@@ -41,6 +41,7 @@ import (
41
41
"github.com/BitBoxSwiss/bitbox02-api-go/api/firmware/messages"
42
42
"github.com/BitBoxSwiss/bitbox02-api-go/api/firmware/mocks"
43
43
"github.com/BitBoxSwiss/bitbox02-api-go/communication/u2fhid"
44
+ "github.com/BitBoxSwiss/bitbox02-api-go/util/errp"
44
45
"github.com/BitBoxSwiss/bitbox02-api-go/util/semver"
45
46
"github.com/flynn/noise"
46
47
"github.com/stretchr/testify/require"
@@ -109,6 +110,15 @@ func downloadSimulators() ([]string, error) {
109
110
return nil , err
110
111
}
111
112
113
+ hashesMatch := func (file * os.File , expectedHash string ) (bool , error ) {
114
+ hasher := sha256 .New ()
115
+ if _ , err := io .Copy (hasher , file ); err != nil {
116
+ return false , err
117
+ }
118
+ actualHash := hex .EncodeToString (hasher .Sum (nil ))
119
+ return actualHash == expectedHash , nil
120
+ }
121
+
112
122
fileNotExistOrHashMismatch := func (filename , expectedHash string ) (bool , error ) {
113
123
file , err := os .Open (filename )
114
124
if os .IsNotExist (err ) {
@@ -119,13 +129,11 @@ func downloadSimulators() ([]string, error) {
119
129
}
120
130
defer file .Close ()
121
131
122
- hasher := sha256 . New ( )
123
- if _ , err := io . Copy ( hasher , file ); err != nil {
132
+ match , err := hashesMatch ( file , expectedHash )
133
+ if err != nil {
124
134
return false , err
125
135
}
126
- actualHash := hex .EncodeToString (hasher .Sum (nil ))
127
-
128
- return actualHash != expectedHash , nil
136
+ return ! match , nil
129
137
}
130
138
131
139
downloadFile := func (url , filename string ) error {
@@ -164,12 +172,28 @@ func downloadSimulators() ([]string, error) {
164
172
return nil , err
165
173
}
166
174
if doDownload {
175
+ fmt .Printf ("Downloading %s to %s\n " , simulator .URL , filename )
167
176
if err := downloadFile (simulator .URL , filename ); err != nil {
168
177
return nil , err
169
178
}
179
+ // If we downloaded the file, check again the hash.
180
+ file , err := os .Open (filename )
181
+ if err != nil {
182
+ // This should never happen, as we just downloaded it
183
+ return nil , err
184
+ }
185
+ match , err := hashesMatch (file , simulator .Sha256 )
186
+ if err != nil {
187
+ return nil , err
188
+ }
189
+ if ! match {
190
+ return nil , errp .Newf ("downloaded file %s does not match expected hash %s" , filename , simulator .Sha256 )
191
+ }
170
192
if err := os .Chmod (filename , 0755 ); err != nil {
171
193
return nil , err
172
194
}
195
+ } else {
196
+ fmt .Printf ("Skipping download of %s, file already exists and has the correct hash\n " , filename )
173
197
}
174
198
filenames = append (filenames , filename )
175
199
}
0 commit comments