Verify Release Checksums
When automating infrastructure with a tool like Saltstack or Nomad, a common task is to specify the the SHA checksum for a file to be downloaded. This is a simple fail-safe that ensures the tool has retrieved the correct file (and unmolested). The automated process will error out if the checksum of the file retrieved does not match the expected value. Now, the checksum hash is unique to the contents of the file, so if there is a change in the file, there is a change in the checksum.
When I use Saltstack to codify the process for installing a particular tool, Saltstack will be told which version of the tool to install, and with each new version, there is a new checksum. Thus, I end up maintaining a map of versions and the checksum for each release, which means that I need to grab the release archive and confirm its checksum, updating the map with those values (with the version as a key to lookup the checksum). There are many examples in the salt formula I write, but here is one.
This is definitely one of those tasks that I’d rather not do manually, in part because I will often need to retrieve and update multiple versions in the map at once.
Without further ado, here are two snippets I use, one for docker-compose, the other for the Hashicorp suite of tools.
docker-compose
First, set the VERSIONS:
VERSIONS="1.7.1 1.7.0 1.6.2 1.6.1 1.6.0 1.5.2"Then wget and sha512sum those in a loop:
for v in $VERSIONS
do
wget -o download.log -O docker-compose-Linux-x86_64-$v https://github.com/docker/compose/releases/download/$v/docker-compose-Linux-x86_64
sha512sum docker-compose-Linux-x86_64-$v
doneThe output will look like:
06ab1b16d067292b7a0235805eaff13698f7ff9263d20a4368e535f1cb1ebe417fa85a51fd1e335128aa94afff26b6ff22f8f6af534e9e8caa73c4e390916955 docker-compose-Linux-x86_64-1.7.1
ebb70b96961c18d3cbdd045e742087a018ea3d20d223f7e23cdace0bd77a596bf68952d767b79c1dfada35123dfcc7f2dd3a1a6dc8134f8d5cf7e445665061b2 docker-compose-Linux-x86_64-1.7.0
71864f5fd7e1b1ba7b37b0f65b5d13e9825ee94f7e6de758c00813d0425ce46f38b3594fbeeaa692232e3b2f57bd26ca997876a7780b90b583091e1df13874d3 docker-compose-Linux-x86_64-1.6.2
9c6d9304df501e084c18379eca34f6e785dbb3c85cf400551a1dccf2e9be6da6f3305577ac5f89866bbc26e6dc2674699c79f75f289854470d53679ea7b08ab8 docker-compose-Linux-x86_64-1.6.1
f67ab4e2f225adae57813a4188803893a49aa8651a324af67c2554d35e4e72278a7d8a565a8021b3153227748f5b7937522dee3e2fe72f9ea211e8bc80a8abfd docker-compose-Linux-x86_64-1.6.0
7dc80c9f86c9845bdd67624e3584c40024a54c8c2cb62e07c9a784625e68d7a9670dd4cd5aa2239917a23a8a149c68c053c24e60baa82ee3cf4cc7bbce65670e docker-compose-Linux-x86_64-1.5.2Hashicorp Tools
Set the APP and VERSIONS to target:
APP=vault
VERSIONS="0.5.1 0.5.2 0.5.3 0.6.0"APP can be any one of the tools listed here.
Then retrieve:
for v in $VERSIONS
do
wget -o download.log -O ${APP}_${v}_linux_amd64.zip https://releases.hashicorp.com/$APP/$v/${APP}_${v}_linux_amd64.zip
sha512sum ${APP}_${v}_linux_amd64.zip
doneOutput will look like:
caeafe21ec01911cb888dd77e299d16457eb1b80844a68070489bfe078c5f8160067a5d8e82174e1e5d11f0e1a254272c71ab801b590ef556f1880c421f5fc12 vault_0.5.1_linux_amd64.zip
17e60dbb13d34db805f8a4659e177ab2c05ae164aba75debfd3d05197f1f270022436cd37c00050883271ac0ea4e66847495fa573880a1135f67d16155fa28d1 vault_0.5.2_linux_amd64.zip
82d8daa4251d23759381d6a8f2267a74ec27f15ef134f1db023d2ff1c7b7de81bfa50af614e752e0f9d6632505e3c04a2ed42613f31e0b14c0455e5a3a238ff9 vault_0.5.3_linux_amd64.zip
4efcf844c6ef4dafafb4174808936649c7dca3293f443e1de56a18fd052607f3b0d1b7111e74788eba5612b1d3b48988e16aa4cd2d4851b80696aa9b60483a4c vault_0.6.0_linux_amd64.zipThis post was originally a gist, but I’m consolidating my notes into one place for my own sanity (and sharing with you is an added bonus).
