From 8157ac3e8ce56d0441631dbe7dbbfd546325691a Mon Sep 17 00:00:00 2001 From: Hugo Montero Date: Wed, 10 Jun 2026 16:01:26 -0600 Subject: [PATCH] [A] fix installer to validate correctly the checksum --- installer/unix/install-cli | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/installer/unix/install-cli b/installer/unix/install-cli index 49bcdafd6..e8048e38f 100644 --- a/installer/unix/install-cli +++ b/installer/unix/install-cli @@ -90,14 +90,20 @@ mkdir -p "$DEST_PATH" TMP_FILE=$(mktemp) echo ":::: Downloading CLI version $VERSION" -curl "$BINARY_URL" | gunzip > "$TMP_FILE" +TMP_GZ="$TMP_FILE.gz" +curl "$BINARY_URL" -o "$TMP_GZ" -echo "$BINARY_SHA256 $TMP_FILE" | shasum a 256 -c > /dev/null 2>&1 -if [ $? -eq 1 ]; then +# The manifest sha256 is computed over the gzipped binary, so verify before unzipping +echo "$BINARY_SHA256 $TMP_GZ" | shasum -a 256 -c > /dev/null 2>&1 +if [ $? -ne 0 ]; then echo ':::: Checksum check failed! Aborting installation' + rm -f "$TMP_GZ" "$TMP_FILE" exit 1 fi +gunzip -c "$TMP_GZ" > "$TMP_FILE" +rm -f "$TMP_GZ" + mv -f "$TMP_FILE" "$DEST" chmod +x "$DEST"