fetchbot
is a simple tool for fetching files with a known SHA256 hash. You can use fetchbot
as a building-block in your build-scripts to ensure reproducible builds.
This is just a proof-of-concept, and there are many improvements that could be made!
First, you create a stub file like this:
example.zip.fetchbot
{
"urls": [
"https://github.com/ojdkbuild/ojdkbuild/releases/download/1.8.0.141-1/java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9.x86_64.zip"
],
"sha256": "ccb2db52f90b91251a5af52c48da8774434bba2ad366c4734bfc8b153b67d466"
}
Then, you run fetchbot
on the stub:
$ fetchbot example.zip.fetchbot
fetchbot
will download the file to example.zip
(the .fetchbot
extension is removed) and verify the hash:
$ ls
example.zip.fetchbot
example.zip
Fetchbot is provided as a self-contained binary. See the releases page for downloads.
To install Fetchbot, just place it on your path.
wget "https://github.com/njlr/fetchbot/releases/download/v1.0.0/fetchbot-macos" -O /usr/local/bin/fetchbot
chmod +x /usr/local/bin/fetchbot
fetchbot
sudo wget "https://github.com/njlr/fetchbot/releases/download/v1.0.0/fetchbot-linux" -O /usr/bin/fetchbot
sudo chmod +x /usr/bin/fetchbot
fetchbot
We provide a portable app for Windows, so how you install it is up to you. Please see the releases page.
Large binaries should not be placed under source-control.
Not every artefact you might want is available as a Git repo.
Fetchbot forces you to provide a file-hash; wget does not. Fetchbot is idempotent.
Usability. Fetchbot is less error-prone and available for Windows.