From bd8d94b67cbfca66ddc71c087cd8043cfb8f0436 Mon Sep 17 00:00:00 2001
From: Christine Dodrill <me@christine.website>
Date: Sun, 16 May 2021 14:09:29 +0000
Subject: [PATCH] Check sha256 for validity

Closes #1

Signed-off-by: Christine Dodrill <me@christine.website>
---
 main.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/main.go b/main.go
index 7ed795a..64d626b 100644
--- a/main.go
+++ b/main.go
@@ -4,7 +4,9 @@ import (
 	"bufio"
 	"bytes"
 	crand "crypto/rand"
+	"crypto/sha256"
 	"embed"
+	"encoding/hex"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -133,6 +135,26 @@ func main() {
 
 		fout.Close()
 		resp.Body.Close()
+
+		fin, err := os.Open(qcowPath)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		hasher := sha256.New()
+		if _, err := io.Copy(hasher, fin); err != nil {
+			log.Fatal(err)
+		}
+		hash := hex.EncodeToString(hasher.Sum(nil))
+
+		if hash != resultDistro.Sha256Sum {
+			log.Println("hash mismatch, someone is doing something nasty")
+			log.Printf("want: %s", resultDistro.Sha256Sum)
+			log.Printf("got: %s", resultDistro.Sha256Sum)
+			os.Exit(1)
+		}
+
+		log.Printf("hash check passed (%s)", resultDistro.Sha256Sum)
 	}
 
 	tmpl := template.Must(template.ParseFS(data, "templates/*"))