From 9916f4ddb7659c87c4d003c8d16ee1470012efec Mon Sep 17 00:00:00 2001 From: Guilherme Dantas Date: Wed, 11 Feb 2026 19:46:16 -0300 Subject: [PATCH] fix: check SHA-256 hash of release artifact --- .github/workflows/build.yml | 4 +++- justfile | 8 +++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a2f9b4e8..32e781ba 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -138,8 +138,10 @@ jobs: working-directory: ./machine/emulator run: | make bundle-boost - wget https://github.com/cartesi/machine-emulator/releases/download/v0.19.0/add-generated-files.diff + wget -O add-generated-files.diff https://github.com/cartesi/machine-emulator/releases/download/v0.19.0/add-generated-files.diff + echo "a892e2d9f5c331f5e80bcb5db4133e7db625aa4d14ffdf9467b75c4c34d1744f add-generated-files.diff" | sha256sum -c git apply add-generated-files.diff + rm add-generated-files.diff make sudo make install diff --git a/justfile b/justfile index 5918c637..96d84b19 100644 --- a/justfile +++ b/justfile @@ -1,10 +1,12 @@ update-submodules: git submodule update --recursive --init -apply-generated-files-diff VERSION="v0.19.0": +apply-generated-files-diff VERSION="v0.19.0" FILEHASH="a892e2d9f5c331f5e80bcb5db4133e7db625aa4d14ffdf9467b75c4c34d1744f": cd machine/emulator && \ - wget https://github.com/cartesi/machine-emulator/releases/download/{{VERSION}}/add-generated-files.diff && \ - git apply add-generated-files.diff + (wget -O add-generated-files.diff https://github.com/cartesi/machine-emulator/releases/download/{{VERSION}}/add-generated-files.diff && \ + (echo "{{FILEHASH}} add-generated-files.diff" | sha256sum -c) && \ + git apply add-generated-files.diff) ; \ + rm -f add-generated-files.diff bundle-boost: make -C machine/emulator bundle-boost