159 lines
4.6 KiB
Bash
Executable File
159 lines
4.6 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -euxo pipefail
|
|
|
|
IMG="${IMG:-}"
|
|
TAG="${TAG:-}"
|
|
IMG_TAG="${IMG}:${TAG}"
|
|
DOWNLOAD_URL="https://github.com/fluxcd/golang-with-libgit2/releases/download/${TAG}"
|
|
SKIP_COSIGN_VERIFICATION="${SKIP_COSIGN_VERIFICATION:-false}"
|
|
|
|
TMP_DIR=$(mktemp -d)
|
|
|
|
function cleanup(){
|
|
rm -rf "${TMP_DIR}"
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
fatal() {
|
|
echo '[ERROR] ' "$@" >&2
|
|
exit 1
|
|
}
|
|
|
|
download() {
|
|
[[ $# -eq 2 ]] || fatal 'download needs exactly 2 arguments'
|
|
|
|
curl -o "$1" -sfL "$2"
|
|
|
|
[[ $? -eq 0 ]] || fatal 'Download failed'
|
|
}
|
|
|
|
download_files() {
|
|
[[ $# -eq 1 ]] || fatal 'download_files needs exactly 1 arguments'
|
|
|
|
FILE_NAMES="checksums.txt checksums.txt.sig checksums.txt.pem $1"
|
|
|
|
for FILE_NAME in ${FILE_NAMES}; do
|
|
download "${TMP_DIR}/${FILE_NAME}" "${DOWNLOAD_URL}/${FILE_NAME}"
|
|
done
|
|
}
|
|
|
|
cosign_verify(){
|
|
[[ $# -eq 3 ]] || fatal 'cosign_verify needs exactly 3 arguments'
|
|
|
|
COSIGN_EXPERIMENTAL=1 cosign verify-blob --cert "$1" --signature "$2" "$3"
|
|
|
|
[[ $? -eq 0 ]] || fatal 'signature verification failed'
|
|
}
|
|
|
|
assure_provenance() {
|
|
[[ $# -eq 1 ]] || fatal 'assure_provenance needs exactly 1 arguments'
|
|
|
|
if "${SKIP_COSIGN_VERIFICATION}"; then
|
|
echo 'Skipping cosign verification...'
|
|
else
|
|
cosign_verify "${TMP_DIR}/checksums.txt.pem" \
|
|
"${TMP_DIR}/checksums.txt.sig" \
|
|
"${TMP_DIR}/checksums.txt"
|
|
fi
|
|
|
|
pushd "${TMP_DIR}" || exit
|
|
if command -v sha256sum; then
|
|
grep "$1" "checksums.txt" | sha256sum --check
|
|
else
|
|
grep "$1" "checksums.txt" | shasum -a 256 --check
|
|
fi
|
|
popd || exit
|
|
|
|
[[ $? -eq 0 ]] || fatal 'integrity verification failed'
|
|
}
|
|
|
|
extract_libraries(){
|
|
[[ $# -eq 2 ]] || fatal 'extract_libraries needs exactly 2 arguments'
|
|
|
|
tar -xf "${TMP_DIR}/$1"
|
|
|
|
rm "${TMP_DIR}/$1"
|
|
mv "${2}" "${TAG}"
|
|
mv "${TAG}/" "./build/libgit2"
|
|
}
|
|
|
|
fix_pkgconfigs(){
|
|
NEW_DIR="$(/bin/pwd)/build/libgit2/${TAG}"
|
|
|
|
# Update the prefix paths included in the .pc files.
|
|
if [[ $OSTYPE == 'darwin'* ]]; then
|
|
# https://github.com/fluxcd/golang-with-libgit2/blob/v0.1.4/.github/workflows/release.yaml#L158
|
|
INSTALLED_DIR="/Users/runner/work/golang-with-libgit2/golang-with-libgit2/build/darwin-libgit2-only"
|
|
|
|
# This will make it easier to update to the location in which they will be used.
|
|
# sed has a sight different behaviour in MacOS
|
|
# NB: Some macOS users may override their sed with gsed. If gsed is the PATH, use that instead.
|
|
if command -v gsed &> /dev/null; then
|
|
find "${NEW_DIR}" -type f -name "*.pc" | xargs -I {} gsed -i "s;${INSTALLED_DIR};${NEW_DIR};g" {}
|
|
else
|
|
find "${NEW_DIR}" -type f -name "*.pc" | xargs -I {} sed -i "" "s;${INSTALLED_DIR};${NEW_DIR};g" {}
|
|
fi
|
|
else
|
|
# https://github.com/fluxcd/golang-with-libgit2/blob/v0.1.4/.github/workflows/release.yaml#L52
|
|
INSTALLED_DIR="/home/runner/work/golang-with-libgit2/golang-with-libgit2/build/build_libgit2_only"
|
|
|
|
find "${NEW_DIR}" -type f -name "*.pc" | xargs -I {} sed -i "s;${INSTALLED_DIR};${NEW_DIR};g" {}
|
|
fi
|
|
}
|
|
|
|
extract_from_image(){
|
|
PLATFORM=$1
|
|
DIR=$2
|
|
|
|
id=$(docker create --platform="${PLATFORM}" "${IMG_TAG}" sh)
|
|
docker cp "${id}":/usr/local - > output.tar.gz
|
|
docker rm -v "${id}"
|
|
|
|
tar -xf output.tar.gz "local/${DIR}"
|
|
rm output.tar.gz
|
|
|
|
NEW_DIR="$(/bin/pwd)/build/libgit2/${TAG}"
|
|
INSTALLED_DIR="/usr/local/${DIR}"
|
|
|
|
mv "local/${DIR}" "${TAG}"
|
|
rm -rf "local"
|
|
mv "${TAG}/" "./build/libgit2"
|
|
|
|
# Update the prefix paths included in the .pc files.
|
|
# This will make it easier to update to the location in which they will be used.
|
|
find "${NEW_DIR}" -type f -name "*.pc" | xargs -I {} sed -i "s;${INSTALLED_DIR};${NEW_DIR};g" {}
|
|
}
|
|
|
|
install_libraries(){
|
|
if [ -d "./build/libgit2/${TAG}" ]; then
|
|
echo "Skipping: libgit2 ${TAG} already installed"
|
|
exit 0
|
|
fi
|
|
|
|
mkdir -p "./build/libgit2"
|
|
|
|
# Linux ARM support is still based on the container image libraries.
|
|
if [[ $OSTYPE == 'linux'* ]]; then
|
|
if [ "$(uname -m)" = "arm64" ] || [ "$(uname -m)" = "aarch64" ]; then
|
|
extract_from_image "linux/arm64" "aarch64-alpine-linux-musl"
|
|
fix_pkgconfigs "aarch64-alpine-linux-musl"
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
FILE_NAME="linux-$(uname -m)-libgit2-only.tar.gz"
|
|
DIR="linux-libgit2-only"
|
|
if [[ $OSTYPE == 'darwin'* ]]; then
|
|
FILE_NAME="darwin-libgit2-only.tar.gz"
|
|
DIR="darwin-libgit2-only"
|
|
fi
|
|
|
|
download_files "${FILE_NAME}"
|
|
assure_provenance "${FILE_NAME}"
|
|
extract_libraries "${FILE_NAME}" "${DIR}"
|
|
fix_pkgconfigs
|
|
}
|
|
|
|
install_libraries
|