From 20ad35255a1727695b99f1a8014c3bead5007eb6 Mon Sep 17 00:00:00 2001
From: Duke Leto <duke@leto.net>
Date: Fri, 10 Jan 2020 09:36:44 -0500
Subject: [PATCH] Verify sha256 of libsodium dependency when compiling

---
 res/libsodium/buildlibsodium.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/res/libsodium/buildlibsodium.sh b/res/libsodium/buildlibsodium.sh
index 2de3711..b3ae248 100755
--- a/res/libsodium/buildlibsodium.sh
+++ b/res/libsodium/buildlibsodium.sh
@@ -7,6 +7,7 @@ LIB="libsodium"
 DIR="$LIB-$VERSION"
 FILE="$DIR.tar.gz"
 URL=https://github.com/MyHush/libsodium/releases/download/${VERSION}/${FILE}
+SHA=6f504490b342a4f8a4c4a02fc9b866cbef8622d5df4e5452b46be121e46636c1
 
 # First thing to do is see if libsodium.a exists in the res folder. If it does, then there's nothing to do
 if [ -f res/${LIB}.a ]; then
@@ -21,6 +22,17 @@ if [ ! -f $FILE ]; then
     curl -LO $URL
 fi
 
+echo "$SHA  $FILE" | shasum -a 256 --check
+# TWO SPACES or sadness sometimes:
+# https://unix.stackexchange.com/questions/139891/why-does-verifying-sha256-checksum-with-sha256sum-fail-on-debian-and-work-on-u
+echo "$SHA  $FILE" | shasum -a 256 --check --status
+if [ $? -ne 0 ]; then
+    FOUNDSHA=$(shasum -a 256 $FILE)
+    echo "SHA256 mismatch on $FILE!"
+    echo "$FOUNDSHA did not match $SHA . Aborting..."
+    exit 1
+fi
+
 if [ ! -d $DIR ]; then
     tar xf $FILE
 fi