merge branch 'pr-3481' into release-1.1

Kir Kolyshkin (2):
  script/seccomp.sh: check tarball sha256
  Dockerfile,scripts/release: bump libseccomp to v2.5.4

LGTMs: AkihiroSuda cyphar
Closes #3481
This commit is contained in:
Aleksa Sarai
2022-05-27 12:18:12 +10:00
3 changed files with 10 additions and 3 deletions
+1 -1
View File
@@ -1,6 +1,6 @@
ARG GO_VERSION=1.17
ARG BATS_VERSION=v1.3.0
ARG LIBSECCOMP_VERSION=2.5.3
ARG LIBSECCOMP_VERSION=2.5.4
FROM golang:${GO_VERSION}-bullseye
ARG DEBIAN_FRONTEND=noninteractive
+1 -1
View File
@@ -19,7 +19,7 @@ set -e
## --->
# Project-specific options and functions. In *theory* you shouldn't need to
# touch anything else in this script in order to use this elsewhere.
: "${LIBSECCOMP_VERSION:=2.5.3}"
: "${LIBSECCOMP_VERSION:=2.5.4}"
project="runc"
root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")"
+8 -1
View File
@@ -5,6 +5,11 @@ set -e -u -o pipefail
# shellcheck source=./script/lib.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
# sha256 checksums for seccomp release tarballs.
declare -A SECCOMP_SHA256=(
["2.5.4"]=d82902400405cf0068574ef3dc1fe5f5926207543ba1ae6f8e7a1576351dcbdb
)
# Due to libseccomp being LGPL we must include its sources,
# so download, install and build against it.
# Parameters:
@@ -19,8 +24,10 @@ function build_libseccomp() {
local arches=("$@")
local tar="libseccomp-${ver}.tar.gz"
# Download and extract.
# Download, check, and extract.
wget "https://github.com/seccomp/libseccomp/releases/download/v${ver}/${tar}"{,.asc}
sha256sum --strict --check - <<<"${SECCOMP_SHA256[${ver}]} *${tar}"
local srcdir
srcdir="$(mktemp -d)"
tar xf "$tar" -C "$srcdir"