Skip to content

Commit

Permalink
[Ubuntu] Pin sha256 for docker-compose and Alibaba Cloud CLI (actions…
Browse files Browse the repository at this point in the history 
…#8790)

* pin sha256 for docker-compose and Alibaba Cloud CLI

* fix syntax in condition
  • Loading branch information
@sergei-pyshnoi
sergei-pyshnoi authored Nov 17, 2023
1 parent 07e8da7 commit 50ae102
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 4 deletions.
8 changes: 6 additions & 2 deletions images/ubuntu/scripts/build/aliyun-cli.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ source $HELPER_SCRIPTS/install.sh
if isUbuntu20; then
toolset_version=$(get_toolset_value '.aliyunCli.version')
download_url="https://github.com/aliyun/aliyun-cli/releases/download/v$toolset_version/aliyun-cli-linux-$toolset_version-amd64.tgz"
hash_url="https://github.com/aliyun/aliyun-cli/releases/download/v$toolset_version/SHASUMS256.txt"
else
download_url=$(get_github_package_download_url "aliyun/aliyun-cli" "contains(\"aliyun-cli-linux\") and endswith(\"amd64.tgz\")")
hash_url="https://github.com/aliyun/aliyun-cli/releases/latest/download/SHASUMS256.txt"
Expand All @@ -24,7 +23,12 @@ package_name="aliyun-cli-linux-amd64.tgz"
download_with_retries "$download_url" "/tmp" "$package_name"

# Supply chain security - Alibaba Cloud CLI
external_hash=$(get_hash_from_remote_file "$hash_url" "aliyun-cli-linux" "amd64.tgz")
if isUbuntu20; then
external_hash=$(get_toolset_value '.aliyunCli.sha256')
else
external_hash=$(get_hash_from_remote_file "$hash_url" "aliyun-cli-linux" "amd64.tgz")
fi

use_checksum_comparison "/tmp/$package_name" "$external_hash"

tar xzf "/tmp/$package_name"
Expand Down
2 changes: 1 addition & 1 deletion images/ubuntu/scripts/build/docker-compose.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ URL="https://github.com/docker/compose/releases/download/1.29.2/docker-compose-L
curl -fsSL "${URL}" -o /tmp/docker-compose-v1

# Supply chain security - Docker Compose v1
external_hash=$(get_hash_from_remote_file "${URL}.sha256" "compose-Linux-x86_64")
external_hash="f3f10cf3dbb8107e9ba2ea5f23c1d2159ff7321d16f0a23051d68d8e2547b323"
use_checksum_comparison "/tmp/docker-compose-v1" "${external_hash}"
install /tmp/docker-compose-v1 /usr/local/bin/docker-compose

Expand Down
3 changes: 2 additions & 1 deletion images/ubuntu/toolsets/toolset-2004.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,7 @@
"version": "7.2"
},
"aliyunCli": {
"version": "3.0.174"
"version": "3.0.174",
"sha256": "0c51028a7a32fc02c8de855f73e273556f957115eb5624565738f9b9f83a50ba"
}
}

0 comments on commit 50ae102

Please sign in to comment.