From dc65ff800f3766d13e93665066872cd7fc585b73 Mon Sep 17 00:00:00 2001 From: Tanvir Alam Date: Mon, 20 Nov 2017 14:35:59 -0500 Subject: [PATCH] distribution: create sha256sum.txt file when creating binaries to allow validation of checksums. * update README.md to include instructions on how to verify prebuilt binaries for new releases. --- README.md | 5 +++++ dist.sh | 19 ++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0e79061..6acd3cc 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,11 @@ to validate accounts by email, domain or group. ## Installation 1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.2`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin` +Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v2.3`. +``` +sha256sum -c sha256sum.txt 2>&1 | grep OK +oauth2_proxy-2.3.linux-amd64: OK +``` 2. Select a Provider and Register an OAuth Application with a Provider 3. Configure OAuth2 Proxy using config file, command line options, or environment variables 4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx) diff --git a/dist.sh b/dist.sh index 18c5d02..90193df 100755 --- a/dist.sh +++ b/dist.sh @@ -13,6 +13,7 @@ os=$(go env GOOS) arch=$(go env GOARCH) version=$(cat $DIR/version.go | grep "const VERSION" | awk '{print $NF}' | sed 's/"//g') goversion=$(go version | awk '{print $3}') +sha256sum=() echo "... running tests" ./test.sh @@ -25,10 +26,22 @@ for os in windows linux darwin; do fi BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX) TARGET="oauth2_proxy-$version.$os-$arch.$goversion" + FILENAME="oauth2_proxy-$version.$os-$arch$EXT" GOOS=$os GOARCH=$arch CGO_ENABLED=0 \ - go build -ldflags="-s -w" -o $BUILD/$TARGET/oauth2_proxy$EXT || exit 1 - pushd $BUILD - tar czvf $TARGET.tar.gz $TARGET + go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1 + pushd $BUILD/$TARGET + sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)") + cd .. && tar czvf $TARGET.tar.gz $TARGET mv $TARGET.tar.gz $DIR/dist popd done + +checksum_file="sha256sum.txt" +cd $DIR/dist +if [ -f $checksum_file ]; then + rm $checksum_file +fi +touch $checksum_file +for checksum in "${sha256sum[@]}"; do + echo "$checksum" >> $checksum_file +done