#!/usr/bin/env bash set -euo pipefail DATA_DIR="${1:-./data}" FORCE="${FORCE:-false}" if [[ "${1:-}" == "--force" ]] || [[ "${2:-}" == "--force" ]]; then FORCE=true if [[ "${1:-}" == "--force" ]]; then DATA_DIR="./data" fi fi mkdir -p "$DATA_DIR" # ---- Integrity helpers ---- # verify_archive — test that a compressed archive is intact. # Supports .tar.gz, .gz, .bz2. Returns 0 on success. verify_archive() { local file="$1" case "$file" in *.tar.gz|*.tgz) tar -tzf "$file" >/dev/null 2>&1 ;; *.gz) gunzip -t "$file" 2>/dev/null ;; *.bz2) bunzip2 -t "$file" 2>/dev/null ;; *) return 0 ;; # unknown format, skip check esac } # verify_checksum # Returns 0 if the file's SHA-256 matches. verify_checksum() { local file="$1" expected="$2" local actual actual=$(sha256sum "$file" | awk '{print $1}') if [[ "$actual" != "$expected" ]]; then echo " [FAIL] checksum mismatch for $file" echo " expected: $expected" echo " got: $actual" return 1 fi echo " [ok] checksum verified: $file" return 0 } # check_min_size # Returns 0 if file exists and is at least min_bytes. check_min_size() { local file="$1" min="$2" if [[ ! -f "$file" ]]; then return 1; fi local size size=$(stat --printf='%s' "$file" 2>/dev/null || stat -f '%z' "$file" 2>/dev/null || echo 0) (( size >= min )) } # Known SHA-256 checksums for pinned-version downloads. # These are verified once and recorded; update when bumping versions. CHECKSUM_FILE="$DATA_DIR/.checksums" touch "$CHECKSUM_FILE" # save_checksum