value | Default Value | -| --------------------- | ------------------------------------------- | ----------------------------------- | ------------- | -| `SUPPORT_ARCH_i686` | Support building 32-bit toxcore. | "true" or "false" (case sensitive). | true | -| `SUPPORT_ARCH_x86_64` | Support building 64-bit toxcore. | "true" or "false" (case sensitive). | true | -| `SUPPORT_TEST` | Support running toxcore automated tests. | "true" or "false" (case sensitive). | false | -| `VERSION_OPUS` | Version of libopus to build toxcore with. | Numeric version number. | 1.4 | -| `VERSION_SODIUM` | Version of libsodium to build toxcore with. | Numeric version number. | 1.0.19 | -| `VERSION_VPX` | Version of libvpx to build toxcore with. | Numeric version number. | 1.14.0 | +| Name | Description | Expected Value | Default Value | +| -------------------------- | ----------------------------------------------------- | ----------------------------------- | ------------- | +| `SUPPORT_ARCH_i686` | Support building 32-bit toxcore. | "true" or "false" (case sensitive). | true | +| `SUPPORT_ARCH_x86_64` | Support building 64-bit toxcore. | "true" or "false" (case sensitive). | true | +| `SUPPORT_TEST` | Support running toxcore automated tests. | "true" or "false" (case sensitive). | false | +| `VERSION_OPUS` | Version of libopus to build toxcore with. | Numeric version number. | 1.4 | +| `VERSION_SODIUM` | Version of libsodium to build toxcore with. | Numeric version number. | 1.0.19 | +| `VERSION_VPX` | Version of libvpx to build toxcore with. | Numeric version number. | 1.14.0 | +| `ENABLE_HASH_VERIFICATION` | Verify the hashes of the default dependency versions. | "true" or "false" (case sensitive). | true | Example of building a container image with options diff --git a/other/docker/windows/Dockerfile b/other/docker/windows/Dockerfile index 13bb6682a4..caa7a66733 100644 --- a/other/docker/windows/Dockerfile +++ b/other/docker/windows/Dockerfile @@ -7,6 +7,7 @@ FROM debian:bookworm-slim ARG VERSION_OPUS=1.4 \ VERSION_SODIUM=1.0.19 \ VERSION_VPX=1.14.0 \ + ENABLE_HASH_VERIFICATION=true \ \ SUPPORT_TEST=false \ SUPPORT_ARCH_i686=true \ @@ -20,6 +21,7 @@ ENV SUPPORT_TEST=${SUPPORT_TEST} \ CROSS_COMPILE=${CROSS_COMPILE} WORKDIR /work +COPY check_sha256.sh . COPY get_packages.sh . RUN ./get_packages.sh diff --git a/other/docker/windows/build_dependencies.sh b/other/docker/windows/build_dependencies.sh index 2b8ca4dacc..fa2353c93a 100755 --- a/other/docker/windows/build_dependencies.sh +++ b/other/docker/windows/build_dependencies.sh @@ -7,6 +7,8 @@ fi #=== Cross-Compile Dependencies === +. ./check_sha256.sh + build() { ARCH=${1} @@ -41,6 +43,7 @@ build() { echo echo "=== Building Sodium $VERSION_SODIUM $ARCH ===" curl "${CURL_OPTIONS[@]}" -O "https://github.com/jedisct1/libsodium/releases/download/$VERSION_SODIUM-RELEASE/libsodium-$VERSION_SODIUM.tar.gz" + check_sha256 "018d79fe0a045cca07331d37bd0cb57b2e838c51bc48fd837a1472e50068bbea" "libsodium-$VERSION_SODIUM.tar.gz" tar -xf "libsodium-$VERSION_SODIUM.tar.gz" cd "libsodium-stable" ./configure \ @@ -65,6 +68,7 @@ build() { fi curl "${CURL_OPTIONS[@]}" -O "https://ftp.osuosl.org/pub/xiph/releases/opus/opus-$VERSION_OPUS.tar.gz" + check_sha256 "c9b32b4253be5ae63d1ff16eea06b94b5f0f2951b7a02aceef58e3a3ce49c51f" "opus-$VERSION_OPUS.tar.gz" tar -xf "opus-$VERSION_OPUS.tar.gz" cd "opus-$VERSION_OPUS" CFLAGS="$CFLAGS $LIB_OPUS_CFLAGS" \ @@ -93,6 +97,7 @@ build() { LIB_VPX_CFLAGS="-fno-asynchronous-unwind-tables" fi curl "${CURL_OPTIONS[@]}" "https://github.com/webmproject/libvpx/archive/v$VERSION_VPX.tar.gz" -o "libvpx-$VERSION_VPX.tar.gz" + check_sha256 "5f21d2db27071c8a46f1725928a10227ae45c5cd1cad3727e4aafbe476e321fa" "libvpx-$VERSION_VPX.tar.gz" tar -xf "libvpx-$VERSION_VPX.tar.gz" cd "libvpx-$VERSION_VPX" CFLAGS="$CFLAGS $LIB_VPX_CFLAGS" \ diff --git a/other/docker/windows/check_sha256.sh b/other/docker/windows/check_sha256.sh new file mode 100644 index 0000000000..6e5a4f86a4 --- /dev/null +++ b/other/docker/windows/check_sha256.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +check_sha256() { + [ "$ENABLE_HASH_VERIFICATION" = "true" ] && _check_sha256 "$@" +} + +_check_sha256() { + if ! (echo "$1 $2" | sha256sum -c --status -); then + echo "Error: sha256 of $2 doesn't match the known one." + echo "Expected: $1 $2" + echo "Got: $(sha256sum "$2")" + return 1 + fi + echo "sha256 matches the expected one: $1" + return 0 +} diff --git a/other/docker/windows/get_packages.sh b/other/docker/windows/get_packages.sh index 1021785138..efd81e68c9 100755 --- a/other/docker/windows/get_packages.sh +++ b/other/docker/windows/get_packages.sh @@ -51,6 +51,12 @@ if [ "$SUPPORT_TEST" = "true" ]; then curl "${CURL_OPTIONS[@]}" -O --output-dir /etc/apt/sources.list.d/ \ https://dl.winehq.org/wine-builds/debian/dists/bookworm/winehq-bookworm.sources + . ./check_sha256.sh + check_sha256 "78b185fabdb323971d13bd329fefc8038e08559aa51c4996de18db0639a51df6" \ + "/etc/apt/keyrings/winehq-archive.key" + check_sha256 "8dd8ef66c749d56e798646674c1c185a99b3ed6727ca0fbb5e493951e66c0f9e" \ + "/etc/apt/sources.list.d/winehq-bookworm.sources" + dpkg --add-architecture i386 apt-get update apt-get install -y \ diff --git a/other/windows_build_script_toxcore.sh b/other/windows_build_script_toxcore.sh index 4af35437af..9f2202d254 100644 --- a/other/windows_build_script_toxcore.sh +++ b/other/windows_build_script_toxcore.sh @@ -6,6 +6,7 @@ export VERSION_OPUS="1.4" export VERSION_SODIUM="1.0.19" export VERSION_VPX="1.14.0" +export ENABLE_HASH_VERIFICATION=true export SUPPORT_TEST=false export SUPPORT_ARCH_i686=true