Skip to content

Commit

Permalink
Merge pull request #600 from jingjingxyk/build_native_php
Browse files Browse the repository at this point in the history 
完善hash 验证
  • Loading branch information
@jingjingxyk
jingjingxyk committed Apr 21, 2024
2 parents d38a6f4 + bffedba commit da72bfb
Show file tree
Hide file tree
Showing 7 changed files with 118 additions and 46 deletions.
11 changes: 8 additions & 3 deletions .github/workflows/auto-cache-pool-tarball.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,11 +79,14 @@ jobs:
composer install --no-interaction --no-autoloader --no-scripts --profile --no-dev
composer dump-autoload --optimize --profile --no-dev
php prepare.php +inotify +apcu +ds +xlswriter +ssh2 +pgsql --with-libavif=1
php prepare.php +apcu +ds +xlswriter +ssh2 +pgsql --with-libavif=1 @macos
php prepare.php +inotify +apcu +ds +xlswriter +ssh2 +pgsql --with-libavif=1 --show-tarball-hash=1
php prepare.php +apcu +ds +xlswriter +ssh2 +pgsql --with-libavif=1 @macos --show-tarball-hash=1
cd ${{ github.workspace }}/pool/
zip -9 -r ${WORK_DIR}/all-deps.zip ext lib
HASH=$(sha256sum ${WORK_DIR}/all-deps.zip | awk '{print $1}')
echo " all-deps.zip sha265: ${HASH} "
echo -n ${HASH} > ${WORK_DIR}/all-deps.zip.sha256sum
cd ${{ github.workspace }}
- name: Show Build Result
Expand All @@ -97,7 +100,9 @@ jobs:
with:
name: cached-all-deps
retention-days: 90
path: all-deps.zip
path: |
all-deps.zip
all-deps.zip.sha256sum
- name: gh release
uses: softprops/action-gh-release@v1
Expand Down
8 changes: 5 additions & 3 deletions docs/options.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,12 +165,12 @@ php ./prepare.php --with-parallel-jobs=8
with-build-type
----
构建过程 指定构建类型<br/>

构建类型,默认是 release
可选项: release debug dev
debug 调试版本 (构建过程显示,正在执行的构建命令)<br/>
dev 开发版本 (便于调试单个扩展)<br/>
release 默认版本<br/>


with-http-proxy
----
使用HTTP代理下载扩展和扩展依赖库<br/>
Expand Down Expand Up @@ -210,5 +210,7 @@ GD 库支持 AVIF 图片
php ./prepare.php --with-libavif=1
```


show-tarball-hash
---
计算已下载的源码包 HASH 值

18 changes: 18 additions & 0 deletions sapi/download-box/download-box-get-archive-from-server.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,20 @@ cd ${__PROJECT__}/var/download-box/

if [ -f "${__PROJECT__}/sapi/PHP-VERSION.conf" ] ; then
DOMAIN='https://github.com/swoole/swoole-cli/releases/download/v5.1.1.0/'
ALL_DEPS_HASH="1b8bbd1b64e196b1d56c940fc62079fac8c2cd106867f9534fadb40ee02beaec"
else
DOMAIN='https://github.com/swoole/build-static-php/releases/download/v1.1.0/'
ALL_DEPS_HASH="49fc4e76422c3b182258c95def6c2cbb45d952bde39cec958f3a17ec0e579116"
fi

while [ $# -gt 0 ]; do
case "$1" in
--mirror)
if [ "$2" = 'china' ] ; then
DOMAIN='https://swoole-cli.jingjingxyk.com/'
if [ ! -f "${__PROJECT__}/sapi/PHP-VERSION.conf" ] ; then
DOMAIN='https://php-cli.jingjingxyk.com/'
fi
fi
;;
--*)
Expand All @@ -44,6 +49,19 @@ URL="${DOMAIN}/all-archive.zip"

test -f all-archive.zip || curl -Lo all-archive.zip ${URL}

# hash 签名
HASH=$(sha256sum all-archive.zip | awk '{print $1}')

# 签名验证失败,删除下载文件
if [ ${HASH} != ${ALL_DEPS_HASH} ] ; then
echo 'hash signature is invalid !'
rm -f all-archive.zip
echo ' '
echo ' Please Download Again '
echo ' '
exit 0
fi

unzip -n all-archive.zip

cd ${__PROJECT__}/
Expand Down
77 changes: 39 additions & 38 deletions sapi/src/Preprocessor.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ class Preprocessor
protected string $globalPrefix = '/usr/local/swoole-cli';

protected string $extraLdflags = '';

protected string $extraOptions = '';
protected string $extraCflags = '';

Expand Down Expand Up @@ -97,6 +98,7 @@ class Preprocessor
protected array $inputOptions = [];

protected array $binPaths = [];

/**
* Extensions enabled by default
* @var array|string[]
Expand Down Expand Up @@ -417,11 +419,11 @@ public function donotInstallLibrary(): void
/**
* @param string $url
* @param string $file
* @param string $md5sum
* @param object|null $project
* @param string $httpProxyConfig
* @return void
*/
protected function downloadFile(string $url, string $file, string $md5sum, string $httpProxyConfig = ''): void
protected function downloadFile(string $url, string $file, object $project = null, string $httpProxyConfig = ''): void
{
$retry_number = DOWNLOAD_FILE_RETRY_NUMBE;
$user_agent = DOWNLOAD_FILE_USER_AGENT;//--user-agent='{$user_agent}'
Expand All @@ -445,19 +447,21 @@ protected function downloadFile(string $url, string $file, string $md5sum, strin
if (!is_file($file) or filesize($file) == 0) {
throw new Exception("Downloading file[" . basename($file) . "] from url[$url] failed");
}
// 下载文件的 MD5 不一致
if (!empty($md5sum) and !$this->checkFileMd5sum($file, $md5sum)) {
throw new Exception("The md5 of downloaded file[$file] is inconsistent with the configuration");
// 下载文件的 hash 不一致
if ($project->enableHashVerify) {
if (!$project->hashVerify($file)) {
throw new Exception("The {$project->hashAlgo} of downloaded file[$file] is inconsistent with the configuration");
}
}
}

/**
* @param string $file
* @param string $md5sum
* @param string $downloadScript
* @param object|null $project
* @return void
*/
protected function downloadFileWithScript(string $file, string $md5sum, string $downloadScript): void
protected function downloadFileWithScript(string $file, string $downloadScript, object $project = null): void
{
echo PHP_EOL;
echo $downloadScript;
Expand All @@ -472,25 +476,12 @@ protected function downloadFileWithScript(string $file, string $md5sum, string $
if (!is_file($file) or filesize($file) == 0) {
throw new Exception("Downloading file[" . basename($file) . "] failed");
}
// 下载文件的 MD5 不一致
if (!empty($md5sum) and !$this->checkFileMd5sum($file, $md5sum)) {
throw new Exception("The md5 of downloaded file[$file] is inconsistent with the configuration");
}
}

/**
* @param string $path
* @param string $md5
* @return bool
*/
protected function checkFileMd5sum(string $path, string $md5): bool
{
// md5 不匹配,删除文件
if ($md5 != md5_file($path)) {
unlink($path);
return false;
// 下载文件的 hash 不一致
if ($project->enableHashVerify) {
if (!$project->hashVerify($file)) {
throw new Exception("The {$project->hashAlgo} of downloaded file[$file] is inconsistent with the configuration");
}
}
return true;
}

/**
Expand All @@ -514,11 +505,11 @@ public function addLibrary(Library $lib): void
$lib->enableDownloadWithMirrorURL = true;
}
}
$lib->path = $this->libraryDir . '/' . $lib->file;

// 本地文件被修改,MD5 不一致,删除后重新下载
if (!empty($lib->md5sum) and is_file($lib->path)) {
$this->checkFileMd5sum($lib->path, $lib->md5sum);
$lib->path = $this->libraryDir . '/' . $lib->file;
if ($lib->enableHashVerify) {
// 本地文件被修改,hash 不一致,删除后重新下载
$lib->hashVerify($lib->path);
}

//文件内容为空
Expand All @@ -534,6 +525,11 @@ public function addLibrary(Library $lib): void
if (!$this->getInputOption('skip-download')) {
if (file_exists($lib->path)) {
echo "[Library] file cached: " . $lib->file . PHP_EOL;
if ($this->getInputOption('show-tarball-hash')) {
echo "md5: " . hash_file('md5', $lib->path) . PHP_EOL;
echo "sha1: " . hash_file('sha1', $lib->path) . PHP_EOL;
echo "sha256: " . hash_file('sha256', $lib->path) . PHP_EOL;
}
} else {
$httpProxyConfig = $this->getProxyConfig();
if ($lib->enableGitProxy) {
Expand Down Expand Up @@ -561,8 +557,8 @@ public function addLibrary(Library $lib): void

$this->downloadFileWithScript(
$lib->path,
$lib->md5sum,
$lib->downloadScript
$lib->downloadScript,
$lib
);
} else {
throw new Exception(
Expand All @@ -571,7 +567,7 @@ public function addLibrary(Library $lib): void
}
} else {
echo "[Library] {$lib->file} not found, downloading: " . $lib->url . PHP_EOL;
$this->downloadFile($lib->url, $lib->path, $lib->md5sum, $httpProxyConfig);
$this->downloadFile($lib->url, $lib->path, $lib, $httpProxyConfig);
}
}
}
Expand Down Expand Up @@ -635,9 +631,9 @@ public function addExtension(Extension $ext): void
}
}

// 检查文件的 MD5,若不一致删除后重新下载
if (!empty($ext->md5sum) and file_exists($ext->path)) {
$this->checkFileMd5sum($ext->path, $ext->md5sum);
if ($ext->enableHashVerify) {
// 检查文件的 hash,若不一致删除后重新下载
$ext->hashVerify($ext->path);
}

//文件内容为空,重新下载
Expand Down Expand Up @@ -678,8 +674,8 @@ public function addExtension(Extension $ext): void

$this->downloadFileWithScript(
$ext->path,
$ext->md5sum,
$ext->downloadScript
$ext->downloadScript,
$ext
);
} else {
throw new Exception(
Expand All @@ -688,10 +684,15 @@ public function addExtension(Extension $ext): void
}
} else {
echo "[Extension] {$ext->file} not found, downloading: " . $ext->url . PHP_EOL;
$this->downloadFile($ext->url, $ext->path, $ext->md5sum, $httpProxyConfig);
$this->downloadFile($ext->url, $ext->path, $ext, $httpProxyConfig);
}
} else {
echo "[Extension] file cached: " . $ext->file . PHP_EOL;
if ($this->getInputOption('show-tarball-hash')) {
echo "md5: " . hash_file('md5', $ext->path) . PHP_EOL;
echo "sha1: " . hash_file('sha1', $ext->path) . PHP_EOL;
echo "sha256: " . hash_file('sha256', $ext->path) . PHP_EOL;
}
}

$dst_dir = "{$this->rootDir}/ext/{$ext->name}";
Expand Down
48 changes: 46 additions & 2 deletions sapi/src/Project.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,13 @@ abstract class Project

public string $file = '';

public string $md5sum = '';
public string $hash = '';
public bool $hashVerify = false;

public bool $enableHashVerify = false;

public string $hashAlgo = '';


public string $manual = '';

Expand Down Expand Up @@ -90,10 +96,48 @@ public function withDependentLibraries(string ...$libs): static

public function withMd5sum(string $md5sum): static
{
$this->md5sum = $md5sum;
$this->withHash('md5', $md5sum);
return $this;
}

/**
* https://www.php.net/manual/zh/function.hash-algos.php
* print_r(hash_algos());
* @param string $algo
* @param string $hash
* @return $this
*/
public function withHash(string $algo, string $hash): static
{
$this->hashAlgo = $algo;
$this->hash = $hash;
$this->enableHashVerify = true;
return $this;
}

/*
* hash 签名验证 ,hash 不匹配,删除文件
*/
public function hashVerify(string $file): bool
{
if ($this->enableHashVerify && file_exists($file)) {
switch ($this->hashAlgo) {
case 'md5':
case 'sha1':
case 'sha256':
if (hash_file($this->hashAlgo, $file) === $this->hash) {
$this->hashVerify = true;
} else {
unlink($file);
}
break;
default:
break;
}
}
return $this->hashVerify;
}

public function withUrl(string $url): static
{
$this->url = $url;
Expand Down
1 change: 1 addition & 0 deletions sapi/src/builder/library/pgsql.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
->withUrl('https://ftp.postgresql.org/pub/source/v16.0/postgresql-16.0.tar.gz')
->withManual('https://www.postgresql.org/docs/current/install-procedure.html#CONFIGURE-OPTIONS')
->withManual('https://www.postgresql.org/docs/current/install-procedure.html#CONFIGURE-OPTIONS#:~:text=Client-only%20installation')
->withHash('md5', '30baf5fda60a34230d89c1451119ff91')
->withPrefix($pgsql_prefix)
->withCleanBuildDirectory()
->withBuildScript(
Expand Down
1 change: 1 addition & 0 deletions sapi/src/builder/library/sqlite3.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
->withLicense('https://www.sqlite.org/copyright.html', Library::LICENSE_SPEC)
->withManual('https://www.sqlite.org/docs.html')
->withUrl('https://www.sqlite.org/2023/sqlite-autoconf-3430200.tar.gz')
->withHash('sha256','6d422b6f62c4de2ca80d61860e3a3fb693554d2f75bb1aaca743ccc4d6f609f0')
->withPrefix($sqlite3_prefix)
->withConfigure(
<<<EOF
Expand Down

0 comments on commit da72bfb

Please sign in to comment.