Merge pull request #94975 from zshihang/hash

replace sha1 with sha512
This commit is contained in:
Kubernetes Prow Robot 2020-10-06 13:00:42 -07:00 committed by GitHub
commit 446da13de1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 75 additions and 75 deletions

View File

@ -308,7 +308,7 @@ NODE_PROBLEM_DETECTOR_TAR_HASH="${NODE_PROBLEM_DETECTOR_TAR_HASH:-}"
NODE_PROBLEM_DETECTOR_RELEASE_PATH="${NODE_PROBLEM_DETECTOR_RELEASE_PATH:-}" NODE_PROBLEM_DETECTOR_RELEASE_PATH="${NODE_PROBLEM_DETECTOR_RELEASE_PATH:-}"
NODE_PROBLEM_DETECTOR_CUSTOM_FLAGS="${NODE_PROBLEM_DETECTOR_CUSTOM_FLAGS:-}" NODE_PROBLEM_DETECTOR_CUSTOM_FLAGS="${NODE_PROBLEM_DETECTOR_CUSTOM_FLAGS:-}"
CNI_SHA1="${CNI_SHA1:-}" CNI_HASH="${CNI_HASH:-}"
CNI_TAR_PREFIX="${CNI_TAR_PREFIX:-cni-plugins-linux-amd64-}" CNI_TAR_PREFIX="${CNI_TAR_PREFIX:-cni-plugins-linux-amd64-}"
CNI_STORAGE_URL_BASE="${CNI_STORAGE_URL_BASE:-https://storage.googleapis.com/k8s-artifacts-cni/release}" CNI_STORAGE_URL_BASE="${CNI_STORAGE_URL_BASE:-https://storage.googleapis.com/k8s-artifacts-cni/release}"

View File

@ -340,7 +340,7 @@ NODE_PROBLEM_DETECTOR_TAR_HASH=${NODE_PROBLEM_DETECTOR_TAR_HASH:-}
NODE_PROBLEM_DETECTOR_RELEASE_PATH=${NODE_PROBLEM_DETECTOR_RELEASE_PATH:-} NODE_PROBLEM_DETECTOR_RELEASE_PATH=${NODE_PROBLEM_DETECTOR_RELEASE_PATH:-}
NODE_PROBLEM_DETECTOR_CUSTOM_FLAGS=${NODE_PROBLEM_DETECTOR_CUSTOM_FLAGS:-} NODE_PROBLEM_DETECTOR_CUSTOM_FLAGS=${NODE_PROBLEM_DETECTOR_CUSTOM_FLAGS:-}
CNI_SHA1=${CNI_SHA1:-} CNI_HASH=${CNI_HASH:-}
CNI_TAR_PREFIX=${CNI_TAR_PREFIX:-cni-plugins-linux-amd64-} CNI_TAR_PREFIX=${CNI_TAR_PREFIX:-cni-plugins-linux-amd64-}
CNI_STORAGE_URL_BASE=${CNI_STORAGE_URL_BASE:-https://storage.googleapis.com/k8s-artifacts-cni/release} CNI_STORAGE_URL_BASE=${CNI_STORAGE_URL_BASE:-https://storage.googleapis.com/k8s-artifacts-cni/release}

View File

@ -25,12 +25,12 @@ set -o pipefail
### Hardcoded constants ### Hardcoded constants
DEFAULT_CNI_VERSION="v0.8.7" DEFAULT_CNI_VERSION="v0.8.7"
DEFAULT_CNI_SHA1="96a30cb67e33da95fb1d99f93dd787c2a3c08627" DEFAULT_CNI_HASH="8f2cbee3b5f94d59f919054dccfe99a8e3db5473b553d91da8af4763e811138533e05df4dbeab16b3f774852b4184a7994968f5e036a3f531ad1ac4620d10ede"
DEFAULT_NPD_VERSION="v0.8.0" DEFAULT_NPD_VERSION="v0.8.0"
DEFAULT_NPD_SHA1="9406c975b1b035995a137029a004622b905b4e7f" DEFAULT_NPD_HASH="b15d6919321e832b5fc7bc150c2e141e947305e82b34b514adbda9b9bc41088beadbf833f5bbbf44b9a8181c3fd8ed41e1629458d7544ccaecb374c22bde1517"
DEFAULT_CRICTL_VERSION="v1.19.0" DEFAULT_CRICTL_VERSION="v1.19.0"
DEFAULT_CRICTL_SHA1="bc9d57377402c2cc36ca5e600d55de96b15953de" DEFAULT_CRICTL_HASH="fbbb34a1667bcf94df911a92ab6b70a9d2b34da967244a222f288bf0135c587cbfdcc89deedc5afd1823e109921df9caaa4e9ff9cc39e55a9b8cdea8eb6ebe72"
DEFAULT_MOUNTER_TAR_SHA="8003b798cf33c7f91320cd6ee5cec4fa22244571" DEFAULT_MOUNTER_TAR_SHA="7956fd42523de6b3107ddc3ce0e75233d2fcb78436ff07a1389b6eaac91fb2b1b72a08f7a219eaf96ba1ca4da8d45271002e0d60e0644e796c665f99bb356516"
### ###
# Use --retry-connrefused opt only if it's supported by curl. # Use --retry-connrefused opt only if it's supported by curl.
@ -126,9 +126,9 @@ function validate-hash {
local -r file="$1" local -r file="$1"
local -r expected="$2" local -r expected="$2"
actual=$(sha1sum ${file} | awk '{ print $1 }') || true actual=$(sha512sum ${file} | awk '{ print $1 }') || true
if [[ "${actual}" != "${expected}" ]]; then if [[ "${actual}" != "${expected}" ]]; then
echo "== ${file} corrupted, sha1 ${actual} doesn't match expected ${expected} ==" echo "== ${file} corrupted, sha512 ${actual} doesn't match expected ${expected} =="
return 1 return 1
fi fi
} }
@ -146,7 +146,7 @@ function valid-storage-scope {
# Retry a download until we get it. Takes a hash and a set of URLs. # Retry a download until we get it. Takes a hash and a set of URLs.
# #
# $1 is the sha1 of the URL. Can be "" if the sha1 is unknown. # $1 is the sha512 of the URL. Can be "" if the sha512 is unknown.
# $2+ are the URLs to download. # $2+ are the URLs to download.
function download-or-bust { function download-or-bust {
local -r hash="$1" local -r hash="$1"
@ -168,7 +168,7 @@ function download-or-bust {
echo "== Hash validation of ${url} failed. Retrying. ==" echo "== Hash validation of ${url} failed. Retrying. =="
else else
if [[ -n "${hash}" ]]; then if [[ -n "${hash}" ]]; then
echo "== Downloaded ${url} (SHA1 = ${hash}) ==" echo "== Downloaded ${url} (SHA512 = ${hash}) =="
else else
echo "== Downloaded ${url} ==" echo "== Downloaded ${url} =="
fi fi
@ -220,21 +220,21 @@ function install-gci-mounter-tools {
function install-node-problem-detector { function install-node-problem-detector {
if [[ -n "${NODE_PROBLEM_DETECTOR_VERSION:-}" ]]; then if [[ -n "${NODE_PROBLEM_DETECTOR_VERSION:-}" ]]; then
local -r npd_version="${NODE_PROBLEM_DETECTOR_VERSION}" local -r npd_version="${NODE_PROBLEM_DETECTOR_VERSION}"
local -r npd_sha1="${NODE_PROBLEM_DETECTOR_TAR_HASH}" local -r npd_hash="${NODE_PROBLEM_DETECTOR_TAR_HASH}"
else else
local -r npd_version="${DEFAULT_NPD_VERSION}" local -r npd_version="${DEFAULT_NPD_VERSION}"
local -r npd_sha1="${DEFAULT_NPD_SHA1}" local -r npd_hash="${DEFAULT_NPD_HASH}"
fi fi
local -r npd_tar="node-problem-detector-${npd_version}.tar.gz" local -r npd_tar="node-problem-detector-${npd_version}.tar.gz"
if is-preloaded "${npd_tar}" "${npd_sha1}"; then if is-preloaded "${npd_tar}" "${npd_hash}"; then
echo "${npd_tar} is preloaded." echo "${npd_tar} is preloaded."
return return
fi fi
echo "Downloading ${npd_tar}." echo "Downloading ${npd_tar}."
local -r npd_release_path="${NODE_PROBLEM_DETECTOR_RELEASE_PATH:-https://storage.googleapis.com/kubernetes-release}" local -r npd_release_path="${NODE_PROBLEM_DETECTOR_RELEASE_PATH:-https://storage.googleapis.com/kubernetes-release}"
download-or-bust "${npd_sha1}" "${npd_release_path}/node-problem-detector/${npd_tar}" download-or-bust "${npd_hash}" "${npd_release_path}/node-problem-detector/${npd_tar}"
local -r npd_dir="${KUBE_HOME}/node-problem-detector" local -r npd_dir="${KUBE_HOME}/node-problem-detector"
mkdir -p "${npd_dir}" mkdir -p "${npd_dir}"
tar xzf "${KUBE_HOME}/${npd_tar}" -C "${npd_dir}" --overwrite tar xzf "${KUBE_HOME}/${npd_tar}" -C "${npd_dir}" --overwrite
@ -247,22 +247,22 @@ function install-node-problem-detector {
function install-cni-binaries { function install-cni-binaries {
if [[ -n "${CNI_VERSION:-}" ]]; then if [[ -n "${CNI_VERSION:-}" ]]; then
local -r cni_version="${CNI_VERSION}" local -r cni_version="${CNI_VERSION}"
local -r cni_sha1="${CNI_SHA1}" local -r cni_hash="${CNI_HASH}"
else else
local -r cni_version="${DEFAULT_CNI_VERSION}" local -r cni_version="${DEFAULT_CNI_VERSION}"
local -r cni_sha1="${DEFAULT_CNI_SHA1}" local -r cni_hash="${DEFAULT_CNI_HASH}"
fi fi
local -r cni_tar="${CNI_TAR_PREFIX}${cni_version}.tgz" local -r cni_tar="${CNI_TAR_PREFIX}${cni_version}.tgz"
local -r cni_url="${CNI_STORAGE_URL_BASE}/${cni_version}/${cni_tar}" local -r cni_url="${CNI_STORAGE_URL_BASE}/${cni_version}/${cni_tar}"
if is-preloaded "${cni_tar}" "${cni_sha1}"; then if is-preloaded "${cni_tar}" "${cni_hash}"; then
echo "${cni_tar} is preloaded." echo "${cni_tar} is preloaded."
return return
fi fi
echo "Downloading cni binaries" echo "Downloading cni binaries"
download-or-bust "${cni_sha1}" "${cni_url}" download-or-bust "${cni_hash}" "${cni_url}"
local -r cni_dir="${KUBE_HOME}/cni" local -r cni_dir="${KUBE_HOME}/cni"
mkdir -p "${cni_dir}/bin" mkdir -p "${cni_dir}/bin"
tar xzf "${KUBE_HOME}/${cni_tar}" -C "${cni_dir}/bin" --overwrite tar xzf "${KUBE_HOME}/${cni_tar}" -C "${cni_dir}/bin" --overwrite
@ -275,10 +275,10 @@ function install-cni-binaries {
function install-crictl { function install-crictl {
if [[ -n "${CRICTL_VERSION:-}" ]]; then if [[ -n "${CRICTL_VERSION:-}" ]]; then
local -r crictl_version="${CRICTL_VERSION}" local -r crictl_version="${CRICTL_VERSION}"
local -r crictl_sha1="${CRICTL_TAR_HASH}" local -r crictl_hash="${CRICTL_TAR_HASH}"
else else
local -r crictl_version="${DEFAULT_CRICTL_VERSION}" local -r crictl_version="${DEFAULT_CRICTL_VERSION}"
local -r crictl_sha1="${DEFAULT_CRICTL_SHA1}" local -r crictl_hash="${DEFAULT_CRICTL_HASH}"
fi fi
local -r crictl="crictl-${crictl_version}-linux-amd64.tar.gz" local -r crictl="crictl-${crictl_version}-linux-amd64.tar.gz"
@ -287,14 +287,14 @@ function install-crictl {
runtime-endpoint: ${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/dockershim.sock} runtime-endpoint: ${CONTAINER_RUNTIME_ENDPOINT:-unix:///var/run/dockershim.sock}
EOF EOF
if is-preloaded "${crictl}" "${crictl_sha1}"; then if is-preloaded "${crictl}" "${crictl_hash}"; then
echo "crictl is preloaded" echo "crictl is preloaded"
return return
fi fi
echo "Downloading crictl" echo "Downloading crictl"
local -r crictl_path="https://storage.googleapis.com/k8s-artifacts-cri-tools/release/${crictl_version}" local -r crictl_path="https://storage.googleapis.com/k8s-artifacts-cri-tools/release/${crictl_version}"
download-or-bust "${crictl_sha1}" "${crictl_path}/${crictl}" download-or-bust "${crictl_hash}" "${crictl_path}/${crictl}"
tar xf "${crictl}" tar xf "${crictl}"
mv crictl "${KUBE_BIN}/crictl" mv crictl "${KUBE_BIN}/crictl"
} }
@ -304,15 +304,15 @@ function install-exec-auth-plugin {
return return
fi fi
local -r plugin_url="${EXEC_AUTH_PLUGIN_URL}" local -r plugin_url="${EXEC_AUTH_PLUGIN_URL}"
local -r plugin_sha1="${EXEC_AUTH_PLUGIN_SHA1}" local -r plugin_hash="${EXEC_AUTH_PLUGIN_HASH}"
if is-preloaded "gke-exec-auth-plugin" "${plugin_sha1}"; then if is-preloaded "gke-exec-auth-plugin" "${plugin_hash}"; then
echo "gke-exec-auth-plugin is preloaded" echo "gke-exec-auth-plugin is preloaded"
return return
fi fi
echo "Downloading gke-exec-auth-plugin binary" echo "Downloading gke-exec-auth-plugin binary"
download-or-bust "${plugin_sha1}" "${plugin_url}" download-or-bust "${plugin_hash}" "${plugin_url}"
mv "${KUBE_HOME}/gke-exec-auth-plugin" "${KUBE_BIN}/gke-exec-auth-plugin" mv "${KUBE_HOME}/gke-exec-auth-plugin" "${KUBE_BIN}/gke-exec-auth-plugin"
chmod a+x "${KUBE_BIN}/gke-exec-auth-plugin" chmod a+x "${KUBE_BIN}/gke-exec-auth-plugin"
@ -334,9 +334,9 @@ function install-kube-manifests {
if [ -n "${KUBE_MANIFESTS_TAR_HASH:-}" ]; then if [ -n "${KUBE_MANIFESTS_TAR_HASH:-}" ]; then
local -r manifests_tar_hash="${KUBE_MANIFESTS_TAR_HASH}" local -r manifests_tar_hash="${KUBE_MANIFESTS_TAR_HASH}"
else else
echo "Downloading k8s manifests sha1 (not found in env)" echo "Downloading k8s manifests hash (not found in env)"
download-or-bust "" "${manifests_tar_urls[@]/.tar.gz/.tar.gz.sha1}" download-or-bust "" "${manifests_tar_urls[@]/.tar.gz/.tar.gz.sha512}"
local -r manifests_tar_hash=$(cat "${manifests_tar}.sha1") local -r manifests_tar_hash=$(cat "${manifests_tar}.sha512")
fi fi
if is-preloaded "${manifests_tar}" "${manifests_tar_hash}"; then if is-preloaded "${manifests_tar}" "${manifests_tar_hash}"; then
@ -363,7 +363,7 @@ function install-kube-manifests {
cp "${dst_dir}/kubernetes/gci-trusty/health-monitor.sh" "${KUBE_BIN}/health-monitor.sh" cp "${dst_dir}/kubernetes/gci-trusty/health-monitor.sh" "${KUBE_BIN}/health-monitor.sh"
rm -f "${KUBE_HOME}/${manifests_tar}" rm -f "${KUBE_HOME}/${manifests_tar}"
rm -f "${KUBE_HOME}/${manifests_tar}.sha1" rm -f "${KUBE_HOME}/${manifests_tar}.sha512"
} }
# A helper function for loading a docker image. It keeps trying up to 5 times. # A helper function for loading a docker image. It keeps trying up to 5 times.
@ -547,9 +547,9 @@ function install-kube-binary-config {
if [[ -n "${SERVER_BINARY_TAR_HASH:-}" ]]; then if [[ -n "${SERVER_BINARY_TAR_HASH:-}" ]]; then
local -r server_binary_tar_hash="${SERVER_BINARY_TAR_HASH}" local -r server_binary_tar_hash="${SERVER_BINARY_TAR_HASH}"
else else
echo "Downloading binary release sha1 (not found in env)" echo "Downloading binary release sha512 (not found in env)"
download-or-bust "" "${server_binary_tar_urls[@]/.tar.gz/.tar.gz.sha1}" download-or-bust "" "${server_binary_tar_urls[@]/.tar.gz/.tar.gz.sha512}"
local -r server_binary_tar_hash=$(cat "${server_binary_tar}.sha1") local -r server_binary_tar_hash=$(cat "${server_binary_tar}.sha512")
fi fi
if is-preloaded "${server_binary_tar}" "${server_binary_tar_hash}"; then if is-preloaded "${server_binary_tar}" "${server_binary_tar_hash}"; then
@ -613,7 +613,7 @@ function install-kube-binary-config {
# Clean up. # Clean up.
rm -rf "${KUBE_HOME}/kubernetes" rm -rf "${KUBE_HOME}/kubernetes"
rm -f "${KUBE_HOME}/${server_binary_tar}" rm -f "${KUBE_HOME}/${server_binary_tar}"
rm -f "${KUBE_HOME}/${server_binary_tar}.sha1" rm -f "${KUBE_HOME}/${server_binary_tar}.sha512"
} }
######### Main Function ########## ######### Main Function ##########

View File

@ -63,6 +63,6 @@ echo "Uploading gci mounter ACI in ${ACI_DIR} to ${MOUNTER_GCS_DIR}"
gsutil cp "${ACI_DIR}/${MOUNTER_ACI_IMAGE}" "${MOUNTER_GCS_DIR}" gsutil cp "${ACI_DIR}/${MOUNTER_ACI_IMAGE}" "${MOUNTER_GCS_DIR}"
echo "Upload completed" echo "Upload completed"
echo "Updated gci-mounter ACI version and SHA1 in cluster/gce/gci/configure.sh" echo "Updated gci-mounter ACI version and SH512 in cluster/gce/gci/configure.sh"
ACI_HASH=$(sha1sum "${ACI_DIR}/${MOUNTER_ACI_IMAGE}") ACI_HASH=$(sha512sum "${ACI_DIR}/${MOUNTER_ACI_IMAGE}")
echo "${MOUNTER_ACI_IMAGE} hash: ${ACI_HASH}" echo "${MOUNTER_ACI_IMAGE} hash: ${ACI_HASH}"

View File

@ -239,10 +239,10 @@ function copy-to-staging() {
fi fi
fi fi
echo "${hash}" > "${tar}.sha1" echo "${hash}" > "${tar}.sha512"
gsutil -m -q -h "Cache-Control:private, max-age=0" cp "${tar}" "${tar}.sha1" "${staging_path}" gsutil -m -q -h "Cache-Control:private, max-age=0" cp "${tar}" "${tar}.sha512" "${staging_path}"
gsutil -m acl ch -g all:R "${gs_url}" "${gs_url}.sha1" >/dev/null 2>&1 || true gsutil -m acl ch -g all:R "${gs_url}" "${gs_url}.sha512" >/dev/null 2>&1 || true
echo "+++ ${basename_tar} uploaded (sha1 = ${hash})" echo "+++ ${basename_tar} uploaded (sha512 = ${hash})"
} }
@ -314,13 +314,13 @@ function upload-tars() {
DOCKER_REGISTRY_MIRROR_URL="https://mirror.gcr.io" DOCKER_REGISTRY_MIRROR_URL="https://mirror.gcr.io"
fi fi
SERVER_BINARY_TAR_HASH=$(sha1sum-file "${SERVER_BINARY_TAR}") SERVER_BINARY_TAR_HASH=$(sha512sum-file "${SERVER_BINARY_TAR}")
if [[ -n "${NODE_BINARY_TAR:-}" ]]; then if [[ -n "${NODE_BINARY_TAR:-}" ]]; then
NODE_BINARY_TAR_HASH=$(sha1sum-file "${NODE_BINARY_TAR}") NODE_BINARY_TAR_HASH=$(sha512sum-file "${NODE_BINARY_TAR}")
fi fi
if [[ -n "${KUBE_MANIFESTS_TAR:-}" ]]; then if [[ -n "${KUBE_MANIFESTS_TAR:-}" ]]; then
KUBE_MANIFESTS_TAR_HASH=$(sha1sum-file "${KUBE_MANIFESTS_TAR}") KUBE_MANIFESTS_TAR_HASH=$(sha512sum-file "${KUBE_MANIFESTS_TAR}")
fi fi
local server_binary_tar_urls=() local server_binary_tar_urls=()
@ -506,11 +506,11 @@ function load-or-gen-kube-bearertoken() {
# SERVER_BINARY_TAR_URL # SERVER_BINARY_TAR_URL
# SERVER_BINARY_TAR_HASH # SERVER_BINARY_TAR_HASH
function tars_from_version() { function tars_from_version() {
local sha1sum="" local sha512sum=""
if which sha1sum >/dev/null 2>&1; then if which sha512sum >/dev/null 2>&1; then
sha1sum="sha1sum" sha512sum="sha512sum"
else else
sha1sum="shasum -a1" sha512sum="shasum -a512"
fi fi
if [[ -z "${KUBE_VERSION-}" ]]; then if [[ -z "${KUBE_VERSION-}" ]]; then
@ -520,18 +520,18 @@ function tars_from_version() {
SERVER_BINARY_TAR_URL="https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/kubernetes-server-linux-amd64.tar.gz" SERVER_BINARY_TAR_URL="https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/kubernetes-server-linux-amd64.tar.gz"
# TODO: Clean this up. # TODO: Clean this up.
KUBE_MANIFESTS_TAR_URL="${SERVER_BINARY_TAR_URL/server-linux-amd64/manifests}" KUBE_MANIFESTS_TAR_URL="${SERVER_BINARY_TAR_URL/server-linux-amd64/manifests}"
KUBE_MANIFESTS_TAR_HASH=$(curl ${KUBE_MANIFESTS_TAR_URL} --silent --show-error | ${sha1sum} | awk '{print $1}') KUBE_MANIFESTS_TAR_HASH=$(curl ${KUBE_MANIFESTS_TAR_URL} --silent --show-error | ${sha512sum} | awk '{print $1}')
elif [[ ${KUBE_VERSION} =~ ${KUBE_CI_VERSION_REGEX} ]]; then elif [[ ${KUBE_VERSION} =~ ${KUBE_CI_VERSION_REGEX} ]]; then
SERVER_BINARY_TAR_URL="https://storage.googleapis.com/kubernetes-release-dev/ci/${KUBE_VERSION}/kubernetes-server-linux-amd64.tar.gz" SERVER_BINARY_TAR_URL="https://storage.googleapis.com/kubernetes-release-dev/ci/${KUBE_VERSION}/kubernetes-server-linux-amd64.tar.gz"
# TODO: Clean this up. # TODO: Clean this up.
KUBE_MANIFESTS_TAR_URL="${SERVER_BINARY_TAR_URL/server-linux-amd64/manifests}" KUBE_MANIFESTS_TAR_URL="${SERVER_BINARY_TAR_URL/server-linux-amd64/manifests}"
KUBE_MANIFESTS_TAR_HASH=$(curl ${KUBE_MANIFESTS_TAR_URL} --silent --show-error | ${sha1sum} | awk '{print $1}') KUBE_MANIFESTS_TAR_HASH=$(curl ${KUBE_MANIFESTS_TAR_URL} --silent --show-error | ${sha512sum} | awk '{print $1}')
else else
echo "Version doesn't match regexp" >&2 echo "Version doesn't match regexp" >&2
exit 1 exit 1
fi fi
if ! SERVER_BINARY_TAR_HASH=$(curl -Ss --fail "${SERVER_BINARY_TAR_URL}.sha1"); then if ! SERVER_BINARY_TAR_HASH=$(curl -Ss --fail "${SERVER_BINARY_TAR_URL}.sha512"); then
echo "Failure trying to curl release .sha1" echo "Failure trying to curl release .sha512"
fi fi
if ! curl -Ss --head "${SERVER_BINARY_TAR_URL}" >&/dev/null; then if ! curl -Ss --head "${SERVER_BINARY_TAR_URL}" >&/dev/null; then
@ -1144,7 +1144,7 @@ NODE_PROBLEM_DETECTOR_CUSTOM_FLAGS: $(yaml-quote "${NODE_PROBLEM_DETECTOR_CUSTOM
CNI_STORAGE_URL_BASE: $(yaml-quote "${CNI_STORAGE_URL_BASE:-}") CNI_STORAGE_URL_BASE: $(yaml-quote "${CNI_STORAGE_URL_BASE:-}")
CNI_TAR_PREFIX: $(yaml-quote "${CNI_TAR_PREFIX:-}") CNI_TAR_PREFIX: $(yaml-quote "${CNI_TAR_PREFIX:-}")
CNI_VERSION: $(yaml-quote "${CNI_VERSION:-}") CNI_VERSION: $(yaml-quote "${CNI_VERSION:-}")
CNI_SHA1: $(yaml-quote "${CNI_SHA1:-}") CNI_HASH: $(yaml-quote "${CNI_HASH:-}")
ENABLE_NODE_LOGGING: $(yaml-quote "${ENABLE_NODE_LOGGING:-false}") ENABLE_NODE_LOGGING: $(yaml-quote "${ENABLE_NODE_LOGGING:-false}")
LOGGING_DESTINATION: $(yaml-quote "${LOGGING_DESTINATION:-}") LOGGING_DESTINATION: $(yaml-quote "${LOGGING_DESTINATION:-}")
ELASTICSEARCH_LOGGING_REPLICAS: $(yaml-quote "${ELASTICSEARCH_LOGGING_REPLICAS:-}") ELASTICSEARCH_LOGGING_REPLICAS: $(yaml-quote "${ELASTICSEARCH_LOGGING_REPLICAS:-}")
@ -1552,11 +1552,11 @@ WINDOWS_INFRA_CONTAINER: $(yaml-quote "${WINDOWS_INFRA_CONTAINER}")
EOF EOF
} }
function sha1sum-file() { function sha512sum-file() {
if which sha1sum >/dev/null 2>&1; then if which sha512sum >/dev/null 2>&1; then
sha1sum "$1" | awk '{ print $1 }' sha512sum "$1" | awk '{ print $1 }'
else else
shasum -a1 "$1" | awk '{ print $1 }' shasum -a512 "$1" | awk '{ print $1 }'
fi fi
} }

View File

@ -128,12 +128,12 @@ function Validate-SHA {
# It will loop through the URLs list forever until it has a success. If # It will loop through the URLs list forever until it has a success. If
# successful, it will write the file to OutFile. You can optionally provide a # successful, it will write the file to OutFile. You can optionally provide a
# Hash argument with an optional Algorithm, in which case it will attempt to # Hash argument with an optional Algorithm, in which case it will attempt to
# validate the downloaded file against the hash. SHA1 will be used if Algorithm # validate the downloaded file against the hash. SHA512 will be used if Algorithm
# is not provided. # is not provided.
function MustDownload-File { function MustDownload-File {
param ( param (
[parameter(Mandatory=$false)] [string]$Hash, [parameter(Mandatory=$false)] [string]$Hash,
[parameter(Mandatory=$false)] [string]$Algorithm = 'SHA1', [parameter(Mandatory=$false)] [string]$Algorithm = 'SHA512',
[parameter(Mandatory=$true)] [string]$OutFile, [parameter(Mandatory=$true)] [string]$OutFile,
[parameter(Mandatory=$true)] [System.Collections.Generic.List[String]]$URLs, [parameter(Mandatory=$true)] [System.Collections.Generic.List[String]]$URLs,
[parameter(Mandatory=$false)] [System.Collections.IDictionary]$Headers = @{} [parameter(Mandatory=$false)] [System.Collections.IDictionary]$Headers = @{}

View File

@ -339,7 +339,7 @@ function Download-HelperScripts {
# #
# Required ${kube_env} keys: # Required ${kube_env} keys:
# EXEC_AUTH_PLUGIN_LICENSE_URL # EXEC_AUTH_PLUGIN_LICENSE_URL
# EXEC_AUTH_PLUGIN_SHA1 # EXEC_AUTH_PLUGIN_HASH
# EXEC_AUTH_PLUGIN_URL # EXEC_AUTH_PLUGIN_URL
function DownloadAndInstall-AuthPlugin { function DownloadAndInstall-AuthPlugin {
if (-not (Test-NodeUsesAuthPlugin ${kube_env})) { if (-not (Test-NodeUsesAuthPlugin ${kube_env})) {
@ -351,14 +351,14 @@ function DownloadAndInstall-AuthPlugin {
} }
if (-not ($kube_env.ContainsKey('EXEC_AUTH_PLUGIN_LICENSE_URL') -and if (-not ($kube_env.ContainsKey('EXEC_AUTH_PLUGIN_LICENSE_URL') -and
$kube_env.ContainsKey('EXEC_AUTH_PLUGIN_SHA1') -and $kube_env.ContainsKey('EXEC_AUTH_PLUGIN_HASH') -and
$kube_env.ContainsKey('EXEC_AUTH_PLUGIN_URL'))) { $kube_env.ContainsKey('EXEC_AUTH_PLUGIN_URL'))) {
Log-Output -Fatal ("Missing one or more kube-env keys needed for " + Log-Output -Fatal ("Missing one or more kube-env keys needed for " +
"downloading auth plugin: $(Out-String $kube_env)") "downloading auth plugin: $(Out-String $kube_env)")
} }
MustDownload-File ` MustDownload-File `
-URLs ${kube_env}['EXEC_AUTH_PLUGIN_URL'] ` -URLs ${kube_env}['EXEC_AUTH_PLUGIN_URL'] `
-Hash ${kube_env}['EXEC_AUTH_PLUGIN_SHA1'] ` -Hash ${kube_env}['EXEC_AUTH_PLUGIN_HASH'] `
-OutFile "${env:NODE_DIR}\gke-exec-auth-plugin.exe" -OutFile "${env:NODE_DIR}\gke-exec-auth-plugin.exe"
MustDownload-File ` MustDownload-File `
-URLs ${kube_env}['EXEC_AUTH_PLUGIN_LICENSE_URL'] ` -URLs ${kube_env}['EXEC_AUTH_PLUGIN_LICENSE_URL'] `
@ -962,13 +962,13 @@ function Install_Cni_Binaries {
$release_url = "${env:WINDOWS_CNI_STORAGE_PATH}/${env:WINDOWS_CNI_VERSION}/" $release_url = "${env:WINDOWS_CNI_STORAGE_PATH}/${env:WINDOWS_CNI_VERSION}/"
$tgz_url = ($release_url + $tgz_url = ($release_url +
"cni-plugins-windows-amd64-${env:WINDOWS_CNI_VERSION}.tgz") "cni-plugins-windows-amd64-${env:WINDOWS_CNI_VERSION}.tgz")
$sha_url = ($tgz_url + ".sha1") $sha_url = ($tgz_url + ".sha512")
MustDownload-File -URLs $sha_url -OutFile $tmp_dir\cni-plugins.sha1 MustDownload-File -URLs $sha_url -OutFile $tmp_dir\cni-plugins.sha512
$sha1_val = ($(Get-Content $tmp_dir\cni-plugins.sha1) -split ' ',2)[0] $sha512_val = ($(Get-Content $tmp_dir\cni-plugins.sha512) -split ' ',2)[0]
MustDownload-File ` MustDownload-File `
-URLs $tgz_url ` -URLs $tgz_url `
-OutFile $tmp_dir\cni-plugins.tgz ` -OutFile $tmp_dir\cni-plugins.tgz `
-Hash $sha1_val -Hash $sha512_val
tar xzvf $tmp_dir\cni-plugins.tgz -C $tmp_dir tar xzvf $tmp_dir\cni-plugins.tgz -C $tmp_dir
Move-Item -Force $tmp_dir\host-local.exe ${env:CNI_DIR}\ Move-Item -Force $tmp_dir\host-local.exe ${env:CNI_DIR}\

View File

@ -138,11 +138,11 @@ function md5sum_file() {
fi fi
} }
function sha1sum_file() { function sha512sum_file() {
if which sha1sum >/dev/null 2>&1; then if which sha512sum >/dev/null 2>&1; then
sha1sum "$1" | awk '{ print $1 }' sha512sum "$1" | awk '{ print $1 }'
else else
shasum -a1 "$1" | awk '{ print $1 }' shasum -a512 "$1" | awk '{ print $1 }'
fi fi
} }
@ -171,11 +171,11 @@ function download_tarball() {
exit 4 exit 4
fi fi
echo echo
local md5sum sha1sum local md5sum sha512sum
md5sum=$(md5sum_file "${download_path}/${file}") md5sum=$(md5sum_file "${download_path}/${file}")
echo "md5sum(${file})=${md5sum}" echo "md5sum(${file})=${md5sum}"
sha1sum=$(sha1sum_file "${download_path}/${file}") sha512sum=$(sha512sum_file "${download_path}/${file}")
echo "sha1sum(${file})=${sha1sum}" echo "sha512sum(${file})=${sha512sum}"
echo echo
# TODO: add actual verification # TODO: add actual verification
if [[ "${trace_on}" == "on" ]]; then if [[ "${trace_on}" == "on" ]]; then