carvel-dev
`install.sh` select from a set of checksum tools (to support a wider range of distributions)
As a user installing Carvel tools on Fedora or Ubuntu (or other OS's not shipped with shasum) I want to be able to verify the shas of the tools So that I can use them confidently
Acceptance Criteria
Given I am on an OS that does not have shasum like Fedora When I run carvel.dev/install.sh Then It exits successfully and has verified the downloaded tools against their shas
Notes: Since shasum defaults to using "1", we should default to sha1sum, and if that is not installed use shasum.
Describe the problem/challenge you have Running install.sh on Fedora 27+:
#16 1.266 + install
#16 1.266 + set -euo pipefail
#16 1.266 + dst_dir=/opt/kubernetes/bin
#16 1.266 ++ command -v wget
#16 1.267 + '[' -x '' ']'
#16 1.267 + dl_bin='curl -s -L'
#16 1.267 + shasum -v
#16 1.268 Missing shasum binary
#16 1.268 + echo 'Missing shasum binary'
#16 1.268 + exit 1
Describe the solution you'd like Be a bit more resilient to differences in distros.
Instead of erroring out, consider a small set of checksum tools and detect one that is present and use it.
Anything else you would like to add: Users many not always be able to / want to install these kinds of utility tools as part of their installation of Carvel tools.
(Thanks to @GrahamDumpleton for pointing this issue out)
Specifically Linux distros tend to favour sha1sum and sha256sum. Only macOS and BSD based systems are guaranteed to have shasum.
Since default algorithm of shasum seems to be "1", then should check for existence of sha1sum and use it, otherwise fallback to shasum.
For Linux systems without shasum, may be able to get it by installing perl-Digest-SHA package.
As this improves the installation experience for a category of users, this issue is quite relevant. ==> "carvel accepted"