Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

misc: replace sha256sum with shasum -a 256 (#1681)

Browse Source
This commit is contained in:
Malte Poll 2023-04-26 13:40:18 +02:00 committed by GitHub
parent 53d8a2d67e
commit ec1d5e9fb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/install_operator_sdk/action.yml vendored
View File

@ -19,6 +19,6 @@ runs:
curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt
curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc
gpg -u "Operator SDK (release) <cncf-operator-sdk@cncf.io>" --verify checksums.txt.asc gpg -u "Operator SDK (release) <cncf-operator-sdk@cncf.io>" --verify checksums.txt.asc
grep operator-sdk_${OS}_${ARCH} checksums.txt | sha256sum -c - grep operator-sdk_${OS}_${ARCH} checksums.txt | shasum -a 256 -c -
chmod +x operator-sdk_${OS}_${ARCH} && sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk chmod +x operator-sdk_${OS}_${ARCH} && sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk
rm checksums.txt checksums.txt.asc rm checksums.txt checksums.txt.asc

24
.github/workflows/build-os-image.yml vendored
View File

@ -117,10 +117,10 @@ jobs:
working-directory: ${{ github.workspace }}/build working-directory: ${{ github.workspace }}/build
run: | run: |
{ {
echo "bootstrapper-sha256=$(sha256sum bootstrapper | head -c 64)" echo "bootstrapper-sha256=$(shasum -a 256 bootstrapper | head -c 64)"
echo "disk-mapper-sha256=$(sha256sum disk-mapper | head -c 64)" echo "disk-mapper-sha256=$(shasum -a 256 disk-mapper | head -c 64)"
echo "upgrade-agent-sha256=$(sha256sum upgrade-agent | head -c 64)" echo "upgrade-agent-sha256=$(shasum -a 256 upgrade-agent | head -c 64)"
echo "measurement-reader-sha256=$(sha256sum measurement-reader | head -c 64)" echo "measurement-reader-sha256=$(shasum -a 256 measurement-reader | head -c 64)"
} | tee -a "$GITHUB_OUTPUT" } | tee -a "$GITHUB_OUTPUT"
build-settings: build-settings:
@ -322,14 +322,14 @@ jobs:
working-directory: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37 working-directory: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37
run: | run: |
{ {
echo "image-raw-${{ matrix.csp }}-sha256=$(sha256sum image.raw | head -c 64)" echo "image-raw-${{ matrix.csp }}-sha256=$(shasum -a 256 image.raw | head -c 64)"
echo "image-efi-${{ matrix.csp }}-sha256=$(sha256sum image.efi | head -c 64)" echo "image-efi-${{ matrix.csp }}-sha256=$(shasum -a 256 image.efi | head -c 64)"
echo "image-initrd-${{ matrix.csp }}-sha256=$(sha256sum image.esp.raw | head -c 64)" echo "image-initrd-${{ matrix.csp }}-sha256=$(shasum -a 256 image.esp.raw | head -c 64)"
echo "image-root-raw-${{ matrix.csp }}-sha256=$(sha256sum image.root-x86-64.raw | head -c 64)" echo "image-root-raw-${{ matrix.csp }}-sha256=$(shasum -a 256 image.root-x86-64.raw | head -c 64)"
echo "image-root-verity-${{ matrix.csp }}-sha256=$(sha256sum image.root-x86-64-verity.raw | head -c 64)" echo "image-root-verity-${{ matrix.csp }}-sha256=$(shasum -a 256 image.root-x86-64-verity.raw | head -c 64)"
echo "image-vmlinuz-${{ matrix.csp }}-sha256=$(sha256sum image.vmlinuz | head -c 64)" echo "image-vmlinuz-${{ matrix.csp }}-sha256=$(shasum -a 256 image.vmlinuz | head -c 64)"
echo "image-raw-changelog-${{ matrix.csp }}-sha256=$(sha256sum image.changelog | head -c 64)" echo "image-raw-changelog-${{ matrix.csp }}-sha256=$(shasum -a 256 image.raw.changelog | head -c 64)"
echo "image-raw-manifest-${{ matrix.csp }}-sha256=$(sha256sum image.manifest | head -c 64)" echo "image-raw-manifest-${{ matrix.csp }}-sha256=$(shasum -a 256 image.raw.manifest | head -c 64)"
} | tee -a "$GITHUB_OUTPUT" } | tee -a "$GITHUB_OUTPUT"
- name: Upload raw OS image as artifact - name: Upload raw OS image as artifact

2
.github/workflows/release-cli.yml vendored
View File

@ -135,7 +135,7 @@ jobs:
- name: Generate provenance subjects - name: Generate provenance subjects
id: provenance-subjects id: provenance-subjects
run: | run: |
HASHES=$(sha256sum \ HASHES=$(shasum -a 256 \
constellation-darwin-amd64 \ constellation-darwin-amd64 \
constellation-darwin-arm64 \ constellation-darwin-arm64 \
constellation-linux-amd64 \ constellation-linux-amd64 \

4
.github/workflows/test-tidy.yml vendored
View File

@ -70,7 +70,7 @@ jobs:
fi fi
echo "Detected changes after tidy" echo "Detected changes after tidy"
echo "untidy=true" | tee -a "$GITHUB_OUTPUT" echo "untidy=true" | tee -a "$GITHUB_OUTPUT"
diffsum=$(echo "$diff" | sha256sum | cut -d' ' -f1) diffsum=$(echo "$diff" | shasum -a 256 | cut -d' ' -f1)
echo "diffsum=${diffsum}" | tee -a "$GITHUB_OUTPUT" echo "diffsum=${diffsum}" | tee -a "$GITHUB_OUTPUT"
- name: Run Bazel generate - name: Run Bazel generate
@ -82,7 +82,7 @@ jobs:
shell: bash shell: bash
run: | run: |
diff=$(git diff) diff=$(git diff)
diffsum=$(echo "$diff" | sha256sum| cut -d' ' -f1) diffsum=$(echo "$diff" | shasum -a 256| cut -d' ' -f1)
if [[ "${{ steps.untidy.outputs.diffsum }}" == "${diffsum}" ]]; then if [[ "${{ steps.untidy.outputs.diffsum }}" == "${diffsum}" ]]; then
echo "Everything is tidy." echo "Everything is tidy."
echo "ungenerated=false" | tee -a "$GITHUB_OUTPUT" echo "ungenerated=false" | tee -a "$GITHUB_OUTPUT"

2
e2e/miniconstellation/test-remote.sh
View File

@ -11,7 +11,7 @@ debug_info() {
echo "Getting debug info" echo "Getting debug info"
sha256sum ./*.raw shasum -a 256 ./*.raw
ls -lisah ls -lisah

2
hack/docgen-builder/build-and-upload.sh
View File

@ -39,7 +39,7 @@ for arch in "amd64" "arm64"; do
for os in "linux" "darwin"; do for os in "linux" "darwin"; do
echo "Building and uploading talos-docgen-${os}-${arch}" echo "Building and uploading talos-docgen-${os}-${arch}"
CGO_ENABLED="0" GOWORK="" GOOS="${os}" GOARCH="${arch}" go build -trimpath -ldflags="-buildid=" -o "talos-docgen-${os}-${arch}" . CGO_ENABLED="0" GOWORK="" GOOS="${os}" GOARCH="${arch}" go build -trimpath -ldflags="-buildid=" -o "talos-docgen-${os}-${arch}" .
sum=$(sha256sum "talos-docgen-${os}-${arch}" | cut -d ' ' -f1) && echo "Binary sha256sum: ${sum}" sum=$(shasum -a 256 "talos-docgen-${os}-${arch}" | cut -d ' ' -f1) && echo "Binary sha256: ${sum}"
file "talos-docgen-${os}-${arch}" file "talos-docgen-${os}-${arch}"
aws s3 "${awsFlags[@]}" cp "./talos-docgen-${os}-${arch}" "${s3CASPath}/${sum}" aws s3 "${awsFlags[@]}" cp "./talos-docgen-${os}-${arch}" "${s3CASPath}/${sum}"
echo echo

2
hack/pseudo-version/pseudo_version_tool_freshness.sh.in
View File

@ -31,7 +31,7 @@ platforms=(
) )
for platform in "${platforms[@]}"; do for platform in "${platforms[@]}"; do
computed_hash=$(sha256sum "${pseudo_version_tools[$platform]}" | cut -d' ' -f1) computed_hash=$(shasum -a 256 "${pseudo_version_tools[$platform]}" | cut -d' ' -f1)
# compare hash to saved hash in ${BUILD_WORKSPACE_DIRECTORY}/tools/pseudo_version_${platform}.sha256 # compare hash to saved hash in ${BUILD_WORKSPACE_DIRECTORY}/tools/pseudo_version_${platform}.sha256
saved_hash=$(cat "${BUILD_WORKSPACE_DIRECTORY}/tools/pseudo_version_${platform}.sha256") saved_hash=$(cat "${BUILD_WORKSPACE_DIRECTORY}/tools/pseudo_version_${platform}.sha256")
if [[ ${computed_hash} != "${saved_hash}" ]]; then if [[ ${computed_hash} != "${saved_hash}" ]]; then

6
image/measured-boot/precalculate_pcr_12.sh
View File

@ -26,7 +26,7 @@ cmdline_measure() {
# convert to utf-16le and add a null terminator # convert to utf-16le and add a null terminator
iconv -f utf-8 -t utf-16le "${path}" -o "${tmp}" iconv -f utf-8 -t utf-16le "${path}" -o "${tmp}"
truncate -s +2 "${tmp}" truncate -s +2 "${tmp}"
sha256sum "${tmp}" | cut -d " " -f 1 shasum -a 256 "${tmp}" | cut -d " " -f 1
rm "${tmp}" rm "${tmp}"
} }
@ -62,11 +62,11 @@ cmdline_hash=$(cmdline_measure "${DIR}/cmdline")
cleanup "${DIR}" cleanup "${DIR}"
expected_pcr_12=0000000000000000000000000000000000000000000000000000000000000000 expected_pcr_12=0000000000000000000000000000000000000000000000000000000000000000
expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "sha256sum") expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "shasum -a 256")
if [[ ${CSP} == "azure" ]]; then if [[ ${CSP} == "azure" ]]; then
# Azure displays the boot menu # Azure displays the boot menu
# triggering an extra measurement of the kernel command line. # triggering an extra measurement of the kernel command line.
expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "sha256sum") expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "shasum -a 256")
fi fi
echo "Kernel commandline: ${cmdline}" echo "Kernel commandline: ${cmdline}"

2
image/measured-boot/precalculate_pcr_9.sh
View File

@ -20,7 +20,7 @@ get_initrd_from_uki() {
initrd_measure() { initrd_measure() {
local path="$1" local path="$1"
sha256sum "${path}" | cut -d " " -f 1 shasum -a 256 "${path}" | cut -d " " -f 1
} }
write_output() { write_output() {

2
tools/update-pseudo-version-tool.sh
View File

@ -21,7 +21,7 @@ for platform in "${platforms[@]}"; do
echo "Building for ${platform}..." echo "Building for ${platform}..."
target="//hack/pseudo-version:pseudo_version_${platform}" target="//hack/pseudo-version:pseudo_version_${platform}"
cp "$(bazel cquery --config nostamp --output=files "${target}")" "${dir}/pseudo_version_${platform}" cp "$(bazel cquery --config nostamp --output=files "${target}")" "${dir}/pseudo_version_${platform}"
sha256="$(sha256sum "${dir}/pseudo_version_${platform}" | cut -d ' ' -f 1)" sha256="$(shasum -a 256 "${dir}/pseudo_version_${platform}" | cut -d ' ' -f 1)"
echo "${platform} ${sha256}" | tee -a "${dir}/checksums.txt" echo "${platform} ${sha256}" | tee -a "${dir}/checksums.txt"
aws s3 cp "${dir}/pseudo_version_${platform}" "s3://${bucket}/constellation/cas/sha256/${sha256}" aws s3 cp "${dir}/pseudo_version_${platform}" "s3://${bucket}/constellation/cas/sha256/${sha256}"
echo "${sha256}" > "${workspace_dir}/tools/pseudo_version_${platform}.sha256" echo "${sha256}" > "${workspace_dir}/tools/pseudo_version_${platform}.sha256"