Skip to content

[1.1] bump libseccomp to v2.5.4, check tarball sha #3481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 27, 2022
Merged

[1.1] bump libseccomp to v2.5.4, check tarball sha #3481

merged 2 commits into from
May 27, 2022

Conversation

@kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented May 24, 2022
edited
Loading

Release notes: https://github.com/seccomp/libseccomp/releases/tag/v2.5.4

This affects the released static binaries (as they are statically linked
against libseccomp).

This is a backport of #3480 and #3482.

@kolyshkin kolyshkin added backport/1.1-pr A backport PR to release-1.1 area/seccomp dependencies Pull requests that update a dependency file labels May 24, 2022
@kolyshkin kolyshkin marked this pull request as draft May 24, 2022 17:57
@kolyshkin

This comment was marked as outdated.

Sign in to view
@kolyshkin kolyshkin mentioned this pull request May 24, 2022
Merged
@kolyshkin kolyshkin marked this pull request as ready for review May 24, 2022 18:18
@kolyshkin kolyshkin added this to the 1.1.3 milestone May 24, 2022
@kolyshkin kolyshkin changed the title [1.1] Dockerfile,scripts/release: bump libseccomp to v2.5.4 [1.1] Dockerfile,scripts/release: bump libseccomp to v2.5.4, check tarball sha May 24, 2022
@kolyshkin kolyshkin changed the title [1.1] Dockerfile,scripts/release: bump libseccomp to v2.5.4, check tarball sha [1.1] bump libseccomp to v2.5.4, check tarball sha May 24, 2022
@kolyshkin kolyshkin force-pushed the 1.1-bump-libseccomp branch from eded0c5 to f7a29b4 Compare May 26, 2022 01:32
@kolyshkin kolyshkin mentioned this pull request May 26, 2022
Merged
@kolyshkin kolyshkin force-pushed the 1.1-bump-libseccomp branch from f7a29b4 to 1011bfd Compare May 27, 2022 01:26
cyphar
cyphar approved these changes May 27, 2022
View reviewed changes
Copy link
Member

@cyphar cyphar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

kolyshkin added 2 commits May 27, 2022 12:17
@kolyshkin @cyphar
Dockerfile,scripts/release: bump libseccomp to v2.5.4
017cb29 
Release notes: https://github.com/seccomp/libseccomp/releases/tag/v2.5.4

This affects the released static binaries (as they are statically linked
against libseccomp).

Signed-off-by: Kir Kolyshkin <[email protected]>
(cherry picked from commit f7b07fd)
Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin @cyphar
script/seccomp.sh: check tarball sha256
8242c05 
Add checking of downloaded tarball checksum.

In case it doesn't match the hardcoded value, the error is like this:

	libseccomp-2.5.4.tar.gz: FAILED
	sha256sum: WARNING: 1 computed checksum did NOT match

In case the checksum for a particular version is not specified in the
script, the error will look like this:

	./script/seccomp.sh: line 29: SECCOMP_SHA256[${ver}]: unbound variable

In case the the hardcoded value in the file is of wrong format/length,
we'll get:

	sha256sum: 'standard input': no properly formatted SHA256 checksum lines found

In any of these cases, the script aborts (due to set -e).

Signed-off-by: Kir Kolyshkin <[email protected]>
(cherry picked from commit 95f1e2e18872de54a17d64b2d808255463ee3d93)
Signed-off-by: Kir Kolyshkin <[email protected]>
@cyphar cyphar force-pushed the 1.1-bump-libseccomp branch from 1011bfd to 8242c05 Compare May 27, 2022 02:17
@cyphar cyphar merged commit ff14258 into opencontainers:release-1.1 May 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cyphar cyphar cyphar approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

area/seccomp backport/1.1-pr A backport PR to release-1.1 dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

1.1.3

Development

Successfully merging this pull request may close these issues.

3 participants

@kolyshkin @cyphar @AkihiroSuda