Single instance DB projects - verify DB installers (#522)

For the single instance database projects, verify the SHA-256 digest
of the database installer file at the beginning of the install.sh
script, before installing OS updates.

For all single instance database projects:
- Add a db_installer.sha256 file containing the SHA-256 digest value
  for the database installer. (2 digest files for the 12.1.0.2
  project, since it uses separate sets of installer files depending
  on the Oracle edition.)
- Add *.sha256 to .gitattributes, to preserve LF line endings on
  Windows hosts. Otherwise, sha256sum doesn't read the file correctly.
- Verify the SHA-256 digest at the start of the install.sh script. If
  verification fails, exit with an error message explaining what to
  do.

For the XE/Free database projects:
- Move the download of the installer rpm to the beginning of the
  install.sh script.
- Modify the install.sh script so it never deletes an installer rpm
  that the user has previously downloaded.

For the 23.3.0-Free project (unrelated, but necessary):
- Modify the install.sh script to use oracle-database-preinstall-23ai
  instead of oracle-database-preinstall-23c, which has been obsoleted
  in the yum repository.

Tested with both VirtualBox and libvirt providers.

Fixes #512

Signed-off-by: Paul Neumann <[email protected]>

Author: PaulNeumann

OracleDatabase/11.2.0.2/.gitattributes

@@ -1 +1,2 @@
 *.sh	text eol=lf
+*.sha256	text eol=lf

OracleDatabase/11.2.0.2/db_installer.sha256

@@ -0,0 +1 @@
+b5039fad2e4f92c68778dcabbd0b4622a6cb025f25f7d6222f9e9de53ebab531 */vagrant/oracle-xe-11.2.0-1.0.x86_64.rpm.zip

OracleDatabase/11.2.0.2/scripts/install.sh

@@ -16,6 +16,24 @@ set -e
 
 echo 'INSTALLER: Started up'
 
+# verify that database installer is present and valid
+echo 'INSTALLER: Verifying database installer file'
+
+sha256sum --check /vagrant/db_installer.sha256 || {
+  cat << EOF
+
+INSTALLER: Database installer file missing or invalid.
+           Destroy this VM (vagrant destroy), then
+           make sure that the database installer file
+           is in the same directory as the Vagrantfile,
+           and that its SHA-256 digest matches the
+           value in the db_installer.sha256 file,
+           before running vagrant up again.
+
+EOF
+  exit 1
+}
+
 # get up to date
 yum upgrade -y
 

OracleDatabase/12.1.0.2/.gitattributes

@@ -1 +1,2 @@
 *.sh	text eol=lf
+*.sha256	text eol=lf

OracleDatabase/12.1.0.2/db_installer-EE.sha256

@@ -0,0 +1,2 @@
+31fdc2af41687b4e547a3a18f796424d8c1af36406d2160f65b0af6a9cd47355 */vagrant/linuxamd64_12102_database_1of2.zip
+03da14f5e875304b28f0f3bb02af0ec33227885b99c9865df70749d1e220accd */vagrant/linuxamd64_12102_database_2of2.zip

OracleDatabase/12.1.0.2/db_installer-SE2.sha256

@@ -0,0 +1,2 @@
+73873369753230f5a0921f95aceadb591388cb06ed72a7f3aea7bcbcea2403bc */vagrant/linuxamd64_12102_database_se2_1of2.zip
+2492e1be1e3e3531da83d0843c09c08e435ac8cefd9a00c0df56be4f15ceebf3 */vagrant/linuxamd64_12102_database_se2_2of2.zip

OracleDatabase/12.1.0.2/scripts/install.sh

@@ -16,6 +16,39 @@ set -e
 
 echo 'INSTALLER: Started up'
 
+# verify that database installers are present and valid
+echo 'INSTALLER: Verifying database installer files'
+
+case "$ORACLE_EDITION" in
+  'EE')
+    digest_file='db_installer-EE.sha256'
+    installer_zips='linuxamd64_12102_database_?of2.zip'
+    ;;
+  'SE2')
+    digest_file='db_installer-SE2.sha256'
+    installer_zips='linuxamd64_12102_database_se2_?of2.zip'
+    ;;
+  *)
+    echo "INSTALLER: Invalid ORACLE_EDITION ${ORACLE_EDITION}. Must be EE or SE2. Exiting."
+    exit 1
+    ;;
+esac
+
+sha256sum --check /vagrant/"${digest_file}" || {
+  cat << EOF
+
+INSTALLER: Database installer files missing or invalid.
+           Destroy this VM (vagrant destroy), then
+           make sure that the database installer files
+           are in the same directory as the Vagrantfile,
+           and that their SHA-256 digests match the
+           values in the ${digest_file} file,
+           before running vagrant up again.
+
+EOF
+  exit 1
+}
+
 # get up to date
 yum upgrade -y
 
@@ -55,18 +88,7 @@ echo 'INSTALLER: Environment variables set'
 
 # Install Oracle
 
-case "$ORACLE_EDITION" in
-  "EE")
-    unzip '/vagrant/linuxamd64_12102_database_?of2.zip' -d /tmp
-    ;;
-  "SE2")
-    unzip '/vagrant/linuxamd64_12102_database_se2_?of2.zip' -d /tmp
-    ;;
-  *)
-    echo "INSTALLER: Invalid ORACLE_EDITION $ORACLE_EDITION. Must be EE or SE2. Exiting."
-    exit 1
-    ;;
-esac
+unzip /vagrant/"${installer_zips}" -d /tmp
 
 cp /vagrant/ora-response/db_install.rsp.tmpl /tmp/db_install.rsp
 sed -i -e "s|###ORACLE_BASE###|$ORACLE_BASE|g" /tmp/db_install.rsp

OracleDatabase/12.2.0.1/.gitattributes

@@ -1 +1,2 @@
 *.sh	text eol=lf
+*.sha256	text eol=lf

OracleDatabase/12.2.0.1/db_installer.sha256

@@ -0,0 +1 @@
+96ed97d21f15c1ac0cce3749da6c3dac7059bb60672d76b008103fc754d22dde */vagrant/linuxx64_12201_database.zip

OracleDatabase/12.2.0.1/scripts/install.sh

@@ -16,6 +16,24 @@ set -e
 
 echo 'INSTALLER: Started up'
 
+# verify that database installer is present and valid
+echo 'INSTALLER: Verifying database installer file'
+
+sha256sum --check /vagrant/db_installer.sha256 || {
+  cat << EOF
+
+INSTALLER: Database installer file missing or invalid.
+           Destroy this VM (vagrant destroy), then
+           make sure that the database installer file
+           is in the same directory as the Vagrantfile,
+           and that its SHA-256 digest matches the
+           value in the db_installer.sha256 file,
+           before running vagrant up again.
+
+EOF
+  exit 1
+}
+
 # get up to date
 yum upgrade -y