@sentry/cli 1.72.2 → 1.73.0

package/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 "You know what they say. Fool me once, strike one, but fool me twice... strike three." — Michael Scott
 
+## Unreleased
+
+## 1.73.0
+
+* feat: Add checksum validation for installed binaries (set `SENTRYCLI_SKIP_CHECKSUM_VALIDATION` to opt-out) (#1123)
+* fix: Detect unwind and debug information in files linked with `gold` (#1124)
+* ref: Silence progress bar in CI environments by default (#1122)
+
 ## 1.72.2
 
 * feat: Use default xcode values for plist struct (#1111)

package/checksums.txt

@@ -0,0 +1,9 @@
+sentry-cli-Darwin-arm64=8a66ee7778d6e0fa1d26e89e69d9ede39b1a3d935c6dbbaeed07242e7608ad10
+sentry-cli-Darwin-universal=392fdfa1af128420a513de98e596b83c08e7242be4f3435e6f2b9665dec15811
+sentry-cli-Darwin-x86_64=7386d7c1e4e9e756f4f95eb6b2202945063961eb585dd2433ad8c268fe880988
+sentry-cli-Linux-aarch64=9ae2a36e491dfea3b6c113ec5084680867a361a58671e21eb163fa553a8dde15
+sentry-cli-Linux-armv7=5b3f36babcc10c232783ec76f48eac9a8ec2a77db7626604127799c2f445c73f
+sentry-cli-Linux-i686=90eaf2f259999becdf2d127489c71b2c33952b0c67f13215306abecbdf893ddd
+sentry-cli-Linux-x86_64=ad9b2a8caf3f05cfc51024a9d10650dbffaa005abd8f407801f318c4924d366d
+sentry-cli-Windows-i686.exe=e691047003f9e10a1e1a6d689010d076374952ab2cd08afb2252f9d9da5437d2
+sentry-cli-Windows-x86_64.exe=31b212913c1ffa0bfc1cf6823d0bcb699adf4bf0ef9f9c6e2218215aba9bc3ec

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry/cli",
-  "version": "1.72.2",
+  "version": "1.73.0",
   "description": "A command line utility to work with Sentry. https://docs.sentry.io/hosted/learn/cli/",
   "homepage": "https://docs.sentry.io/hosted/learn/cli/",
   "license": "BSD-3-Clause",

package/scripts/install.js

@@ -48,8 +48,9 @@ function shouldRenderProgressBar() {
   const silentFlag = process.argv.some(v => v === '--silent');
   const silentConfig = process.env.npm_config_loglevel === 'silent';
   const silentEnv = process.env.SENTRY_NO_PROGRESS_BAR;
+  const ciEnv = process.env.CI === 'true';
   // If any of possible options is set, skip rendering of progress bar
-  return !(silentFlag || silentConfig || silentEnv);
+  return !(silentFlag || silentConfig || silentEnv || ciEnv);
 }
 
 function getDownloadUrl(platform, arch) {
@@ -149,6 +150,45 @@ function getTempFile(cached) {
     .slice(2)}.tmp`;
 }
 
+function validateChecksum(tempPath, name) {
+  let storedHash;
+  try {
+    const checksums = fs.readFileSync(path.join(__dirname, '../checksums.txt'), 'utf8');
+    const entries = checksums.split('\n');
+    for (let i = 0; i < entries.length; i++) {
+      const [key, value] = entries[i].split('=');
+      if (key === name) {
+        storedHash = value;
+        break;
+      }
+    }
+  } catch (e) {
+    npmLog.info(
+      'Checksums are generated when the package is published to npm. They are not available directly in the source repository. Skipping validation.'
+    );
+    return;
+  }
+
+  if (!storedHash) {
+    npmLog.info(`Checksum for ${name} not found, skipping validation.`);
+    return;
+  }
+
+  const currentHash = crypto
+    .createHash('sha256')
+    .update(fs.readFileSync(tempPath))
+    .digest('hex');
+
+  if (storedHash !== currentHash) {
+    fs.unlinkSync(tempPath);
+    throw new Error(
+      `Checksum validation for ${name} failed.\nExpected: ${storedHash}\nReceived: ${currentHash}`
+    );
+  } else {
+    npmLog.info('Checksum validation passed.');
+  }
+}
+
 function downloadBinary() {
   const arch = os.arch();
   const platform = os.platform();
@@ -216,6 +256,9 @@ function downloadBinary() {
           .on('error', e => reject(e))
           .on('close', () => resolve());
       }).then(() => {
+        if (process.env.SENTRYCLI_SKIP_CHECKSUM_VALIDATION !== '1') {
+          validateChecksum(tempPath, name);
+        }
         fs.copyFileSync(tempPath, cachedPath);
         fs.copyFileSync(tempPath, outputPath);
         fs.unlinkSync(tempPath);