2. NSIS Discussion
  3. [NSISdl] Check downloaded files by some sort of hash

Archive: [NSISdl] Check downloaded files by some sort of hash


Oddsodz
16th February 2011 05:40 UTC

[NSISdl] Check downloaded files by some sort of hash
Hello all.

Well today I got asked a question about my installer. "What sort of file checking have you in place for the files that get downloaded in your installer"

And to that I had no answer as I have not added any. So I best get something in place.

Here we go.

If you at my .nsi file attached below. You will see that at line 280 to line 286 I use NSISdl to download 7 "prpack.7z" files.

I Then have my installer unpack the files in to the folders that they need to go.

Now what I wish is for some sort of file checking system in place to make sure that the files have downloaded correctly and match a hash that I have already made (not sure how yet). This way I can then insure that the "prpack.7z" files are not corrupted downloading in anyway before unpacking.

Hope this make since.

Anyway. Can anybody point me to the right department? I Have trolled around the forums for a few hours now. And I have failed to fined the right answers.

Hope somebody can help me out and thanks for taking the time to read.

Oddsodz

MSG
16th February 2011 06:28 UTC

Have you tried googling for 'nsis md5'?

Also, 7z will already CRC the files upon extraction. If the extraction succeeds, you can be reasonably sure that the files were downloaded correctly.

Oddsodz
16th February 2011 16:05 UTC

Yes. I Did do just that. But it says on the plugin page that it is to

Generates a md5 value from either a string or contents of specified file.
So it does not "Not check a md5" I think. But I maybe just too dump to see

But the info about the contents of the "7z" files is good to know. Thanks for that. But it is the ".7z" files I want to check before they get unpacked

MSG
16th February 2011 19:39 UTC

Originally posted by Oddsodz
So it does not "Not check a md5" I think. But I maybe just too dump to see
...What? You want the plugin to NOT check the md5? :igor:

Anyway, the md5 plugin does exactly what you need. It calculates the md5hash of a file. You can use strcmp to verify the hash to the official value. (Hint: If you want the installer to be able to verify the 7z file *without* knowing the md5sum at compiletime, you can create a php script that returns the md5hash of the on-server file. Get that using an internet plugin and you'll know what the 7z file hash should be.)

Oddsodz
16th February 2011 21:07 UTC

Originally posted by MSG
...What? You want the plugin to NOT check the md5? :igor:
Opps, Looks like I was typing late at night and got that wrong.

What I meant was that the page said that it was for "Generating" and not "Checking" MD5s. Anyway. It don't matter. My spelling is bad anyway.

So you say this will do the trick. Now comes the cruxs. I have no clue what you mean by "strcmp". Sure I know it some sort of code command. But what I forgot to add in my 1st post was that I am a right noob in NSIS. As bad as this is going to sound, I Am going to need a "Noobs" guide. Do you happen to have any links to more up to date pages on the matter?

Afrow UK
16th February 2011 22:48 UTC

1. Download the 7z file using inetc (or NSISdl).
2. Download the hash using inetc/NSISdl to a plain text file in $PLUGINSDIR.
3. Hash the 7z file using the MD5 plug-in.
4. Read the hash from the file in $PLUGINSDIR (FileOpen+FileRead+FileClose).
5. Compare the two hashes (you can use StrCmp (RTFM) or ${If} a == b).

Hopefully that will help you.

Stu

Fork me on GitHub