[IMP] Add checksum verification for wkhtmltox

[lasley]

This adds checksum verification to the wkhtmltox download, as discussed in #450.

Depends on:

• [FIX] Switch to wkhtmltopdf GitHub URI #450

[lasley]

From @moylop260 in #450 (comment)

I'm not sure of use this environment variable just for webkit.
I mean, we could use a wget_custom with a dictionary of checksum and url used from MQT.
But IMHO this is other feature (then other PR).

Could we use just the change of the URL like as main comment?

[lasley]

This isn't being exported though, so it doesn't survive past the execution of this script - or am I wrong?

The alternative is just checking the sum against a string, which I do not feel is as clear.

I mean, we could use a wget_custom with a dictionary of checksum and url used from MQT.

IMO this is another feature in itself. We currently support one version of wkhtmltopdf according to what I see here.

[pedrobaeza]

I have updated the dependency to #450, as I think it's the correct one (not #50)

[pedrobaeza]

Waiting @moylop260's feedback

[moylop260]

Is possible skip the checksum validation if the environment variable is missing?

[lasley]

@moylop260 - Which environment variable? The checksum validation does not take place if the env var for the wkhtmltox version is SKIP. Is that what you're referring to?

[moylop260]

Could re-use current environment of TESTS=1 from travis.yml to set the following variables?

1. WKTHMLTOPDF_VERSION = version1
2. WKTHMLTOPDF_VERSION = version2 (other valid version diferent)
3. and SKIP
4. w/o define

[lasley]

Hey @moylop260 - sorry, but I'm not sure I understand. Are you proposing that we just default to the WKTHMLTOPDF_VERSION when TEST=1, but otherwise default to skip - if the variable isn't otherwise declared? So something like this?

TESTS	WKTHMLTOPDF_VERSION defined	WKTHMLTOPDF_VERSION actual
1		$CURRENT_VERSION
1	1.2.3	1.2.3
0		SKIP
0	1.2.3	1.2.3

[moylop260]

sorry for confusion
I meant that we should increase the coverage for this script using all conditions.
So we should change the .travis.yml to test all cases

I'm not talking about a change of behaviour

[lasley]

@moylop260 - Hmmm so you're proposing that we test an invalid checksum? Do we have a way to check if something is installed in our environment using our Travis file?

[lasley]

@moylop260 - I am unclear on how to proceed on this. Do you have a suggestion on my above?

[moylop260]

Is there a way to skip checksum validation if is not defined?

[lasley]

We could do that by just not checking the checksum if WKHTMLTOX_CHECKSUM, but I think that's opening up a security issue that is being closed here. What's the motivation behind no checksum while still installing wkhtmltox?

[moylop260]

We will need change all .travis.yml files that don't have this checksum value filled yet.
Then if we merge it this PR all builds will be fail.