diff --git a/bob/devtools/bootstrap.py b/bob/devtools/bootstrap.py index 0f91e4c99107cae490ef7e43fc1351be493e8581..4b47575b9abbe028e1b3c675d602525cc4bf31b5 100644 --- a/bob/devtools/bootstrap.py +++ b/bob/devtools/bootstrap.py @@ -245,7 +245,7 @@ def ensure_miniconda_sh(): return else: logger.info( - "Erasing cached miniconda3 installer (%s does NOT " "match)", + "Erasing cached miniconda3 installer (%s does NOT match)", actual_sha256, ) os.unlink("miniconda.sh") @@ -259,6 +259,21 @@ def ensure_miniconda_sh(): with open(dst, "wb") as f: f.write(response.read()) + # checks that the checksum is correct on this file + actual_sha256 = hashlib.sha256( + open("miniconda.sh", "rb").read() + ).hexdigest() + if actual_sha256 != sha256: + os.unlink("miniconda.sh") + raise RuntimeError( + "Just downloaded miniconda3 installer sha256 checksum (%s) does " + "NOT match expected value (%s). Removing downloaded installer. " + "A wrong checksum may end up making the CI download too many copies " + "and be banned! You must fix this ASAP.", + actual_sha256, + sha256, + ) + def install_miniconda(prefix, name): """Creates a new miniconda installation.