cxllm-vendors/cxos-vendor-llama-cpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
cxos-vendor-llama-cpp/fetch.sh
T
cx-git-agent 52d4f9f3aa vendor: update cxos-vendor-llama-cpp
2026-04-26 16:35:12 +00:00

97 lines
2.5 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
# cxos/vendor/llama-cpp/fetch.sh — download + verify + extract llama.cpp.
#
# Reads cxos/vendor/llama-cpp/PINNED.json. Hard-fails if SHA-256 mismatches.
# Upstream does not sign tarballs, so GPG verification is unsupported here;
# trust is anchored to the SHA-256 in PINNED.json (committed and reviewed).
#
# Usage:
# cxos/vendor/llama-cpp/fetch.sh
# cxos/vendor/llama-cpp/fetch.sh --dry # print plan; no network
#
# Outputs (gitignored):
# cxos/vendor/llama-cpp/llama.cpp-<ver>.tar.gz
# cxos/vendor/llama-cpp/src/llama.cpp-<ver>/
set -euo pipefail
DRY=0
for arg in "$@"; do
case "$arg" in
--dry) DRY=1 ;;
-h|--help)
sed -n '2,15p' "$0" | sed 's/^# \{0,1\}//'
exit 0 ;;
*)
echo "fetch.sh: unknown arg: $arg" >&2
exit 2 ;;
esac
done
HERE="$(cd "$(dirname "$0")" && pwd)"
PINNED="$HERE/PINNED.json"
if [[ ! -f "$PINNED" ]]; then
echo "fetch.sh: missing $PINNED" >&2
exit 1
fi
read -r VERSION TARBALL_URL SHA256 EXTRACTED_DIR < <(
python3 - "$PINNED" <<'PY'
import json, sys
d = json.load(open(sys.argv[1]))
print(d["version"], d["tarball_url"], d["sha256"], d["extracted_dir"])
PY
)
TARBALL="$HERE/llama.cpp-${VERSION}.tar.gz"
SRC_DIR="$HERE/src"
echo "==> llama.cpp ${VERSION}"
echo " tarball: ${TARBALL_URL}"
echo " sha256 : ${SHA256}"
echo " extract: ${SRC_DIR}/${EXTRACTED_DIR}"
if [[ "$SHA256" =~ ^0+$ ]]; then
cat >&2 <<EOF
fetch.sh: PINNED.json has placeholder sha256 (0000...). This is intentional
and means the pin has not been verified yet. To bump:
curl -fsSL "${TARBALL_URL}" -o /tmp/llama.cpp-${VERSION}.tar.gz
sha256sum /tmp/llama.cpp-${VERSION}.tar.gz
Update cxos/vendor/llama-cpp/PINNED.json with the resulting digest in the
same commit, then re-run fetch.sh.
EOF
exit 1
fi
if [[ "$DRY" == "1" ]]; then
echo "==> dry-run; nothing fetched"
exit 0
fi
mkdir -p "$SRC_DIR"
if [[ ! -f "$TARBALL" ]]; then
echo "==> downloading $(basename "$TARBALL")"
curl -fsSL --retry 3 -o "$TARBALL" "$TARBALL_URL"
fi
echo "==> verifying sha256"
ACTUAL_SHA="$(sha256sum "$TARBALL" | awk '{print $1}')"
if [[ "$ACTUAL_SHA" != "$SHA256" ]]; then
echo "fetch.sh: SHA-256 mismatch" >&2
echo " expected: $SHA256" >&2
echo " actual : $ACTUAL_SHA" >&2
rm -f "$TARBALL"
exit 1
fi
echo " ok"
if [[ ! -d "$SRC_DIR/$EXTRACTED_DIR" ]]; then
echo "==> extracting"
tar -xzf "$TARBALL" -C "$SRC_DIR"
fi
echo "==> ready: $SRC_DIR/$EXTRACTED_DIR"
Reference in New Issue View Git Blame Copy Permalink