From 41ccaf5ab544da794ac95bac7bab9cc0d0a1021e Mon Sep 17 00:00:00 2001
From: Gitouche <26656-gitouche@users.noreply.framagit.org>
Date: Sun, 6 Mar 2022 13:46:10 +0100
Subject: [PATCH] functions : my_buildctl add checksums

---
 functions.sh | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/functions.sh b/functions.sh
index 50c1011..6e87e8e 100644
--- a/functions.sh
+++ b/functions.sh
@@ -265,8 +265,6 @@ elfexec () {
     opts=$(echo "$@")
     if [[ $(uname -i) == 'aarch64' ]]; then
 	memfd_create='279'
-    elif [[ $(uname -i) == 'x86_64' ]]; then
-	memfd_create='319'
     else
 	# defaults to amd64
 	memfd_create='319'
@@ -282,19 +280,28 @@ f = s(${memfd_create}, '', 1);
 os.write(f, e);
 p = '/proc/self/fd/%d' % f;
 myargs='${opts}';
-os.execve(p, ['buildctl'] + myargs.split(), {'PATH': '${PATH}'})"
+os.execve(p, ['binary'] + myargs.split(), {'PATH': '${PATH}'})"
 }
 
 # Execute buildctl directly from the web
 my_buildctl () {
     if [[ $(uname -i) == 'aarch64' ]]; then
 	buildkitarch='arm64'
-    elif [[ $(uname -i) == 'x86_64' ]]; then
-	buildkitarch='amd64'
+        buildctlchecksum='addd49a1db6962c1f04242c93b91d385742a9f8a971f69014d7fd3add30dd82d9f7c002b4cbe4c18c81759cac1c0e0ff2a7f6014e721074216a4f307b112e30e'
     else
 	# defaults to amd64
 	buildkitarch='amd64'
+        buildctlchecksum='510fe781c844b39b569839f27528a2290f39b25f26182489239557a42edded6c16cec571b20c55bdc8f69ffbb59f8e63320540477c7a0d642543d07df99a198b'
     fi
     curl -sSLf https://github.com/moby/buildkit/releases/download/v0.9.3/buildkit-v0.9.3.linux-${buildkitarch}.tar.gz |
-	tar xOz bin/buildctl | elfexec "${@}"
+	tar xOz bin/buildctl | python3 -c "
+import os, hashlib, sys
+from sys import stdin
+e = stdin.buffer.read();
+if hashlib.sha512(e).hexdigest() == '${buildctlchecksum}':
+  sys.stdout.buffer.write(e)
+  sys.exit(0)
+else:
+  sys.stderr.write('Invalid hash\n')
+  sys.exit(-1)" | elfexec "${@}"
 }