From 280f02552ab314f3a02f2188c58ebf4a3f2981e9 Mon Sep 17 00:00:00 2001
From: Billy Robert O'Neal III <bion@microsoft.com>
Date: Tue, 7 Jan 2025 20:08:29 -0800
Subject: [PATCH] Ensure x-script's SHA is tolower'd.

A large customer took a dependency on our happening to use lowercase SHA512s most of the time, and were broken when recent changes to vcpkgTools.xml contained capitalized SHA512s. This change always lowercases the SHA before invoking the x-script.
---
 azure-pipelines/e2e-ports/vcpkg-test-x-script/portfile.cmake | 1 +
 src/test-script-asset-cache.c                                | 1 +
 src/vcpkg/base/downloads.cpp                                 | 3 ++-
 src/vcpkg/commands.download.cpp                              | 1 -
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines/e2e-ports/vcpkg-test-x-script/portfile.cmake b/azure-pipelines/e2e-ports/vcpkg-test-x-script/portfile.cmake
index 3b193ceb28..fc60ed599a 100644
--- a/azure-pipelines/e2e-ports/vcpkg-test-x-script/portfile.cmake
+++ b/azure-pipelines/e2e-ports/vcpkg-test-x-script/portfile.cmake
@@ -2,6 +2,7 @@
 vcpkg_download_distfile(
     SOURCE_PATH
     URLS https://example.com/hello-world.txt
+    # This must stay uppercase to check that the SHA512 is properly tolower'd when it gets passed to x-script
     SHA512 09E1E2A84C92B56C8280F4A1203C7CFFD61B162CFE987278D4D6BE9AFBF38C0E8934CDADF83751F4E99D111352BFFEFC958E5A4852C8A7A29C95742CE59288A8
     FILENAME hello-world.txt
 )
diff --git a/src/test-script-asset-cache.c b/src/test-script-asset-cache.c
index 0595ab13bb..389f54f3bd 100644
--- a/src/test-script-asset-cache.c
+++ b/src/test-script-asset-cache.c
@@ -5,6 +5,7 @@
 #include <string.h>
 
 static const char expected_uri[] = "https://example.com/hello-world.txt";
+// Note that this checks that the SHA is properly tolower'd
 static const char expected_sha[] = "09e1e2a84c92b56c8280f4a1203c7cffd61b162cfe987278d4d6be9afbf38c0e8934cdadf83751f4e99"
                                    "d111352bffefc958e5a4852c8a7a29c95742ce59288a8";
 
diff --git a/src/vcpkg/base/downloads.cpp b/src/vcpkg/base/downloads.cpp
index 0ed24c6566..8f573a3a36 100644
--- a/src/vcpkg/base/downloads.cpp
+++ b/src/vcpkg/base/downloads.cpp
@@ -1050,7 +1050,8 @@ namespace vcpkg
                 {
                     const auto download_path_part_path = download_path + fmt::format(".{}.part", get_process_id());
                     const auto escaped_url = Command(urls[0]).extract();
-                    const auto escaped_sha512 = Command(*hash).extract();
+                    auto escaped_sha512 = Command(*hash).extract();
+                    Strings::inplace_ascii_to_lowercase(escaped_sha512);
                     const auto escaped_dpath = Command(download_path_part_path).extract();
                     Command cmd;
                     cmd.raw_arg(api_stable_format(*script, [&](std::string& out, StringView key) {
diff --git a/src/vcpkg/commands.download.cpp b/src/vcpkg/commands.download.cpp
index 5210182544..101f14880b 100644
--- a/src/vcpkg/commands.download.cpp
+++ b/src/vcpkg/commands.download.cpp
@@ -82,7 +82,6 @@ namespace vcpkg
             {
                 Checks::msg_exit_with_error(VCPKG_LINE_INFO, msgImproperShaLength, msg::value = *p);
             }
-            Strings::inplace_ascii_to_lowercase(p->data(), p->data() + p->size());
         }
 
         return sha;