From c668ea81e51c1936c2aa01953eb01813731acdcf Mon Sep 17 00:00:00 2001 From: Don Cross Date: Wed, 19 Jan 2022 17:49:10 -0500 Subject: [PATCH] Windows: use certutil.exe to validate files. In Windows builds, I was checking for the existence of md5sum.exe, and if present, I used it for verifying downloaded files. However, this is not a standard utility that comes built into Windows 10. I found there is a standard utility certutil.exe that can calculate md5, sha256, etc, checksums. However, it does not verify files created by the Linux utilities md5sum, sha256sum, etc. So I created a batch file checksum.bat that invokes certutil.exe to process one of those listing files. Reworked run.bat to call checksum.bat instead of using md5sum.exe. --- generate/checksum.bat | 94 +++++++++++++++++++++++++++++++++++++++++++ generate/run.bat | 26 ++++++------ 2 files changed, 107 insertions(+), 13 deletions(-) create mode 100644 generate/checksum.bat diff --git a/generate/checksum.bat b/generate/checksum.bat new file mode 100644 index 00000000..4ead1c60 --- /dev/null +++ b/generate/checksum.bat @@ -0,0 +1,94 @@ +@echo off +setlocal EnableDelayedExpansion +REM ------------------------------------------------------------------------- +REM checksum.bat - by Don Cross / cosinekitty@gmail.com +REM +REM A wrapper around the standard Windows certutil.exe utility +REM that allows verifying checkum listings produced by the +REM Linux utilities sha256sum, md5sum, .... +REM ------------------------------------------------------------------------- + +if "%1" == "" goto usage +if "%2" == "" goto usage +if not "%3" == "" goto usage +set hashfunc=%1 +set textfile=%2 + +set certutil= +for %%x in (certutil.exe) do (set certutil=%%~$PATH:x) +if not defined certutil ( + echo ERROR: could not find certutil.exe + exit /b 2 +) + +if not exist !textfile! ( + echo.ERROR - textfile "!textfile!" does not exist. + exit /b 2 +) + +set /a failcount = 0 +for /f "tokens=1,2" %%a in (!textfile!) do ( + if not exist %%b ( + echo.ERROR - File does not exist: %%b + set /a failcount += 1 + ) else ( + certutil.exe -hashfile %%b !hashfunc! > checksum.tmp + if errorlevel 1 ( + type checksum.tmp + echo.ERROR - unexpected error !ErrorLevel! returned by certutil.exe. + exit /b 2 + ) + + set /a lnum = 0 + set sum= + for /f %%x in (checksum.tmp) do ( + set /a lnum += 1 + if !lnum! == 2 ( + set sum=%%x + ) + ) + if not defined sum ( + echo.ERROR - missing checksum in certutil.exe output for file %%b + exit /b 2 + ) + if !sum! == %%a ( + echo.%%b : OK + ) else ( + type checksum.tmp + echo.expected checksum = %%a + echo.calculated checksum = !sum! + echo.%%b : FAILURE + set /a failcount += 1 + ) + ) +) +if exist checksum.tmp (del checksum.tmp) + +if !failcount! gtr 0 ( + echo.ERROR - !failcount! checksum failures + exit /b 1 +) + +echo.SUCCESS +exit /b 0 + +REM ------------------------------------------------------------------------- +:usage +echo.checksum.bat by Don Cross - https://github.com/cosinekitty/astronomy +echo. +echo.USAGE: checksum.bat hashfunc textfile +echo. +echo.where +echo. +echo.hashfunc = sha256, md5, ... +echo.textfile = text file produced by Linux sha256sum, md5sum, ... +echo. +echo.Processes the lines of text inside textfile, and verifies +echo.the checksums inside each. +echo. +echo.Return code: +echo.0 = all checksums verified correctly +echo.1 = at least one checksum failure +echo.2 = some other error (see printed output) +echo. +exit /b 2 diff --git a/generate/run.bat b/generate/run.bat index b55af091..362e38b2 100644 --- a/generate/run.bat +++ b/generate/run.bat @@ -1,13 +1,13 @@ @echo off setlocal EnableDelayedExpansion -call :Download https://github.com/cosinekitty/ephemeris/raw/master/lnxp1600p2200.405 lnxp1600p2200.405 ephemeris.md5 +call :Download https://github.com/cosinekitty/ephemeris/raw/master/lnxp1600p2200.405 lnxp1600p2200.405 ephemeris.sha256 if errorlevel 1 (exit /b 1) -call :Download https://github.com/cosinekitty/ephemeris/raw/master/top2013/TOP2013.dat TOP2013.dat top2013.md5 +call :Download https://github.com/cosinekitty/ephemeris/raw/master/top2013/TOP2013.dat TOP2013.dat top2013.sha256 if errorlevel 1 (exit /b 1) -call :Download https://raw.githubusercontent.com/astronexus/HYG-Database/master/hygdata_v3.csv hygdata_v3.csv hygdata_v3.md5 +call :Download https://raw.githubusercontent.com/astronexus/HYG-Database/master/hygdata_v3.csv hygdata_v3.csv hygdata_v3.sha256 if errorlevel 1 (exit /b 1) set FASTMODE=true @@ -239,10 +239,9 @@ REM A special download process helps keep the repo size reasonable. setlocal for %%x in (wget.exe) do (set wgetexe=%%~$PATH:x) for %%x in (curl.exe) do (set curlexe=%%~$PATH:x) - for %%x in (md5sum.exe) do (set md5exe=%%~$PATH:x) set EPHURL=%1 set EPHFILE=%2 - set MD5FILE=%3 + set SHAFILE=%3 if not exist !EPHFILE! ( echo. echo.Local file not found: !EPHFILE! @@ -273,14 +272,15 @@ REM A special download process helps keep the repo size reasonable. ) :verify_eph - if defined md5exe ( - echo.Using !md5exe! to test integrity of downloaded !EPHFILE! - "!md5exe!" -c !MD5FILE! - if errorlevel 1 ( - echo.Corrupt ephemeris file !EPHFILE! detected. - if exist !EPHFILE! (del !EPHFILE!) - exit /b 1 - ) + echo.Using checksum.bat to test integrity of downloaded !EPHFILE! + call checksum.bat sha256 !SHAFILE! + if errorlevel 2 ( + echo.Error verifying checksum for !EPHFILE!. + exit /b 1 + ) else if errorlevel 1 ( + echo.Corrupt ephemeris file !EPHFILE! detected. + if exist !EPHFILE! (del !EPHFILE!) + exit /b 1 ) exit /b 0