From bd282bb49ccd231a9db5708c277aefcde2fe9b0e Mon Sep 17 00:00:00 2001
From: Richard Gee <richard@technologee.co.uk>
Date: Sat, 30 Jun 2018 19:10:29 +0100
Subject: [PATCH] Add SHA checking to get.sh download script

SHA256 checksum files were recently added to the releases page.  This change uses these
in order to check the received binary. A new function has been introduced called checkHash
which checks that shasum is available on the system and if it does goes on to test the
newly received binary against the checksum calculated at build time.  A subshell is invoked
within this function as shasum needs to be called in the same dir aas the binary and this location
can vary depending on the user context.  Using a subshell means the directory switching is transparent
to the user, who remains where they started regardless of the script outcome.

Signed-off-by: Richard Gee <richard@technologee.co.uk>
---
 get.sh | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/get.sh b/get.sh
index 30b324085..cf510a495 100755
--- a/get.sh
+++ b/get.sh
@@ -30,6 +30,20 @@ hasCli() {
     fi
 }
 
+checkHash(){
+    if [ -x "$(command -v shasum)" ]; then
+
+    targetFileDir=${targetFile%/*}
+
+    (cd $targetFileDir && curl -sSL $url.sha256|shasum -c -s)
+   
+        if [ "$?" != "0" ]; then
+            rm $targetFile
+            echo "Binary checksum didn't match. Exiting"
+            exit 1
+        fi
+    fi
+}
 
 getPackage() {
     uname=$(uname)
@@ -56,10 +70,10 @@ getPackage() {
     ;;
     esac
 
-    targetFile="/tmp/faas-cli"
+    targetFile="/tmp/faas-cli$suffix"
     
     if [ "$userid" != "0" ]; then
-        targetFile="$(pwd)/faas-cli"
+        targetFile="$(pwd)/faas-cli$suffix"
     fi
 
     if [ -e $targetFile ]; then
@@ -69,10 +83,12 @@ getPackage() {
     url=https://github.com/openfaas/faas-cli/releases/download/$version/faas-cli$suffix
     echo "Downloading package $url as $targetFile"
 
-    curl -sSL $url > $targetFile
+    curl -sSL $url --output $targetFile
 
     if [ "$?" = "0" ]; then
 
+    checkHash
+
     chmod +x $targetFile
 
     echo "Download complete."
@@ -85,7 +101,7 @@ getPackage() {
             echo "==    following commands may need to be run manually   =="
             echo "========================================================="
             echo
-            echo "  sudo cp faas-cli /usr/local/bin/"
+            echo "  sudo cp faas-cli$suffix /usr/local/bin/faas-cli"
             echo "  sudo ln -sf /usr/local/bin/faas-cli /usr/local/bin/faas"
             echo
 
@@ -94,7 +110,7 @@ getPackage() {
             echo
             echo "Running as root - Attemping to move faas-cli to /usr/local/bin"
 
-            mv $targetFile /usr/local/bin/
+            mv $targetFile /usr/local/bin/faas-cli
         
             if [ "$?" = "0" ]; then
                 echo "New version of faas-cli installed to /usr/local/bin"
@@ -108,6 +124,8 @@ getPackage() {
 	            ln -s /usr/local/bin/faas-cli /usr/local/bin/faas
 	            echo "Creating alias 'faas' for 'faas-cli'."
     	    fi
+
+            faas-cli version
         fi
     fi
 }