From 62a1c2f0c557ea1662931ebd336bf09394ae9265 Mon Sep 17 00:00:00 2001 From: samrose Date: Mon, 8 Jul 2024 14:35:14 -0400 Subject: [PATCH] fix: supautils was missing checksum step after download (#1033) * fix: supautils was missing checksum step after download * fix: there are debs per architecture, and we run builds on both * fix: just use the vars directly * fix: get the arch abr right * fix: match vars names correctly * fix: remove extra backslash * fix: since ADD happens in a different layer we can try this * fix: rm sha256: * fix: Docker will not multi ADD so scripting the step * fix: needs curl at this layer * fix: use checksum direct * fix: try stripping prefix and colon * fix: cleanup --- Dockerfile | 29 +++++++++++++++++++++++++++-- ansible/vars.yml | 3 ++- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 88f5575b1..c22bad848 100644 --- a/Dockerfile +++ b/Dockerfile @@ -824,8 +824,33 @@ RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc FROM base as supautils # Download package archive ARG supautils_release -ADD "https://github.com/supabase/supautils/releases/download/v${supautils_release}/supautils-v${supautils_release}-pg${postgresql_major}-${TARGETARCH}-linux-gnu.deb" \ - /tmp/supautils.deb +# Define checksums for different architectures +ARG supautils_release_arm64_deb_checksum +ARG supautils_release_amd64_deb_checksum + +RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* + +# Set up a script to download the correct package +RUN echo '#!/bin/sh' > /tmp/download_supautils.sh && \ + echo 'set -e' >> /tmp/download_supautils.sh && \ + echo 'if [ "$TARGETARCH" = "amd64" ]; then' >> /tmp/download_supautils.sh && \ + echo ' CHECKSUM="${supautils_release_amd64_deb_checksum}"' >> /tmp/download_supautils.sh && \ + echo ' ARCH="amd64"' >> /tmp/download_supautils.sh && \ + echo 'elif [ "$TARGETARCH" = "arm64" ]; then' >> /tmp/download_supautils.sh && \ + echo ' CHECKSUM="${supautils_release_arm64_deb_checksum}"' >> /tmp/download_supautils.sh && \ + echo ' ARCH="arm64"' >> /tmp/download_supautils.sh && \ + echo 'else' >> /tmp/download_supautils.sh && \ + echo ' echo "Unsupported architecture: $TARGETARCH" >&2' >> /tmp/download_supautils.sh && \ + echo ' exit 1' >> /tmp/download_supautils.sh && \ + echo 'fi' >> /tmp/download_supautils.sh && \ + echo 'CHECKSUM=$(echo $CHECKSUM | sed "s/^sha256://")' >> /tmp/download_supautils.sh && \ + echo 'curl -fsSL -o /tmp/supautils.deb \\' >> /tmp/download_supautils.sh && \ + echo ' "https://github.com/supabase/supautils/releases/download/v${supautils_release}/supautils-v${supautils_release}-pg${postgresql_major}-$ARCH-linux-gnu.deb"' >> /tmp/download_supautils.sh && \ + echo 'echo "$CHECKSUM /tmp/supautils.deb" | sha256sum -c -' >> /tmp/download_supautils.sh && \ + chmod +x /tmp/download_supautils.sh + +# Run the script to download and verify the package +RUN /tmp/download_supautils.sh && rm /tmp/download_supautils.sh #################### # setup-wal-g.yml diff --git a/ansible/vars.yml b/ansible/vars.yml index 8859fd831..a13440bf1 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -85,7 +85,8 @@ wal2json_release: "2_5" wal2json_release_checksum: sha256:b516653575541cf221b99cf3f8be9b6821f6dbcfc125675c85f35090f824f00e supautils_release: "2.2.1" -supautils_release_checksum: sha256:1a2d2b8fe604d38921ed9cf3a0d56dd142a274035d0dca17ad21cdc81ddd9569 +supautils_release_arm64_deb_checksum: sha256:1a2d2b8fe604d38921ed9cf3a0d56dd142a274035d0dca17ad21cdc81ddd9569 +supautils_release_amd64_deb_checksum: sha256:4674fac146976dc179f5871271830718112f5eaa853bc461df9e303c8df2e1ab supautils_release_tar_checksum: sha256:f1f33371390322ac830645b8b0b8e249cb8ca10b19fdeae917f383014ed01b5d pljava_release: master