diff options
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/download-using-manifests.pl.in | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/scripts/download-using-manifests.pl.in b/scripts/download-using-manifests.pl.in index b681ccf347..6246ed3f62 100644 --- a/scripts/download-using-manifests.pl.in +++ b/scripts/download-using-manifests.pl.in @@ -348,11 +348,22 @@ while (scalar @path > 0) { } +# Make sure that the hash declared in the manifest matches what we +# downloaded and unpacked. + if (defined $finalNarHash) { my ($hashAlgo, $hash) = parseHash $finalNarHash; - my $hash2 = `@bindir@/nix-hash --type $hashAlgo --base32 $targetPath` + + # The hash in the manifest can be either in base-16 or base-32. + # Handle both. + my $extraFlag = + ($hashAlgo eq "sha256" && length($hash) != 64) + ? "--base32" : ""; + + my $hash2 = `@bindir@/nix-hash --type $hashAlgo $extraFlag $targetPath` or die "cannot compute hash of path `$targetPath'"; chomp $hash2; + die "hash mismatch in downloaded path $targetPath; expected $hash, got $hash2" if $hash ne $hash2; } else { |