From 0187a8d55ab22e4a77659659b2032586c4bbf894 Mon Sep 17 00:00:00 2001 From: Gerard Ryan Date: Sun, 21 Feb 2021 22:44:23 +1000 Subject: [PATCH] docker,dockerd: Added git-short-commit to verify short commit Signed-off-by: Gerard Ryan --- utils/docker/Makefile | 26 +++++++++++++---- utils/dockerd/Makefile | 27 +++++++++++------ utils/dockerd/git-short-commit.sh | 48 +++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+), 13 deletions(-) create mode 100755 utils/dockerd/git-short-commit.sh diff --git a/utils/docker/Makefile b/utils/docker/Makefile index 4fa3cd21a..0ccec43e4 100644 --- a/utils/docker/Makefile +++ b/utils/docker/Makefile @@ -2,14 +2,16 @@ include $(TOPDIR)/rules.mk PKG_NAME:=docker PKG_VERSION:=20.10.2 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://codeload.github.com/docker/cli/tar.gz/v$(PKG_VERSION)? +PKG_GIT_URL:=github.com/docker/cli +PKG_GIT_REF:=v$(PKG_VERSION) +PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)? PKG_HASH:=a663f54a158c6b2b23b253b14bf0de56ff035750098e760319de1edb7f4ae76d -PKG_SOURCE_VERSION:=2291f61 # SHA1 used within the docker executable +PKG_GIT_SHORT_COMMIT:=2291f61 # SHA1 used within the docker executables PKG_MAINTAINER:=Gerard Ryan @@ -17,7 +19,7 @@ PKG_BUILD_DEPENDS:=golang/host PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 -GO_PKG:=github.com/docker/cli +GO_PKG:=$(PKG_GIT_URL) include $(INCLUDE_DIR)/package.mk include ../../lang/golang/golang-package.mk @@ -38,11 +40,24 @@ GO_PKG_BUILD_VARS += GO111MODULE=auto TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS) TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS) +define Build/Prepare + $(Build/Prepare/Default) + + # Verify PKG_GIT_SHORT_COMMIT + ( \ + EXPECTED_PKG_GIT_SHORT_COMMIT=$$$$( $(CURDIR)/../dockerd/git-short-commit.sh '$(PKG_GIT_URL)' '$(PKG_GIT_REF)' '$(TMP_DIR)/git-short-commit/$(PKG_NAME)-$(PKG_VERSION)' ); \ + if [ "$$$${EXPECTED_PKG_GIT_SHORT_COMMIT}" != "$(strip $(PKG_GIT_SHORT_COMMIT))" ]; then \ + echo "ERROR: Expected 'PKG_GIT_SHORT_COMMIT:=$$$${EXPECTED_PKG_GIT_SHORT_COMMIT}', found 'PKG_GIT_SHORT_COMMIT:=$(strip $(PKG_GIT_SHORT_COMMIT))'"; \ + exit 1; \ + fi \ + ) +endef + define Build/Compile ( \ cd $(PKG_BUILD_DIR); \ $(GO_PKG_VARS) \ - GITCOMMIT=$(PKG_SOURCE_VERSION) \ + GITCOMMIT=$(PKG_GIT_SHORT_COMMIT) \ VERSION=$(PKG_VERSION) \ ./scripts/build/binary; \ ) @@ -52,4 +67,5 @@ define Package/docker/install $(INSTALL_DIR) $(1)/usr/bin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/build/docker $(1)/usr/bin/ endef + $(eval $(call BuildPackage,docker)) diff --git a/utils/dockerd/Makefile b/utils/dockerd/Makefile index 067431a6a..c12536a1c 100644 --- a/utils/dockerd/Makefile +++ b/utils/dockerd/Makefile @@ -7,9 +7,11 @@ PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://codeload.github.com/moby/moby/tar.gz/v$(PKG_VERSION)? +PKG_GIT_URL:=github.com/moby/moby +PKG_GIT_REF:=v$(PKG_VERSION) +PKG_SOURCE_URL:=https://codeload.$(PKG_GIT_URL)/tar.gz/$(PKG_GIT_REF)? PKG_HASH:=dc4818f0cba2ded2f6f7420a1fda027ddbf6c6c9fe319f84d1311bfe610447ca -PKG_SOURCE_VERSION:=8891c58 # SHA1 used within the docker executables +PKG_GIT_SHORT_COMMIT:=8891c58 # SHA1 used within the docker executables PKG_MAINTAINER:=Gerard Ryan @@ -56,8 +58,8 @@ define EnsureVendoredVersion ( \ DEP_VER=$$$$( grep --only-matching --perl-regexp '(?<=PKG_SOURCE_VERSION:=)(.*)' "$(1)" ); \ VEN_VER=$$$$( grep --only-matching --perl-regexp '(?<=_COMMIT:=)(.*)(?=})' "$(PKG_BUILD_DIR)/hack/dockerfile/install/$(2)" ); \ - if [ $$$$VEN_VER != $$$$DEP_VER ]; then \ - echo "ERROR: Expected 'PKG_SOURCE_VERSION:=$$$$VEN_VER' in '$(1)', found 'PKG_SOURCE_VERSION:=$$$$DEP_VER'"; \ + if [ "$$$${VEN_VER}" != "$$$${DEP_VER}" ]; then \ + echo "ERROR: Expected 'PKG_SOURCE_VERSION:=$$$${VEN_VER}' in '$(1)', found 'PKG_SOURCE_VERSION:=$$$${DEP_VER}'"; \ exit 1; \ fi \ ) @@ -75,9 +77,18 @@ define Build/Prepare # Verify CLI is the same version ( \ CLI_MAKEFILE="../docker/Makefile"; \ - CLI_VERSION=$$$$( grep --only-matching --perl-regexp '(?<=PKG_VERSION:=)(.*)' "$$$$CLI_MAKEFILE" ); \ - if [ $$$$CLI_VERSION != $(PKG_VERSION) ]; then \ - echo "ERROR: Expected 'PKG_VERSION:=$(PKG_VERSION)' in '$$$$CLI_MAKEFILE', found 'PKG_VERSION:=$$$$CLI_VERSION'"; \ + CLI_VERSION=$$$$( grep --only-matching --perl-regexp '(?<=PKG_VERSION:=)(.*)' "$$$${CLI_MAKEFILE}" ); \ + if [ "$$$${CLI_VERSION}" != "$(PKG_VERSION)" ]; then \ + echo "ERROR: Expected 'PKG_VERSION:=$(PKG_VERSION)' in '$$$${CLI_MAKEFILE}', found 'PKG_VERSION:=$$$${CLI_VERSION}'"; \ + exit 1; \ + fi \ + ) + + # Verify PKG_GIT_SHORT_COMMIT + ( \ + EXPECTED_PKG_GIT_SHORT_COMMIT=$$$$( $(CURDIR)/git-short-commit.sh '$(PKG_GIT_URL)' '$(PKG_GIT_REF)' '$(TMP_DIR)/git-short-commit/$(PKG_NAME)-$(PKG_VERSION)' ); \ + if [ "$$$${EXPECTED_PKG_GIT_SHORT_COMMIT}" != "$(strip $(PKG_GIT_SHORT_COMMIT))" ]; then \ + echo "ERROR: Expected 'PKG_GIT_SHORT_COMMIT:=$$$${EXPECTED_PKG_GIT_SHORT_COMMIT}', found 'PKG_GIT_SHORT_COMMIT:=$(strip $(PKG_GIT_SHORT_COMMIT))'"; \ exit 1; \ fi \ ) @@ -95,7 +106,7 @@ define Build/Compile ( \ cd $(PKG_BUILD_DIR); \ $(GO_PKG_VARS) \ - DOCKER_GITCOMMIT=$(PKG_SOURCE_VERSION) \ + DOCKER_GITCOMMIT=$(PKG_GIT_SHORT_COMMIT) \ DOCKER_BUILDTAGS='$(BUILDTAGS)' \ VERSION=$(PKG_VERSION) \ ./hack/make.sh binary; \ diff --git a/utils/dockerd/git-short-commit.sh b/utils/dockerd/git-short-commit.sh new file mode 100755 index 000000000..ea8611ba5 --- /dev/null +++ b/utils/dockerd/git-short-commit.sh @@ -0,0 +1,48 @@ +#!/bin/sh +# +# USAGE: git-short-commit.sh +# + +set -e + +error() { + echo "ERROR: ${*}" >&2 + exit 1 +} + +GIT_URL="${1}" +if [ -z "${GIT_URL}" ]; then + error "Git URL not specified" +fi + +GIT_REF="${2}" +if [ -z "${GIT_REF}" ]; then + error "Git reference not specified" +fi + +GIT_DIR="${3}" +if [ -z "${GIT_DIR}" ]; then + error "Git clone directory not specified" +fi + +clean_up() { + rm --force --recursive "${GIT_DIR}" +} +trap clean_up EXIT + +git init --quiet "${GIT_DIR}" +( + cd "${GIT_DIR}" + for PREFIX in "" "https://" "http://" "git@"; do + echo "Trying remote '${PREFIX}${GIT_URL}'" >&2 + git remote add origin "${PREFIX}${GIT_URL}" + + if git fetch --depth 1 origin "${GIT_REF}"; then + git checkout --detach FETCH_HEAD -- + git rev-parse --short HEAD + break + fi + + git remote remove origin + done +)