From 0ca9e28724f76f255ea7474c0c6fd61763aa4805 Mon Sep 17 00:00:00 2001 From: "daxapatel@microsoft.com" Date: Fri, 5 Jan 2024 19:41:56 -0500 Subject: [PATCH] fix: azcopy download with checksum verification - review feedback --- .../linux/cloud-init/artifacts/cse_install.sh | 3 ++- pkg/templates/templates_generated.go | 3 ++- vhdbuilder/scripts/linux/tool_installs.sh | 22 ++++++++++++------- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/parts/linux/cloud-init/artifacts/cse_install.sh b/parts/linux/cloud-init/artifacts/cse_install.sh index 3d85927211f..ce6a7826623 100755 --- a/parts/linux/cloud-init/artifacts/cse_install.sh +++ b/parts/linux/cloud-init/artifacts/cse_install.sh @@ -255,7 +255,7 @@ extractPrivateKubeBinaries() { return 1 fi - # remove the current kubelet binaries before extracting new binaries from the cached package + # remove the current kubelet and kubectl binaries before extracting new binaries from the cached package rm -rf /usr/local/bin/kubelet-* /usr/local/bin/kubectl-* retrycmd_get_tarball 120 5 "${cached_pkg}" ${kube_binary_url} || exit $ERR_PRIVATE_K8S_PKG_ERR @@ -264,6 +264,7 @@ extractPrivateKubeBinaries() { } installKubeletKubectlAndKubeProxy() { + # when both, custom and private urls for kubernetes packages are set, custom url will be used and private url will be ignored CUSTOM_KUBE_BINARY_DOWNLOAD_URL="${CUSTOM_KUBE_BINARY_URL:=}" PRIVATE_KUBE_BINARY_DOWNLOAD_URL="${PRIVATE_KUBE_BINARY_URL:=}" echo "using private url: ${PRIVATE_KUBE_BINARY_DOWNLOAD_URL}, custom url: ${CUSTOM_KUBE_BINARY_DOWNLOAD_URL}" diff --git a/pkg/templates/templates_generated.go b/pkg/templates/templates_generated.go index 897e8af4847..8f3b1514517 100644 --- a/pkg/templates/templates_generated.go +++ b/pkg/templates/templates_generated.go @@ -3092,7 +3092,7 @@ extractPrivateKubeBinaries() { return 1 fi - # remove the current kubelet binaries before extracting new binaries from the cached package + # remove the current kubelet and kubectl binaries before extracting new binaries from the cached package rm -rf /usr/local/bin/kubelet-* /usr/local/bin/kubectl-* retrycmd_get_tarball 120 5 "${cached_pkg}" ${kube_binary_url} || exit $ERR_PRIVATE_K8S_PKG_ERR @@ -3101,6 +3101,7 @@ extractPrivateKubeBinaries() { } installKubeletKubectlAndKubeProxy() { + # when both, custom and private urls for kubernetes packages are set, custom url will be used and private url will be ignored CUSTOM_KUBE_BINARY_DOWNLOAD_URL="${CUSTOM_KUBE_BINARY_URL:=}" PRIVATE_KUBE_BINARY_DOWNLOAD_URL="${PRIVATE_KUBE_BINARY_URL:=}" echo "using private url: ${PRIVATE_KUBE_BINARY_DOWNLOAD_URL}, custom url: ${CUSTOM_KUBE_BINARY_DOWNLOAD_URL}" diff --git a/vhdbuilder/scripts/linux/tool_installs.sh b/vhdbuilder/scripts/linux/tool_installs.sh index 1ef218e90ec..cb25a2fd3f7 100644 --- a/vhdbuilder/scripts/linux/tool_installs.sh +++ b/vhdbuilder/scripts/linux/tool_installs.sh @@ -54,19 +54,25 @@ getAzCopyCurrentPath() { else echo "get azcopy at \"${PWD}\"...start" # Download and extract - azcopydownloadurl="https://aka.ms/downloadazcopy-v10-linux" + azcopydownloadurl="https://azcopyvnext.azureedge.net/releases/release-10.22.1-20231220/azcopy_linux_amd64_10.22.1.tar.gz" + azcopysha256="7549424d56ab2d8b4033c84c2a9bb167dc2dcbb23998acd7fffb37bc1a71a267" if [[ $(isARM64) == 1 ]]; then - azcopydownloadurl="https://aka.ms/downloadazcopy-v10-linux-arm64" + azcopydownloadurl="https://azcopyvnext.azureedge.net/releases/release-10.22.1-20231220/azcopy_linux_arm64_10.22.1.tar.gz" + azcopysha256="4db9a4b48abc7775f1a5d6d928afc42361dcc57bbfcde23ac82e4c419a0dc8fc" fi - wget "$azcopydownloadurl" -O "downloadazcopy" - tar -xvf ./downloadazcopy - rm -f ./azcopy - cp ./azcopy_linux_*/azcopy ./azcopy + downloadedpkg="downloadazcopy" + pkgprefix="azcopy_linux_" + + wget "$azcopydownloadurl" -O "$downloadedpkg" && + echo "$azcopysha256 $downloadedpkg" | sha256sum --check >/dev/null && + tar -xvf ./$downloadedpkg && + cp ./$pkgprefix*/azcopy ./azcopy && chmod +x ./azcopy - rm -f downloadazcopy - rm -rf ./azcopy_linux_*/ + rm -f $downloadedpkg + rm -rf ./$pkgprefix*/ + echo "get azcopy...done" fi } \ No newline at end of file