Maksytka/kind
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kind.git synced 2025-11-30 23:16:04 +07:00
Code Issues Packages Projects Releases Wiki Activity

build external go binaries from source

Browse Source 
- streamlines patching go version related CVEs
- ensures binaries with CGO are linked to the library version we'll be using
This commit is contained in:
Benjamin Elder
2023-05-08 18:40:02 -07:00
parent 7b017b2ce1
commit 2c2b553108
10 changed files with 1103 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hack/make-rules/verify/shellcheck.sh
View File

@@ -49,7 +49,7 @@ fi
all_shell_scripts=()
while IFS=$'\n' read -r script;
do git check-ignore -q "$script" || all_shell_scripts+=("$script");
done < <(grep -irl '#!.*sh' . | grep -Ev '(^\./\.git/)|(^\./vendor/)|(^\./hack/third_party/)|(^\./bin/)|(\.go$)')
done < <(grep -irl '#!.*sh' . | grep -Ev '(^\./\.git/)|(^\./vendor/)|(^\./hack/third_party/)|(^\./images/base/scripts/third_party/)|(^\./bin/)|(\.go$)')
# common arguments we'll pass to shellcheck
SHELLCHECK_OPTIONS=(

4
images/Makefile.common.in
View File

@@ -22,6 +22,8 @@ REGISTRY?=gcr.io/k8s-staging-kind
TAG?=$(shell echo "$$(date +v%Y%m%d)-$$(git describe --always --dirty)")
# the full image tag
IMAGE?=$(REGISTRY)/$(IMAGE_NAME):$(TAG)
# Go version to use, currently only respected by images/base
GO_VERSION=$(shell cat $(CURDIR)/../../.go-version | head -n1)
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
@@ -32,7 +34,7 @@ OUTPUT?=
PROGRESS=auto
EXTRA_BUILD_OPT?=
build: ensure-buildx
docker buildx build $(if $(PLATFORMS),--platform=$(PLATFORMS),) $(OUTPUT) --progress=$(PROGRESS) -t ${IMAGE} --pull $(EXTRA_BUILD_OPT) .
docker buildx build $(if $(PLATFORMS),--platform=$(PLATFORMS),) $(OUTPUT) --progress=$(PROGRESS) -t ${IMAGE} --pull --build-arg GO_VERSION=$(GO_VERSION) $(EXTRA_BUILD_OPT) .
# push the cross built image
push: OUTPUT=--push

223
images/base/Dockerfile
View File

@@ -19,49 +19,16 @@
# start from ubuntu, this image is reasonably small as a starting point
# for a kubernetes node image, it doesn't contain much we don't need
# this stage will install basic files and packages
ARG BASE_IMAGE=ubuntu:22.04
FROM $BASE_IMAGE as build
# `docker buildx` automatically sets this arg value
ARG TARGETARCH
# Configure containerd and runc binaries from kind-ci/containerd-nightlies repository
# The repository contains latest stable releases and nightlies built for multiple architectures
ARG CONTAINERD_VERSION="1.6.20-14-g967a516de"
ARG CONTAINERD_BASE_URL="https://github.com/kind-ci/containerd-nightlies/releases/download"
ARG CONTAINERD_URL="${CONTAINERD_BASE_URL}/containerd-${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-linux-${TARGETARCH}.tar.gz"
ARG CONTAINERD_AMD64_SHA256SUM="429140ca5c264fa2ddc34b5a5e894c45a4c1dc0e5c13a5d18012878b76b89d88"
ARG CONTAINERD_ARM64_SHA256SUM="be56d1583f627b0e7afefd2d9ee400f181c646b9d729217d986fa8ed7b8745ad"
ARG RUNC_URL="${CONTAINERD_BASE_URL}/containerd-${CONTAINERD_VERSION}/runc.${TARGETARCH}"
ARG RUNC_AMD64_SHA256SUM="d78d68124ab6207c498d6fcaf527f5156832b307059e7daa97d64eb99a24162d"
ARG RUNC_ARM64_SHA256SUM="82b27080bbef08649d49094ee03e504fbb60dea40d5f914e3a908264bc048af1"
# Configure crictl binary from upstream
ARG CRICTL_VERSION="v1.26.1"
ARG CRICTL_URL="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-${TARGETARCH}.tar.gz"
ARG CRICTL_AMD64_SHA256SUM="0c1a0f9900c15ee7a55e757bcdc220faca5dd2e1cfc120459ad1f04f08598127"
ARG CRICTL_ARM64_SHA256SUM="cfa28be524b5da1a6dded455bb497dfead27b1fd089e1161eb008909509be585"
# Configure CNI binaries from upstream
ARG CNI_PLUGINS_VERSION="v1.2.0"
ARG CNI_PLUGINS_TARBALL="${CNI_PLUGINS_VERSION}/cni-plugins-linux-${TARGETARCH}-${CNI_PLUGINS_VERSION}.tgz"
ARG CNI_PLUGINS_URL="https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGINS_TARBALL}"
ARG CNI_PLUGINS_AMD64_SHA256SUM="f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37"
ARG CNI_PLUGINS_ARM64_SHA256SUM="525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57"
# Configure containerd-fuse-overlayfs snapshotter binary from upstream
ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="1.0.5"
ARG CONTAINERD_FUSE_OVERLAYFS_TARBALL="v${CONTAINERD_FUSE_OVERLAYFS_VERSION}/containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}-linux-${TARGETARCH}.tar.gz"
ARG CONTAINERD_FUSE_OVERLAYFS_URL="https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/${CONTAINERD_FUSE_OVERLAYFS_TARBALL}"
ARG CONTAINERD_FUSE_OVERLAYFS_AMD64_SHA256SUM="1f4b12322cc1b044dfbbeaec30fc42295cedc8b6f0642146ba518333f9d5ddca"
ARG CONTAINERD_FUSE_OVERLAYFS_ARM64_SHA256SUM="073e83196a7a73bd130fe44085bd65303c7e6cfc8c53ba46d90a16cbb8e5a112"
FROM $BASE_IMAGE as base
# copy in static files
# all scripts are 0755 (rwx r-x r-x)
COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/
# all configs are 0644 (rw- r-- r--)
# all non-scripts are 0644 (rw- r-- r--)
COPY --chmod=0644 files/LICENSES/* /LICENSES/*
COPY --chmod=0644 files/etc/* /etc/
COPY --chmod=0644 files/etc/containerd/* /etc/containerd/
COPY --chmod=0644 files/etc/default/* /etc/default/
@@ -99,7 +66,6 @@ COPY --chmod=0644 files/etc/systemd/system/kubelet.service.d/* /etc/systemd/syst
# Finally we adjust tempfiles cleanup to be 1 minute after "boot" instead of 15m
# This is plenty after we've done initial setup for a node, but before we are
# likely to try to export logs etc.
RUN echo "Installing Packages ..." \
&& DEBIAN_FRONTEND=noninteractive clean-install \
systemd \
@@ -117,67 +83,9 @@ RUN echo "Installing Packages ..." \
&& echo "ReadKMsg=no" >> /etc/systemd/journald.conf \
&& ln -s "$(which systemd)" /sbin/init
RUN echo "Enabling kubelet ... " \
&& systemctl enable kubelet.service
RUN echo "Installing containerd ..." \
&& curl -sSL --retry 5 --output /tmp/containerd.${TARGETARCH}.tgz "${CONTAINERD_URL}" \
&& echo "${CONTAINERD_AMD64_SHA256SUM} /tmp/containerd.amd64.tgz" | tee /tmp/containerd.sha256 \
&& echo "${CONTAINERD_ARM64_SHA256SUM} /tmp/containerd.arm64.tgz" | tee -a /tmp/containerd.sha256 \
&& sha256sum --ignore-missing -c /tmp/containerd.sha256 \
&& rm -f /tmp/containerd.sha256 \
&& tar -C /usr/local -xzvf /tmp/containerd.${TARGETARCH}.tgz \
&& rm -rf /tmp/containerd.${TARGETARCH}.tgz \
&& rm -f /usr/local/bin/containerd-stress /usr/local/bin/containerd-shim-runc-v1 \
&& curl -sSL --retry 5 --output /tmp/runc.${TARGETARCH} "${RUNC_URL}" \
&& echo "${RUNC_AMD64_SHA256SUM} /tmp/runc.amd64" | tee /tmp/runc.sha256 \
&& echo "${RUNC_ARM64_SHA256SUM} /tmp/runc.arm64" | tee -a /tmp/runc.sha256 \
&& sha256sum --ignore-missing -c /tmp/runc.sha256 \
&& rm -f /tmp/runc.sha256 \
&& mv /tmp/runc.${TARGETARCH} /usr/local/sbin/runc \
&& chmod 755 /usr/local/sbin/runc \
&& ctr oci spec \
| jq '.hooks.createContainer[.hooks.createContainer| length] |= . + {"path": "/usr/local/bin/mount-product-files"}' \
| jq 'del(.process.rlimits)' \
> /etc/containerd/cri-base.json \
&& containerd --version \
&& runc --version \
&& systemctl enable containerd
RUN echo "Installing crictl ..." \
&& curl -sSL --retry 5 --output /tmp/crictl.${TARGETARCH}.tgz "${CRICTL_URL}" \
&& echo "${CRICTL_AMD64_SHA256SUM} /tmp/crictl.amd64.tgz" | tee /tmp/crictl.sha256 \
&& echo "${CRICTL_ARM64_SHA256SUM} /tmp/crictl.arm64.tgz" | tee -a /tmp/crictl.sha256 \
&& sha256sum --ignore-missing -c /tmp/crictl.sha256 \
&& rm -f /tmp/crictl.sha256 \
&& tar -C /usr/local/bin -xzvf /tmp/crictl.${TARGETARCH}.tgz \
&& rm -rf /tmp/crictl.${TARGETARCH}.tgz
RUN echo "Installing CNI plugin binaries ..." \
&& curl -sSL --retry 5 --output /tmp/cni.${TARGETARCH}.tgz "${CNI_PLUGINS_URL}" \
&& echo "${CNI_PLUGINS_AMD64_SHA256SUM} /tmp/cni.amd64.tgz" | tee /tmp/cni.sha256 \
&& echo "${CNI_PLUGINS_ARM64_SHA256SUM} /tmp/cni.arm64.tgz" | tee -a /tmp/cni.sha256 \
&& sha256sum --ignore-missing -c /tmp/cni.sha256 \
&& rm -f /tmp/cni.sha256 \
&& mkdir -p /opt/cni/bin \
&& tar -C /opt/cni/bin -xzvf /tmp/cni.${TARGETARCH}.tgz \
&& rm -rf /tmp/cni.${TARGETARCH}.tgz \
&& find /opt/cni/bin -type f -not \( \
-iname host-local \
-o -iname ptp \
-o -iname portmap \
-o -iname loopback \
\) \
-delete
RUN echo "Installing containerd-fuse-overlayfs ..." \
&& curl -sSL --retry 5 --output /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz "${CONTAINERD_FUSE_OVERLAYFS_URL}" \
&& echo "${CONTAINERD_FUSE_OVERLAYFS_AMD64_SHA256SUM} /tmp/containerd-fuse-overlayfs.amd64.tgz" | tee /tmp/containerd-fuse-overlayfs.sha256 \
&& echo "${CONTAINERD_FUSE_OVERLAYFS_ARM64_SHA256SUM} /tmp/containerd-fuse-overlayfs.arm64.tgz" | tee -a /tmp/containerd-fuse-overlayfs.sha256 \
&& sha256sum --ignore-missing -c /tmp/containerd-fuse-overlayfs.sha256 \
&& rm -f /tmp/containerd-fuse-overlayfs.sha256 \
&& tar -C /usr/local/bin -xzvf /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz \
&& rm -rf /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz
RUN echo "Enabling kubelet and containerd services ... " \
&& systemctl enable kubelet.service \
&& systemctl enable containerd.service
RUN echo "Ensuring /etc/kubernetes/manifests" \
&& mkdir -p /etc/kubernetes/manifests
@@ -185,10 +93,123 @@ RUN echo "Ensuring /etc/kubernetes/manifests" \
RUN echo "Adjusting systemd-tmpfiles timer" \
&& sed -i /usr/lib/systemd/system/systemd-tmpfiles-clean.timer -e 's#OnBootSec=.*#OnBootSec=1min#'
# squash
# shared stage to setup go version for building binaries
FROM base as go-build
COPY --chmod=0755 scripts/third_party/gimme/gimme /usr/local/bin/
# tools needed at build-time only
RUN clean-install git make libseccomp-dev gcc libc-dev pkg-config
# set by makefile to .go-version
ARG GO_VERSION
RUN eval "$(gimme "${GO_VERSION}")" \
&& GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest
# stage for building containerd
FROM go-build as build-containerd
ARG GO_VERSION
ARG CONTAINERD_VERSION="v1.6.21"
ARG CONTAINERD_CLONE_URL="https://github.com/containerd/containerd"
# we don't build with optional snapshotters, we never select any of these
# they're not ideal inside kind anyhow, and we save some disk space
ARG BUILDTAGS=no_aufs,no_zfs,no_btrfs,no_devmapper
RUN git clone --filter=tree:0 "${CONTAINERD_CLONE_URL}" /containerd \
&& cd /containerd \
&& git checkout "${CONTAINERD_VERSION}" \
&& eval "$(gimme "${GO_VERSION}")" \
&& make bin/ctr bin/containerd bin/containerd-shim-runc-v2 \
&& go-licenses save --save_path=/_LICENSES \
./cmd/ctr ./cmd/containerd ./cmd/containerd-shim-runc-v2
# stage for building runc
FROM go-build as build-runc
ARG GO_VERSION
ARG RUNC_VERSION="v1.1.7"
ARG RUNC_CLONE_URL="https://github.com/opencontainers/runc"
RUN git clone --filter=tree:0 "${RUNC_CLONE_URL}" /runc \
&& cd /runc \
&& git checkout "${RUNC_VERSION}" \
&& eval "$(gimme "${GO_VERSION}")" \
&& make runc \
&& go-licenses save --save_path=/_LICENSES .
# stage for building crictl
FROM go-build as build-crictl
ARG GO_VERSION
ARG CRI_TOOLS_CLONE_URL="https://github.com/kubernetes-sigs/cri-tools"
ARG CRICTL_VERSION="v1.26.1"
RUN git clone --filter=tree:0 "${CRI_TOOLS_CLONE_URL}" /cri-tools \
&& cd /cri-tools \
&& git checkout "${CRICTL_VERSION}" \
&& eval "$(gimme "${GO_VERSION}")" \
&& make BUILD_BIN_PATH=./build crictl \
&& go-licenses save --save_path=/_LICENSES ./cmd/crictl
# stage for building cni-plugins
FROM go-build as build-cni
ARG GO_VERSION
ARG CNI_PLUGINS_VERSION="v1.2.0"
ARG CNI_PLUGINS_CLONE_URL="https://github.com/containernetworking/plugins"
RUN git clone --filter=tree:0 "${CNI_PLUGINS_CLONE_URL}" /cni-plugins \
&& cd /cni-plugins \
&& git checkout "${CNI_PLUGINS_VERSION}" \
&& eval "$(gimme "${GO_VERSION}")" \
&& mkdir ./bin \
&& go build -o ./bin/host-local -mod=vendor ./plugins/ipam/host-local \
&& go build -o ./bin/loopback -mod=vendor ./plugins/main/loopback \
&& go build -o ./bin/ptp -mod=vendor ./plugins/main/ptp \
&& go build -o ./bin/portmap -mod=vendor ./plugins/meta/portmap \
&& go-licenses save --save_path=/_LICENSES \
./plugins/ipam/host-local \
./plugins/main/loopback ./plugins/main/ptp \
./plugins/meta/portmap
# stage for building containerd-fuse-overlayfs
FROM go-build as build-fuse-overlayfs
ARG GO_VERSION
ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="v1.0.5"
ARG CONTAINERD_FUSE_OVERLAYFS_CLONE_URL="https://github.com/containerd/fuse-overlayfs-snapshotter"
RUN git clone --filter=tree:0 "${CONTAINERD_FUSE_OVERLAYFS_CLONE_URL}" /fuse-overlayfs-snapshotter \
&& cd /fuse-overlayfs-snapshotter \
&& git checkout "${CONTAINERD_FUSE_OVERLAYFS_VERSION}" \
&& eval "$(gimme "${GO_VERSION}")" \
&& make bin/containerd-fuse-overlayfs-grpc \
&& go-licenses save --save_path=/_LICENSES ./cmd/containerd-fuse-overlayfs-grpc
# build final image layout from other stages
FROM base as build
# copy over containerd build and install
COPY --from=build-containerd /containerd/bin/containerd /usr/local/bin/
COPY --from=build-containerd /containerd/bin/ctr /usr/local/bin/
COPY --from=build-containerd /containerd/bin/containerd-shim-runc-v2 /usr/local/bin/
RUN ctr oci spec \
| jq '.hooks.createContainer[.hooks.createContainer| length] |= . + {"path": "/usr/local/bin/mount-product-files"}' \
| jq 'del(.process.rlimits)' \
> /etc/containerd/cri-base.json \
&& containerd --version
COPY --from=build-containerd /_LICENSES/* /LICENSES/
# copy over runc build and install
COPY --from=build-runc /runc/runc /usr/local/sbin/runc
RUN runc --version
COPY --from=build-runc /_LICENSES/* /LICENSES/
# copy over crictl build and install
COPY --from=build-crictl /cri-tools/build/crictl /usr/local/bin/
COPY --from=build-crictl /_LICENSES/* /LICENSES/
# copy over CNI plugins build and install
RUN mkdir -p /opt/cni/bin
COPY --from=build-cni /cni-plugins/bin/host-local /opt/cni/bin/
COPY --from=build-cni /cni-plugins/bin/loopback /opt/cni/bin/
COPY --from=build-cni /cni-plugins/bin/ptp /opt/cni/bin/
COPY --from=build-cni /cni-plugins/bin/portmap /opt/cni/bin/
COPY --from=build-cni /_LICENSES/* /LICENSES/
# copy over containerd-fuse-overlayfs and install
COPY --from=build-fuse-overlayfs /fuse-overlayfs-snapshotter/bin/containerd-fuse-overlayfs-grpc /usr/local/bin/
COPY --from=build-fuse-overlayfs /_LICENSES/* /LICENSES/
# squash down to one layer
FROM scratch
COPY --from=build / /
# tell systemd that it is in docker (it will check for the container env)
# https://systemd.io/CONTAINER_INTERFACE/
ENV container docker

3
images/base/Makefile
View File

@@ -13,6 +13,3 @@
# limitations under the License.
include $(CURDIR)/../Makefile.common.in
update-shasums:
./update-shasums.sh

27
images/base/README.md
View File

@@ -16,33 +16,6 @@ why we do what we do, citing upstream documentation where possible.
See also [`pkg/cluster`](./../../pkg/cluster) for logic that interacts with this image.
## Updating dependencies
If you need to change a version of containerd, crictl, or CNI, you can use the
provided script `make update-shasums` to specify the
versions and update the Dockerfile `ARG` values for you. The script will fetch
the sha256sums from GitHub releases, or will download the artifact and generate
a sha256sum.
```
$ make update-shasums
ARG CONTAINERD_AMD64_SHA256SUM=69ce75857abb424b243d3442eb9d1e96a1e853595a8562c3c03ccbdaf8fd6e59
ARG CONTAINERD_ARM64_SHA256SUM=7fc4a886466a8f0ecc80299cec03cdaca3e8b9ddf4aaa60deb9cb2b7ea0575aa
ARG CONTAINERD_PPC64LE_SHA256SUM=6536f22c38186b3826c4841d836191254ffbbab033356faebf6635778e856dd0
ARG RUNC_AMD64_SHA256SUM=64c2742b89fe0364f360b816a3c72dd8f067f49761002c5f2072c1f1e76cbad7
ARG RUNC_ARM64_SHA256SUM=91dac17a62fada7db2eb10592099f5e999e9ac1d2daf1988620656f534dee94c
ARG RUNC_PPC64LE_SHA256SUM=3ff250698360d3953a8c153e2f715d3653c58b51ecdb156f8d4cf5f17b1ece49
ARG CRICTL_AMD64_SHA256SUM=87d8ef70b61f2fe3d8b4a48f6f712fd798c6e293ed3723c1e4bbb5052098f0ae
ARG CRICTL_ARM64_SHA256SUM=ec040d14ca03e8e4e504a85dae5353e04b5d9d8aea3df68699258992c0eb8d88
ARG CRICTL_PPC64LE_SHA256SUM=72107c58960ee9405829c3366dbfcd86f163a990ea2102f3ed63a709096bc7ba
ARG CNI_PLUGINS_AMD64_SHA256SUM=58a58d389895ba9f9bbd3ef330f186c0bb7484136d0bfb9b50152eed55d9ec24
ARG CNI_PLUGINS_ARM64_SHA256SUM=49bdf1d3c852a831964aea8c9d12340b36107ee756d8328403905ff599abc6f5
ARG CNI_PLUGINS_PPC64LE_SHA256SUM=d37829b5eeca0c941b4478203c75c6cc26d9cfc1d6c8bb451c0008e0c02a025f
```
## Alternate Sources

3
images/base/files/LICENSES/README.txt Normal file
View File

@@ -0,0 +1,3 @@
This directory contains license files and notices from binaries built for this
image and the dependencies of those binaries,
as collected by https://github.com/google/go-licenses.

21
images/base/scripts/third_party/gimme/LICENSE vendored Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2015-2018 gimme contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

6
images/base/scripts/third_party/gimme/README.md vendored Normal file
View File

@@ -0,0 +1,6 @@
# gimme
This is an unmodified copy of [gimme], so we don't have to download it
from the internet.
[gimme]: https://github.com/travis-ci/gimme

947
images/base/scripts/third_party/gimme/gimme vendored Executable file
View File

@@ -0,0 +1,947 @@
#!/usr/bin/env bash
# vim:noexpandtab:ts=2:sw=2:
#
#+ Usage: $(basename $0) [flags] [go-version] [version-prefix]
#+ -
#+ Version: ${GIMME_VERSION}
#+ Copyright: ${GIMME_COPYRIGHT}
#+ License URL: ${GIMME_LICENSE_URL}
#+ -
#+ Install go! There are multiple types of installations available, with 'auto' being the default.
#+ If either 'auto' or 'binary' is specified as GIMME_TYPE, gimme will first check for an existing
#+ go installation. This behavior may be disabled by providing '-f/--force/force' as first positional
#+ argument.
#+ -
#+ Option flags:
#+ -h --help help - show this help text and exit
#+ -V --version version - show the version only and exit
#+ -f --force force - remove the existing go installation if present prior to install
#+ -l --list list - list installed go versions and exit
#+ -k --known known - list known go versions and exit
#+ --force-known-update - when used with --known, ignores the cache and updates
#+ -r --resolve resolve - resolve a version specifier to a version, show that and exit
#+ -
#+ Influential env vars:
#+ -
#+ GIMME_GO_VERSION - version to install (*REQUIRED*, may be given as first positional arg)
#+ GIMME_VERSION_PREFIX - prefix for installed versions (default '${GIMME_VERSION_PREFIX}',
#+ may be given as second positional arg)
#+ GIMME_ARCH - arch to install (default '${GIMME_ARCH}')
#+ GIMME_BINARY_OSX - darwin-specific binary suffix (default '${GIMME_BINARY_OSX}')
#+ GIMME_ENV_PREFIX - prefix for env files (default '${GIMME_ENV_PREFIX}')
#+ GIMME_GO_GIT_REMOTE - git remote for git-based install (default '${GIMME_GO_GIT_REMOTE}')
#+ GIMME_OS - os to install (default '${GIMME_OS}')
#+ GIMME_TMP - temp directory (default '${GIMME_TMP}')
#+ GIMME_TYPE - install type to perform ('auto', 'binary', 'source', or 'git')
#+ (default '${GIMME_TYPE}')
#+ GIMME_INSTALL_RACE - install race directory after compile if non-empty.
#+ If the install type is 'binary', this option is ignored.
#+ GIMME_DEBUG - enable tracing if non-empty
#+ GIMME_NO_ENV_ALIAS - disable creation of env 'alias' file when os and arch match host
#+ GIMME_SILENT_ENV - omit the 'go version' line from env file
#+ GIMME_CGO_ENABLED - enable build of cgo support
#+ GIMME_CC_FOR_TARGET - cross compiler for cgo support
#+ GIMME_DOWNLOAD_BASE - override base URL dir for download (default '${GIMME_DOWNLOAD_BASE}')
#+ GIMME_LIST_KNOWN - override base URL for known go versions (default '${GIMME_LIST_KNOWN}')
#+ GIMME_KNOWN_CACHE_MAX - seconds the cache for --known is valid for (default '${GIMME_KNOWN_CACHE_MAX}')
#+ -
#
set -e
shopt -s nullglob
shopt -s dotglob
shopt -s extglob
set -o pipefail
[[ ${GIMME_DEBUG} ]] && set -x
readonly GIMME_VERSION="v1.5.4"
readonly GIMME_COPYRIGHT="Copyright (c) 2015-2020 gimme contributors"
readonly GIMME_LICENSE_URL="https://raw.githubusercontent.com/travis-ci/gimme/${GIMME_VERSION}/LICENSE"
export GIMME_VERSION
export GIMME_COPYRIGHT
export GIMME_LICENSE_URL
program_name="$(basename "$0")"
# shellcheck disable=SC1117
warn() { printf >&2 "%s: %s\n" "${program_name}" "${*}"; }
die() {
warn "$@"
exit 1
}
# We don't want to go around hitting Google's servers with requests for
# files named HEAD@{date}.tar so we only try binary/source downloads if
# it looks like a plausible name to us.
# We don't need to support 0. releases of Go.
# We don't support 5 digit major-versions of Go (limit back-tracking in RE).
# We don't support very long versions
# (both to avoid annoying download server operators with attacks and
# because regexp backtracking can be pathological).
# Per _assert_version_given we do assume 2.0 not 2
ALLOWED_UPSTREAM_VERSION_RE='^[1-9][0-9]{0,3}(\.[0-9][0-9a-zA-Z_-]{0,9})+$'
#
# The main path which allowed these to leak upstream before has been closed
# but a valid git repo tag or branch-name will still reach the point of
# being _tried_ upstream.
# _do_curl "url" "file"
_do_curl() {
mkdir -p "$(dirname "${2}")"
if command -v curl >/dev/null; then
curl -sSLf "${1}" -o "${2}" 2>/dev/null
return
fi
if command -v wget >/dev/null; then
wget -q "${1}" -O "${2}" 2>/dev/null
return
fi
if command -v fetch >/dev/null; then
fetch -q "${1}" -o "${2}" 2>/dev/null
return
fi
echo >&2 'error: no curl, wget, or fetch found'
exit 1
}
# _sha256sum "file"
_sha256sum() {
if command -v sha256sum &>/dev/null; then
sha256sum "$@"
elif command -v gsha256sum &>/dev/null; then
gsha256sum "$@"
else
shasum -a 256 "$@"
fi
}
# sort versions, handling 1.10 after 1.9, not before 1.2
# FreeBSD sort has --version-sort, none of the others do
# Looks like --general-numeric-sort is the safest; checked macOS 10.12.6, FreeBSD 10.3, Ubuntu Trusty
if sort --version-sort </dev/null &>/dev/null; then
_version_sort() { sort --version-sort; }
else
_version_sort() {
# If we go to four-digit minor or patch versions, then extend the padding here
# (but in such a world, perhaps --version-sort will have become standard by then?)
sed -E 's/\.([0-9](\.|$))/.00\1/g; s/\.([0-9][0-9](\.|$))/.0\1/g' |
sort --general-numeric-sort |
sed 's/\.00*/./g'
}
fi
# _do_curls "file" "url" ["url"...]
_do_curls() {
f="${1}"
shift
if _sha256sum -c "${f}.sha256" &>/dev/null; then
return 0
fi
for url in "${@}"; do
if _do_curl "${url}" "${f}"; then
if _do_curl "${url}.sha256" "${f}.sha256"; then
echo "$(cat "${f}.sha256") ${f}" >"${f}.sha256.tmp"
mv "${f}.sha256.tmp" "${f}.sha256"
if ! _sha256sum -c "${f}.sha256" &>/dev/null; then
warn "sha256sum failed for '${f}'"
warn 'continuing to next candidate URL'
continue
fi
fi
return
fi
done
rm -f "${f}"
return 1
}
# _binary "version" "file.tar.gz" "arch"
_binary() {
local version=${1}
local file=${2}
local arch=${3}
urls=(
"${GIMME_DOWNLOAD_BASE}/go${version}.${GIMME_OS}-${arch}.tar.gz"
)
if [[ "${GIMME_OS}" == 'darwin' && "${GIMME_BINARY_OSX}" ]]; then
urls=(
"${GIMME_DOWNLOAD_BASE}/go${version}.${GIMME_OS}-${arch}-${GIMME_BINARY_OSX}.tar.gz"
"${urls[@]}"
)
fi
if [ "${arch}" = 'arm' ]; then
# attempt "armv6l" vs just "arm" first (since that's what's officially published)
urls=(
"${GIMME_DOWNLOAD_BASE}/go${version}.${GIMME_OS}-${arch}v6l.tar.gz" # go1.6beta2 & go1.6rc1
"${GIMME_DOWNLOAD_BASE}/go${version}.${GIMME_OS}-${arch}6.tar.gz" # go1.6beta1
"${urls[@]}"
)
fi
if [ "${GIMME_OS}" = 'windows' ]; then
urls=(
"${GIMME_DOWNLOAD_BASE}/go${version}.${GIMME_OS}-${arch}.zip"
)
fi
_do_curls "${file}" "${urls[@]}"
}
# _source "version" "file.src.tar.gz"
_source() {
urls=(
"${GIMME_DOWNLOAD_BASE}/go${1}.src.tar.gz"
"https://github.com/golang/go/archive/go${1}.tar.gz"
)
_do_curls "${2}" "${urls[@]}"
}
# _fetch "dir"
_fetch() {
mkdir -p "$(dirname "${1}")"
if [[ -d "${1}/.git" ]]; then
(
cd "${1}"
git remote set-url origin "${GIMME_GO_GIT_REMOTE}"
git fetch -q --all && git fetch -q --tags
)
return
fi
git clone -q "${GIMME_GO_GIT_REMOTE}" "${1}"
}
# _checkout "version" "dir"
# NB: might emit a "renamed version" on stdout
_checkout() {
local spec="${1:?}" godir="${2:?}"
# We are called twice, once during validation that a version was given and
# later during build. We don't want to fetch twice, so we are fetching
# during the validation only, in the caller.
if [[ "${spec}" =~ ^[0-9a-f]{6,}$ ]]; then
# We always treat this as a commit sha, whether instead of doing
# branch tests etc. It looks like a commit sha and the Go maintainers
# aren't daft enough to use pure hex for a tag or branch.
git -C "$godir" reset -q --hard "${spec}" || return 1
return 0
fi
# If spec looks like HEAD^{something} or HEAD^^^ then trying
# origin/$spec would succeed but we'd write junk to the filesystem,
# propagating annoying characters out.
local retval probe_named disallow rev
probe_named=1
disallow='[@^~:{}]'
if [[ "${spec}" =~ $disallow ]]; then
probe_named=0
[[ "${spec}" != "@" ]] || spec="HEAD"
fi
try_spec() { git -C "${godir}" reset -q --hard "$@" -- 2>/dev/null; }
retval=1
if ((probe_named)); then
retval=0
try_spec "origin/${spec}" ||
try_spec "origin/go${spec}" ||
{ [[ "${spec}" == "tip" ]] && try_spec origin/master; } ||
try_spec "refs/tags/${spec}" ||
try_spec "refs/tags/go${spec}" ||
retval=1
fi
if ((retval)); then
retval=0
# We're about to reset anyway, if we succeed, so we should reset to a
# known state before parsing what might be relative specs
try_spec origin/master &&
rev="$(git -C "${godir}" rev-parse --verify -q "${spec}^{object}")" &&
try_spec "${rev}" &&
git -C "${godir}" rev-parse --verify -q --short=12 "${rev}" ||
retval=1
# that rev-parse prints to stdout, so we can affect the version seen
fi
unset -f try_spec
return $retval
}
# _extract "file.tar.gz" "dir"
_extract() {
mkdir -p "${2}"
if [[ "${1}" == *.tar.gz ]]; then
tar -xf "${1}" -C "${2}" --strip-components 1
else
unzip -q "${1}" -d "${2}"
mv "${2}"/go/* "${2}"
rmdir "${2}"/go
fi
}
# _setup_bootstrap
_setup_bootstrap() {
local versions=("1.18" "1.17" "1.16" "1.15" "1.14" "1.13" "1.12" "1.11" "1.10" "1.9" "1.8" "1.7" "1.6" "1.5" "1.4")
# try existing
for v in "${versions[@]}"; do
for candidate in "${GIMME_ENV_PREFIX}/go${v}"*".env"; do
if [ -s "${candidate}" ]; then
# shellcheck source=/dev/null
GOROOT_BOOTSTRAP="$(source "${candidate}" 2>/dev/null && go env GOROOT)"
export GOROOT_BOOTSTRAP
return 0
fi
done
done
# try binary
for v in "${versions[@]}"; do
if [ -n "$(_try_binary "${v}" "${GIMME_HOSTARCH}")" ]; then
export GOROOT_BOOTSTRAP="${GIMME_VERSION_PREFIX}/go${v}.${GIMME_OS}.${GIMME_HOSTARCH}"
return 0
fi
done
echo >&2 "Unable to setup go bootstrap from existing or binary"
return 1
}
# _compile "dir"
_compile() {
(
if grep -q GOROOT_BOOTSTRAP "${1}/src/make.bash" &>/dev/null; then
_setup_bootstrap || return 1
fi
cd "${1}"
if [[ -d .git ]]; then
git clean -dfx -q
fi
cd src
export GOOS="${GIMME_OS}" GOARCH="${GIMME_ARCH}"
export CGO_ENABLED="${GIMME_CGO_ENABLED}"
export CC_FOR_TARGET="${GIMME_CC_FOR_TARGET}"
local make_log="${1}/make.${GOOS}.${GOARCH}.log"
if [[ "${GIMME_DEBUG}" -ge "2" ]]; then
./make.bash -v 2>&1 | tee "${make_log}" 1>&2 || return 1
else
./make.bash &>"${make_log}" || return 1
fi
)
}
_try_install_race() {
if [[ ! "${GIMME_INSTALL_RACE}" ]]; then
return 0
fi
"${1}/bin/go" install -race std
}
_can_compile() {
cat >"${GIMME_TMP}/test.go" <<'EOF'
package main
import "os"
func main() {
os.Exit(0)
}
EOF
"${1}/bin/go" run "${GIMME_TMP}/test.go"
}
# _env "dir"
_env() {
[[ -d "${1}/bin" && -x "${1}/bin/go" ]] || return 1
# if we try to run a Darwin binary on Linux, we need to fail so 'auto' can fallback to cross-compiling from source
# automatically
GOROOT="${1}" GOFLAGS="" "${1}/bin/go" version &>/dev/null || return 1
# https://twitter.com/davecheney/status/431581286918934528
# we have to GOROOT sometimes because we use official release binaries in unofficial locations :(
#
# Issue 87 leads to:
# No, we should _always_ set GOROOT when using official release binaries, and sanest to just always set it.
# The "avoid setting it" is _only_ for people using official releases in official locations.
# Tools like `gimme` are the reason that GOROOT-in-env exists.
echo
if [[ "$(GOROOT="${1}" "${1}/bin/go" env GOHOSTOS)" == "${GIMME_OS}" ]]; then
echo 'unset GOOS;'
else
echo 'export GOOS="'"${GIMME_OS}"'";'
fi
if [[ "$(GOROOT="${1}" "${1}/bin/go" env GOHOSTARCH)" == "${GIMME_ARCH}" ]]; then
echo 'unset GOARCH;'
else
echo 'export GOARCH="'"${GIMME_ARCH}"'";'
fi
echo "export GOROOT='${1}';"
# shellcheck disable=SC2016
echo 'export PATH="'"${1}/bin"':${PATH}";'
if [[ -z "${GIMME_SILENT_ENV}" ]]; then
echo 'go version >&2;'
fi
echo
}
# _env_alias "dir" "env-file"
_env_alias() {
if [[ "${GIMME_NO_ENV_ALIAS}" ]]; then
echo "${2}"
return
fi
if [[ "$(GOROOT="${1}" "${1}/bin/go" env GOHOSTOS)" == "${GIMME_OS}" && "$(GOROOT="${1}" "${1}/bin/go" env GOHOSTARCH)" == "${GIMME_ARCH}" ]]; then
# GIMME_GO_VERSION might be a branch, which can contain '/'
local dest="${GIMME_ENV_PREFIX}/go${GIMME_GO_VERSION//\//__}.env"
cp "${2}" "${dest}"
ln -sf "${dest}" "${GIMME_ENV_PREFIX}/latest.env"
echo "${dest}"
else
echo "${2}"
fi
}
_try_existing() {
case "${1}" in
binary)
local existing_ver="${GIMME_VERSION_PREFIX}/go${GIMME_GO_VERSION}.${GIMME_OS}.${GIMME_ARCH}"
local existing_env="${GIMME_ENV_PREFIX}/go${GIMME_GO_VERSION}.${GIMME_OS}.${GIMME_ARCH}.env"
;;
source)
local existing_ver="${GIMME_VERSION_PREFIX}/go${GIMME_GO_VERSION}.src"
local existing_env="${GIMME_ENV_PREFIX}/go${GIMME_GO_VERSION}.src.env"
;;
*)
_try_existing binary || _try_existing source
return $?
;;
esac
if [[ -x "${existing_ver}/bin/go" && -s "${existing_env}" ]]; then
# newer envs have existing semi-colon at end of line, because newer gimme
# puts them there; envs created before that change lack those semi-colons
# and should gain them, to make it easier for people using eval without
# double-quoting the command substition.
sed -e 's/\([^;]\)$/\1;/' <"${existing_env}"
# gimme is the corner-case where GOROOT _should_ be overriden, since if the
# ancilliary tooling's system-internal DefaultGoroot exists, and GOROOT is
# unset, then it will be used and the wrong golang will be picked up.
# Lots of old installs won't have GOROOT; munge it from $PATH
if grep -qs '^unset GOROOT' -- "${existing_env}"; then
sed -n -e 's/^export PATH="\(.*\)\/bin:.*$/export GOROOT='"'"'\1'"'"';/p' <"${existing_env}"
echo
fi
# Export the same variables whether building new or using existing
echo "export GIMME_ENV='${existing_env}';"
return
fi
return 1
}
# _try_binary "version" "arch"
_try_binary() {
local version=${1}
local arch=${2}
local bin_tgz="${GIMME_TMP}/go${version}.${GIMME_OS}.${arch}.tar.gz"
local bin_dir="${GIMME_VERSION_PREFIX}/go${version}.${GIMME_OS}.${arch}"
local bin_env="${GIMME_ENV_PREFIX}/go${version}.${GIMME_OS}.${arch}.env"
[[ "${version}" =~ ${ALLOWED_UPSTREAM_VERSION_RE} ]] || return 1
if [ "${GIMME_OS}" = 'windows' ]; then
bin_tgz=${bin_tgz%.tar.gz}.zip
fi
_binary "${version}" "${bin_tgz}" "${arch}" || return 1
_extract "${bin_tgz}" "${bin_dir}" || return 1
_env "${bin_dir}" | tee "${bin_env}" || return 1
echo "export GIMME_ENV=\"$(_env_alias "${bin_dir}" "${bin_env}")\""
}
_try_source() {
local src_tgz="${GIMME_TMP}/go${GIMME_GO_VERSION}.src.tar.gz"
local src_dir="${GIMME_VERSION_PREFIX}/go${GIMME_GO_VERSION}.src"
local src_env="${GIMME_ENV_PREFIX}/go${GIMME_GO_VERSION}.src.env"
[[ "${GIMME_GO_VERSION}" =~ ${ALLOWED_UPSTREAM_VERSION_RE} ]] || return 1
_source "${GIMME_GO_VERSION}" "${src_tgz}" || return 1
_extract "${src_tgz}" "${src_dir}" || return 1
_compile "${src_dir}" || return 1
_try_install_race "${src_dir}" || return 1
_env "${src_dir}" | tee "${src_env}" || return 1
echo "export GIMME_ENV=\"$(_env_alias "${src_dir}" "${src_env}")\""
}
# We do _not_ try to use any version caching with _try_existing(), but instead
# build afresh each time. We don't want to deal with someone moving the repo
# to other-version, doing an install, then resetting it back to
# last-version-we-saw and thus introducing conflicts.
#
# If you want to re-use a built-at-spec version, then avoid moving the repo
# and source the generated .env manually.
# Note that the env will just refer to the 'go' directory, so it's not safe
# to reuse anyway.
_try_git() {
local git_dir="${GIMME_VERSION_PREFIX}/go"
local git_env="${GIMME_ENV_PREFIX}/go.git.${GIMME_OS}.${GIMME_ARCH}.env"
local resolved_sha
# Any tags should have been resolved when we asserted that we were
# given a version, so no need to handle that here.
_checkout "${GIMME_GO_VERSION}" "${git_dir}" >/dev/null || return 1
_compile "${git_dir}" || return 1
_try_install_race "${git_dir}" || return 1
_env "${git_dir}" | tee "${git_env}" || return 1
echo "export GIMME_ENV=\"$(_env_alias "${git_dir}" "${git_env}")\""
}
_wipe_version() {
local env_file="${GIMME_ENV_PREFIX}/go${1}.${GIMME_OS}.${GIMME_ARCH}.env"
if [[ -s "${env_file}" ]]; then
rm -rf "$(awk -F\" '/GOROOT/ { print $2 }' "${env_file}")"
rm -f "${env_file}"
fi
}
_list_versions() {
if [ ! -d "${GIMME_VERSION_PREFIX}" ]; then
return 0
fi
local current_version
current_version="$(go env GOROOT 2>/dev/null)"
current_version="${current_version##*/go}"
current_version="${current_version%%.${GIMME_OS}.*}"
# 1.1 1.10 1.2 is bad; zsh has `setopt numeric_glob_sort` but bash
# doesn't appear to have anything like that.
for d in "${GIMME_VERSION_PREFIX}/go"*".${GIMME_OS}."*; do
local cleaned="${d##*/go}"
cleaned="${cleaned%%.${GIMME_OS}.*}"
echo "${cleaned}"
done | _version_sort | while read -r cleaned; do
echo -en "${cleaned}"
if [[ "${cleaned}" == "${current_version}" ]]; then
echo -en ' <= current' >&2
fi
echo
done
}
_update_remote_known_list_if_needed() {
# shellcheck disable=SC1117
local exp="go([[:alnum:]\.]*)\.src.*" # :alnum: catches beta versions too
local list="${GIMME_VERSION_PREFIX}/known-versions.txt"
local dlfile="${GIMME_TMP}/known-dl"
if [[ -e "${list}" ]] &&
! ((force_known_update)) &&
! _file_older_than_secs "${list}" "${GIMME_KNOWN_CACHE_MAX}"; then
echo "${list}"
return 0
fi
[[ -d "${GIMME_VERSION_PREFIX:?}" ]] || mkdir -p -- "${GIMME_VERSION_PREFIX}"
_do_curl "${GIMME_LIST_KNOWN}" "${dlfile}"
while read -r line; do
if [[ "${line}" =~ ${exp} ]]; then
echo "${BASH_REMATCH[1]}"
fi
done <"${dlfile}" | _version_sort | uniq >"${list}.new"
rm -f "${list}" &>/dev/null
mv "${list}.new" "${list}"
rm -f "${dlfile}"
echo "${list}"
return 0
}
_list_known() {
local knownfile
knownfile="$(_update_remote_known_list_if_needed)"
(
_list_versions 2>/dev/null
cat -- "${knownfile}"
) | grep . | _version_sort | uniq
}
# For the "invoked on commandline" case, we want to always pass unknown
# strings through, so that we can be a uniqueness filter, but for unknown
# names we want to exit with a value other than 1, so we document that
# we'll exit 2. For use by other functions, 2 is as good as 1.
_resolve_version() {
case "${1}" in
stable)
_get_curr_stable
return 0
;;
oldstable)
_get_old_stable
return 0
;;
tip)
echo "tip"
return 0
;;
*.x)
true
;;
*)
echo "${1}"
local GIMME_GO_VERSION="$1"
local ASSERT_ABORT='return'
if _assert_version_given 2>/dev/null; then
return 0
fi
warn "version specifier '${1}' unknown"
return 2
;;
esac
# We have a .x suffix
local base="${1%.x}"
local ver last='' known
known="$(_update_remote_known_list_if_needed)" # will be version-sorted
if [[ ! "${base}" =~ ^[0-9.]+$ ]]; then
warn "resolve pattern '${base}.x' invalid for .x finding"
return 2
fi
# The `.x` is optional; "1.10" matches "1.10.x"
local search="^${base//./\\.}(\\.[0-9.]+)?\$"
# avoid regexp attacks
while read -r ver; do
[[ "${ver}" =~ $search ]] || continue
last="${ver}"
done <"$known"
if [[ -n "${last}" ]]; then
echo "${last}"
return 0
fi
echo "${1}"
warn "given '${1}' but no release for '${base}' found"
return 2
}
_realpath() {
# shellcheck disable=SC2005
[ -d "$1" ] && echo "$(cd "$1" && pwd)" || echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
}
_get_curr_stable() {
local stable="${GIMME_VERSION_PREFIX}/stable"
if _file_older_than_secs "${stable}" 86400; then
_update_stable "${stable}"
fi
cat "${stable}"
}
_get_old_stable() {
local oldstable="${GIMME_VERSION_PREFIX}/oldstable"
if _file_older_than_secs "${oldstable}" 86400; then
_update_oldstable "${oldstable}"
fi
cat "${oldstable}"
}
_update_stable() {
local stable="${1}"
local url="https://golang.org/VERSION?m=text"
_do_curl "${url}" "${stable}"
sed -i.old -e 's/^go\(.*\)/\1/' "${stable}"
rm -f "${stable}.old"
}
_update_oldstable() {
local oldstable="${1}"
local oldstable_x
oldstable_x=$(_get_curr_stable | awk -F. '{
$2--;
print $1 "." $2 "." "x"
}')
_resolve_version "${oldstable_x}" >"${oldstable}"
}
_last_mod_timestamp() {
local filename="${1}"
case "${GIMME_HOSTOS}" in
darwin | *bsd)
stat -f %m "${filename}"
;;
linux)
stat -c %Y "${filename}"
;;
esac
}
_file_older_than_secs() {
local file="${1}"
local age_secs="${2}"
local ts
# if the file does not exist, we return true, as the cache needs updating
ts="$(_last_mod_timestamp "${file}" 2>/dev/null)" || return 0
((($(date +%s) - ts) > age_secs))
}
_assert_version_given() {
# By the time we're called, aliases such as "stable" must have been resolved
# but we could be a reference in git.
#
# Versions can include suffices such as in "1.8beta2", so our assumption is that
# there will always be a minor present; the first public release was "1.0" so
# we assume "2.0" not "2".
if [[ -z "${GIMME_GO_VERSION}" ]]; then
echo >&2 'error: no GIMME_GO_VERSION supplied'
echo >&2 " ex: GIMME_GO_VERSION=1.4.1 ${0} ${*}"
echo >&2 " ex: ${0} 1.4.1 ${*}"
${ASSERT_ABORT:-exit} 1
fi
# Note: _resolve_version calls back to us (_assert_version_given), but
# only for cases where the version does not end with .x, so this should
# be safe.
# This should be untangled. PRs accepted, good starter project.
if [[ "${GIMME_GO_VERSION}" == *.x ]]; then
GIMME_GO_VERSION="$(_resolve_version "${GIMME_GO_VERSION}")" || ${ASSERT_ABORT:-exit} 1
fi
if [[ "${GIMME_GO_VERSION}" == +([[:digit:]]).+([[:digit:]])* ]]; then
return 0
fi
# Here we resolve symbolic references. If we don't, then we get some
# random git tag name being accepted as valid and then we try to
# curl garbage from upstream.
if [[ "${GIMME_TYPE}" == "auto" || "${GIMME_TYPE}" == "git" ]]; then
local git_dir="${GIMME_VERSION_PREFIX}/go"
local resolved_sha
_fetch "${git_dir}"
if resolved_sha="$(_checkout "${GIMME_GO_VERSION}" "${git_dir}")"; then
if [[ -n "${resolved_sha}" ]]; then
# Break our normal silence, this one really needs to be seen on stderr
# always; auditability and knowing what version of Go you got wins.
warn "resolved '${GIMME_GO_VERSION}' to '${resolved_sha}'"
GIMME_GO_VERSION="${resolved_sha}"
fi
return 0
fi
fi
echo >&2 'error: GIMME_GO_VERSION not recognized as valid'
echo >&2 " got: ${GIMME_GO_VERSION}"
${ASSERT_ABORT:-exit} 1
}
_exclude_from_backups() {
# Please avoid anything which requires elevated privileges or is obnoxious
# enough to offend the invoker
case "${GIMME_HOSTOS}" in
darwin)
# Darwin: Time Machine is "standard", we can add others. The default
# mechanism is sticky, as an attribute on the dir, requires no
# privileges, is idempotent (and doesn't support -- to end flags).
tmutil addexclusion "$@"
;;
esac
}
_versint() {
IFS=" " read -r -a args <<<"${1//[^0-9]/ }"
printf '1%03d%03d%03d%03d' "${args[@]}"
}
_to_goarch() {
case "${1}" in
aarch64) echo "arm64" ;;
*) echo "${1}" ;;
esac
}
: "${GIMME_OS:=$(uname -s | tr '[:upper:]' '[:lower:]')}"
: "${GIMME_HOSTOS:=$(uname -s | tr '[:upper:]' '[:lower:]')}"
: "${GIMME_ARCH:=$(_to_goarch "$(uname -m)")}"
: "${GIMME_HOSTARCH:=$(_to_goarch "$(uname -m)")}"
: "${GIMME_ENV_PREFIX:=${HOME}/.gimme/envs}"
: "${GIMME_VERSION_PREFIX:=${HOME}/.gimme/versions}"
: "${GIMME_TMP:=${TMPDIR:-/tmp}/gimme}"
: "${GIMME_GO_GIT_REMOTE:=https://github.com/golang/go.git}"
: "${GIMME_TYPE:=auto}" # 'auto', 'binary', 'source', or 'git'
: "${GIMME_BINARY_OSX:=osx10.8}"
: "${GIMME_DOWNLOAD_BASE:=https://dl.google.com/go}"
: "${GIMME_LIST_KNOWN:=https://golang.org/dl}"
: "${GIMME_KNOWN_CACHE_MAX:=10800}"
# The version prefix must be an absolute path
case "${GIMME_VERSION_PREFIX}" in
/*) true ;;
*)
echo >&2 " Fixing GIMME_VERSION_PREFIX from relative: $GIMME_VERSION_PREFIX"
GIMME_VERSION_PREFIX="$(pwd)/${GIMME_VERSION_PREFIX}"
echo >&2 " to: $GIMME_VERSION_PREFIX"
;;
esac
case "${GIMME_OS}" in mingw* | msys_nt*)
# Minimalist GNU for Windows
GIMME_OS='windows'
if [ "${GIMME_ARCH}" = 'i686' ]; then
GIMME_ARCH="386"
else
GIMME_ARCH="amd64"
fi
;;
esac
force_install=0
force_known_update=0
while [[ $# -gt 0 ]]; do
case "${1}" in
-h | --help | help | wat)
_old_ifs="$IFS"
IFS=';'
awk '/^#\+ / {
sub(/^#\+ /, "", $0) ;
sub(/-$/, "", $0) ;
print $0
}' "$0" | while read -r line; do
eval "echo \"$line\""
done
IFS="$_old_ifs"
exit 0
;;
-V | --version | version)
echo "${GIMME_VERSION}"
exit 0
;;
-r | --resolve | resolve)
# The normal mkdir of versions is below; we don't want to move it up
# to where we create files just if asked our version; thus
# _resolve_version has to mkdir the versions dir itself.
if [[ $# -ge 2 ]]; then
_resolve_version "${2}"
elif [[ -n "${GIMME_GO_VERSION:-}" ]]; then
_resolve_version "${GIMME_GO_VERSION}"
else
die "resolve must be given a version to resolve"
fi
exit $?
;;
-l | --list | list)
_list_versions
exit 0
;;
-k | --known | known)
_list_known
exit 0
;;
-f | --force | force)
force_install=1
;;
--force-known-update | force-known-update)
force_known_update=1
;;
-i | install)
true # ignore a dummy argument
;;
*)
break
;;
esac
shift
done
if [[ -n "${1}" ]]; then
GIMME_GO_VERSION="${1}"
fi
if [[ -n "${2}" ]]; then
GIMME_VERSION_PREFIX="${2}"
fi
case "${GIMME_ARCH}" in
x86_64) GIMME_ARCH=amd64 ;;
x86) GIMME_ARCH=386 ;;
arm64)
if [[ "${GIMME_GO_VERSION}" != master && "$(_versint "${GIMME_GO_VERSION}")" < "$(_versint 1.5)" ]]; then
echo >&2 "error: ${GIMME_ARCH} is not supported by this go version"
echo >&2 "try go1.5 or newer"
exit 1
fi
if [[ "${GIMME_HOSTOS}" == "linux" && "${GIMME_HOSTARCH}" != "${GIMME_ARCH}" ]]; then
: "${GIMME_CC_FOR_TARGET:="aarch64-linux-gnu-gcc"}"
fi
;;
arm*) GIMME_ARCH=arm ;;
esac
case "${GIMME_HOSTARCH}" in
x86_64) GIMME_HOSTARCH=amd64 ;;
x86) GIMME_HOSTARCH=386 ;;
arm64) ;;
arm*) GIMME_HOSTARCH=arm ;;
esac
case "${GIMME_GO_VERSION}" in
stable) GIMME_GO_VERSION=$(_get_curr_stable) ;;
oldstable) GIMME_GO_VERSION=$(_get_old_stable) ;;
esac
_assert_version_given "$@"
((force_install)) && _wipe_version "${GIMME_GO_VERSION}"
unset GOARCH
unset GOBIN
unset GOOS
unset GOPATH
unset GOROOT
unset CGO_ENABLED
unset CC_FOR_TARGET
# GO111MODULE breaks build of Go itself
unset GO111MODULE
mkdir -p "${GIMME_VERSION_PREFIX}" "${GIMME_ENV_PREFIX}"
# The envs dir stays small and provides a record of what had been installed
# whereas the versions dir grows by hundreds of MB per version and is not
# intended to support local modifications (as that subverts the point of gimme)
# _and_ is a cache, so we're unilaterally declaring that the contents of
# the versions dir should be excluded from system backups.
_exclude_from_backups "${GIMME_VERSION_PREFIX}"
GIMME_VERSION_PREFIX="$(_realpath "${GIMME_VERSION_PREFIX}")"
GIMME_ENV_PREFIX="$(_realpath "${GIMME_ENV_PREFIX}")"
if ! case "${GIMME_TYPE}" in
binary) _try_existing binary || _try_binary "${GIMME_GO_VERSION}" "${GIMME_ARCH}" ;;
source) _try_existing source || _try_source || _try_git ;;
git) _try_git ;;
auto) _try_existing || _try_binary "${GIMME_GO_VERSION}" "${GIMME_ARCH}" || _try_source || _try_git ;;
*)
echo >&2 "I don't know how to '${GIMME_TYPE}'."
echo >&2 " Try 'auto', 'binary', 'source', or 'git'."
exit 1
;;
esac; then
echo >&2 "I don't have any idea what to do with '${GIMME_GO_VERSION}'."
echo >&2 " (using download type '${GIMME_TYPE}')"
exit 1
fi

88
images/base/update-shasums.sh
View File

@@ -1,88 +0,0 @@
#!/usr/bin/env bash
# Copyright 2020 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit -o nounset -o pipefail
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)"
cd "${REPO_ROOT}"
# get the versions from the dockerfile
CONTAINERD_VERSION="$(sed -n 's/ARG CONTAINERD_VERSION="\(.*\)"/\1/p' ./images/base/Dockerfile)"
CNI_PLUGINS_VERSION="$(sed -n 's/ARG CNI_PLUGINS_VERSION="\(.*\)"/\1/p' ./images/base/Dockerfile)"
CRICTL_VERSION="$(sed -n 's/ARG CRICTL_VERSION="\(.*\)"/\1/p' ./images/base/Dockerfile)"
CONTAINERD_FUSE_OVERLAYFS_VERSION="$(sed -n 's/ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="\(.*\)"/\1/p' ./images/base/Dockerfile)"
# darwin is great
SED="sed"
if which gsed &>/dev/null; then
SED="gsed"
fi
if ! (${SED} --version 2>&1 | grep -q GNU); then
echo "!!! GNU sed is required. If on OS X, use 'brew install gnu-sed'." >&2
exit 1
fi
# TODO: dry this out as well
ARCHITECTURES=(
"amd64"
"arm64"
)
CONTAINERD_BASE_URL="https://github.com/kind-ci/containerd-nightlies/releases/download/containerd-${CONTAINERD_VERSION}"
for ARCH in "${ARCHITECTURES[@]}"; do
CONTAINERD_URL="${CONTAINERD_BASE_URL}/containerd-${CONTAINERD_VERSION}-linux-${ARCH}.tar.gz.sha256sum"
SHASUM=$(curl -sSL --retry 5 "${CONTAINERD_URL}" | awk '{print $1}')
ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]')
echo "ARG CONTAINERD_${ARCH_UPPER}_SHA256SUM=${SHASUM}"
$SED -i 's/ARG CONTAINERD_'"${ARCH_UPPER}"'_SHA256SUM=.*/ARG CONTAINERD_'"${ARCH_UPPER}"'_SHA256SUM="'"${SHASUM}"'"/' ./images/base/Dockerfile
done
echo
for ARCH in "${ARCHITECTURES[@]}"; do
RUNC_URL="${CONTAINERD_BASE_URL}/runc.${ARCH}.sha256sum"
SHASUM=$(curl -sSL --retry 5 "${RUNC_URL}" | awk '{print $1}')
ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]')
echo "ARG RUNC_${ARCH_UPPER}_SHA256SUM=${SHASUM}"
$SED -i 's/ARG RUNC_'"${ARCH_UPPER}"'_SHA256SUM=.*/ARG RUNC_'"${ARCH_UPPER}"'_SHA256SUM="'"${SHASUM}"'"/' ./images/base/Dockerfile
done
echo
for ARCH in "${ARCHITECTURES[@]}"; do
CRICTL_URL="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-${ARCH}.tar.gz"
SHASUM=$(curl -sSL --retry 5 "${CRICTL_URL}.sha256" | awk '{print $1}')
ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]')
echo "ARG CRICTL_${ARCH_UPPER}_SHA256SUM=${SHASUM}"
$SED -i 's/ARG CRICTL_'"${ARCH_UPPER}"'_SHA256SUM=.*/ARG CRICTL_'"${ARCH_UPPER}"'_SHA256SUM="'"${SHASUM}"'"/' ./images/base/Dockerfile
done
echo
for ARCH in "${ARCHITECTURES[@]}"; do
CNI_TARBALL="${CNI_PLUGINS_VERSION}/cni-plugins-linux-${ARCH}-${CNI_PLUGINS_VERSION}.tgz"
CNI_URL="https://github.com/containernetworking/plugins/releases/download/${CNI_TARBALL}"
SHASUM=$(curl -sSL --retry 5 "${CNI_URL}.sha256" | awk '{print $1}')
ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]')
echo "ARG CNI_PLUGINS_${ARCH_UPPER}_SHA256SUM=${SHASUM}"
$SED -i 's/ARG CNI_PLUGINS_'"${ARCH_UPPER}"'_SHA256SUM=.*/ARG CNI_PLUGINS_'"${ARCH_UPPER}"'_SHA256SUM="'"${SHASUM}"'"/' ./images/base/Dockerfile
done
echo
for ARCH in "${ARCHITECTURES[@]}"; do
CONTAINERD_FUSE_OVERLAYFS_TARBALL="containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}-linux-${ARCH}.tar.gz"
CONTAINERD_FUSE_OVERLAYFS_URL="https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/v${CONTAINERD_FUSE_OVERLAYFS_VERSION}/SHA256SUMS"
SHASUM=$(curl -sSL --retry 5 "${CONTAINERD_FUSE_OVERLAYFS_URL}" | grep "${CONTAINERD_FUSE_OVERLAYFS_TARBALL}" | awk '{print $1}')
ARCH_UPPER=$(echo "$ARCH" | tr '[:lower:]' '[:upper:]')
echo "ARG CONTAINERD_FUSE_OVERLAYFS_${ARCH_UPPER}_SHA256SUM=${SHASUM}"
$SED -i 's/ARG CONTAINERD_FUSE_OVERLAYFS_'"${ARCH_UPPER}"'_SHA256SUM=.*/ARG CONTAINERD_FUSE_OVERLAYFS_'"${ARCH_UPPER}"'_SHA256SUM="'"${SHASUM}"'"/' ./images/base/Dockerfile
done