Skip to content
This repository has been archived by the owner on Feb 24, 2023. It is now read-only.

Commit

Permalink
Verified hashes of downloaded files (#10)
Browse files Browse the repository at this point in the history 
* Replace UofI box with GitHub Release (close #1)

* Add md5 hash verification (close #8)

* Add a ChangeLog
  • Loading branch information
@coatless
coatless authored Jun 7, 2018
1 parent b2a4ae7 commit 301db1e
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 13 deletions.
18 changes: 18 additions & 0 deletions ChangeLog.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# ChangeLog

* __next version__ - XXXX-XX-XX

- TBA

* __1.1.0__ - 2018-06-06

- Added md5 hash check to verify downloaded contents (#8)
- Changed download links to point to projects GitHub Release Page (#1)

* __1.0.0__ - 2018-03-23

- Signed GUI Installer for OS X El Capitan 10.11 - macOS High Sierra 10.13 that establishes the compilation toolchain for _R_.
- Detects, downloads, and installs the appropriate Xcode CLI and gfortran installers for supported macOS systems.
- Downloads and installs the `clang4` CRAN binary.
- Sets the proper paths for `CC`, `CXX`, `CXX**`, `FLIBS`, and `LDFLAGS` in the `~/.R/Makevars file`.
- **Financial support was provided to sign the installer by [Professor Timothy Bates](http://www.ed.ac.uk/profile/timothy-bates) of the [University of Edinburgh](http://www.ed.ac.uk/).**
26 changes: 17 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,9 @@ Specifically, the installer will try to download and install:
- `clang4` from <http://r.research.att.com/libs/>
- `gfortran` from <https://gcc.gnu.org/wiki/GFortranBinaries#MacOS-1>

For those interested, the installer can obtained
here <https://uofi.box.com/v/r-macos-rtools-pkg>. The pre-built binaries this
For those interested, the installer can be obtained
on either the project's [**release page**](https://github.com/coatless/r-macos-rtools/releases/latest)
or through <http://go.illinois.edu/r-macos-rtools-pkg>. The pre-built binaries this
installer encloses can be found at <https://developer.apple.com/download/more/>,
<http://r.research.att.com/libs/>, and <https://gcc.gnu.org/wiki/GFortranBinaries#MacOS-1>.
Unlike the [previous installer](https://github.com/coatless/r-macos-clang),
Expand All @@ -25,10 +26,10 @@ of the [University of Edinburgh](http://www.ed.ac.uk/).

## How do I use the installer?

Download it from <https://uofi.box.com/v/r-macos-rtools-pkg>,
open the installer by right clicking to bring up menu and
selecting "Open". From here, navigate through it like a normal
macOS installer.
1. Download it from the project's [**release page**](https://github.com/coatless/r-macos-rtools/releases/latest)
or through <http://go.illinois.edu/r-macos-rtools-pkg>.
2. Open the installer by either double click or right clicking to bring up menu and selecting "Open".
3. From here, navigate through it like a normal macOS installer.

**That's it.**

Expand All @@ -42,13 +43,20 @@ If you want to see behind the curtain, continue reading...
The macOS _R_ toolchain installer performs four actions that require
the user's password to accomplish. These actions are:

1. download and install XCode CLI
1. download and install the `clang4` pre-made binary
1. download and install XCode CLI via secure Apple product update
1. download, verify, and install the `clang4` pre-made binary
files into the `/usr/local/clang4` directory
1. download and install `gfortran`
1. download, verify, and install `gfortran`
1. establish the proper paths for `CC`, `CXX`, `CXX**`, `FLIBS`,
and `LDFLAGS` in the `~/.R/Makevars` file

Verify steps are conducted using embedded md5 hashes of the files.
If the hash is not identical to what was embedded, the installer will
exit. For details as to how this implemented please see
[Issue 8: Verify pkg hash](https://github.com/coatless/r-macos-rtools/issues/8)
and the
[Pull Request 10: Feature Pkg Hash Verification](https://github.com/coatless/r-macos-rtools/pull/10).

In essence, it provides a graphical user interface installation guide,
more secure path manipulation, and a smarter handling of a pre-existing
`~/.R/Makevars` when compared to a pure bash approach.
Expand Down
6 changes: 3 additions & 3 deletions make_installer.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
#
# Copyright (C) 2018 James Joseph Balamuta <balamut2@illinois.edu>
#
# Version 1.0.0 -- 03/22/18
# Version 1.1.0 -- 06/06/18
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
Expand All @@ -28,7 +28,7 @@
chmod a+x scripts/*

# Version of installer
INSTALLER_VERSION=1.0.0
INSTALLER_VERSION=1.1.0

# Create a payload-free package

Expand Down Expand Up @@ -81,7 +81,7 @@ echo "Rebuilding the package archive..."
productbuild --distribution distribution.xml \
--resources ./build_files \
--sign "Developer ID Installer: James Balamuta" \
--package-path ./macos-rtools-temp.pkg macos-rtools.pkg
--package-path ./macos-rtools-temp.pkg macos-rtools-${INSTALLER_VERSION}.pkg

# Delete the initial build
rm macos-rtools-temp.pkg
Expand Down
32 changes: 31 additions & 1 deletion scripts/postinstall
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
#
# Copyright (C) 2018 James Joseph Balamuta <balamut2@illinois.edu>
#
# Version 1.0 -- 03/22/18
# Version 1.1 -- 06/06/18
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -76,6 +76,25 @@ extract_file(){
tar fvxz $1 -C /
}

################################################################

#1 Path to File
#2 md5 Hash to Check Against
check_md5_hash() {

# Obtain file hash
FILE_HASH=$(md5 $1 | awk '{print $4}')

# MD5 (path/to/file.pkg) = c29700c4e7b2914073ef7e741eb105bc
# 1 % 2 %3% 4

# Check against hash
if [ "$FILE_HASH" = "$2" ]; then
echo 0
else
exit 1
fi
}

################################################################

Expand Down Expand Up @@ -138,6 +157,10 @@ REQUESTED_FILE="clang-4.0.0-darwin15.6-Release.tar.gz"
# Download file into working directory
download_file $LIBS_URL $REQUESTED_FILE

# Check the hash matches the built-in hash
# exit if this is not the case
check_md5_hash $REQUESTED_FILE "2bec4fbae8d9caf6499c941ef9b87eae"

# Extract file into root
extract_file $REQUESTED_FILE

Expand Down Expand Up @@ -236,6 +259,8 @@ os_vers_minor="${os_vers[1]}"
if [[ ${os_vers_minor} -ge 12 && ${os_vers_minor} -le 13 ]]; then
GFORTRAN_DMG=gfortran-6.3-Sierra
GFORTRAN_PKG=gfortran
GFORTRAN_HASH="1849cea667bb714c5c04a8565a9fe231"

# Fill with appropriate linking statements via heredoc insertion
cat <<- EOF >> $R_MAKEVARS_LOCAL
# The following statement changes the Fortran linking path
Expand All @@ -245,6 +270,7 @@ EOF
else
GFORTRAN_DMG=gfortran-6.1-ElCapitan
GFORTRAN_PKG=gfortran-6.1-ElCapitan/gfortran
GFORTRAN_HASH="457b59a6453069cf72dee9a4f9bf1b0a"
fi

# Download software
Expand All @@ -256,6 +282,10 @@ REQUESTED_FILE=${GFORTRAN_DMG}.dmg
# Download file into working directory
download_file $LIBS_URL $REQUESTED_FILE

# Check the hash matches the built-in hash
# exit if this is not the case
check_md5_hash $REQUESTED_FILE $GFORTRAN_HASH

# Perform headless installation of gfortran
# Steps based on
# https://apple.stackexchange.com/questions/73926/is-there-a-command-to-install-a-dmg
Expand Down

0 comments on commit 301db1e

Please sign in to comment.