Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[aqua-installer] take inputs from stdin for sha256sum #750

Merged
merged 1 commit into from
Jan 21, 2025
Merged

[aqua-installer] take inputs from stdin for sha256sum #750

merged 1 commit into from
Jan 21, 2025

Conversation

Takashi-kun
Copy link
Contributor

@Takashi-kun Takashi-kun commented Jan 21, 2025
edited
Loading

Background

I found aqua-installer failed due to sha256sum usage error

I reproduced following version and logs are them:

$ git rev-parse HEAD
8d6493013230d0568c3ecc9855eea66d785a5f4a
$ uname -rvo
Darwin 24.2.0 Darwin Kernel Version 24.2.0: Fri Dec  6 19:01:59 PST 2024; root:xnu-11215.61.5~2/RELEASE_ARM64_T6000
$ sha256sum --version
sha256sum (Darwin) 1.0

$ ./aqua-installer
[INFO] Installing aqua v2.37.2 for bootstrapping...
[INFO] Downloading https://github.com/aquaproj/aqua/releases/download/v2.37.2/aqua_darwin_arm64.tar.gz ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 6716k  100 6716k    0     0  1227k      0  0:00:05  0:00:05 --:--:-- 1706k
[INFO] Verifying checksum of aqua v2.37.2 ...
usage: sha256sum [-bctwz] [files ...]
$ echo $?
1

WHAT

This PR fixes the above error by adding - to pass arguments from STDIN explicitly.
And I confirmed it seems to be working well on both Linux and macOS

Linux

$ sha256sum --version
sha256sum (GNU coreutils) 8.32
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Ulrich Drepper, Scott Miller, and David Madore.
$ uname -rvo
5.14.0-427.24.1.el9_4.cloud.3.0.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Jul 12 16:48:34 UTC 2024 GNU/Linux
$ ./aqua-installer
[INFO] Installing aqua v2.37.2 for bootstrapping...
[INFO] Downloading https://github.com/aquaproj/aqua/releases/download/v2.37.2/aqua_linux_amd64.tar.gz ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 6906k  100 6906k    0     0  3194k      0  0:00:02  0:00:02 --:--:-- 10.2M
[INFO] Verifying checksum of aqua v2.37.2 ...
aqua_linux_amd64.tar.gz: OK
[INFO] /tmp/tmp.ZNIxUemy2Y/aqua update-aqua
INFO[0000] download and unarchive the package            aqua_version=2.37.2 env=linux/amd64 new_version=v2.42.2 package_name=aquaproj/aqua package_version=v2.42.2 program=aqua registry=
INFO[0002] verify a package with slsa-verifier           aqua_version=2.37.2 env=linux/amd64 new_version=v2.42.2 package_name=aquaproj/aqua package_version=v2.42.2 program=aqua registry=
INFO[0002] download and unarchive the package            aqua_version=2.37.2 env=linux/amd64 new_version=v2.42.2 package_name=slsa-framework/slsa-verifier package_version=v2.6.0 program=aqua registry=
Verified signature against tlog entry index 160522274 at URL: https://rekor.sigstore.dev/api/v1/log/entries/108e9186e8c5677af2f56649a1f83b4a04f67298136401fa8fe2876730df7396cf9a748e3537fcc4
Verified build using builder "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v2.0.0" at commit 13a9cafa216888d815fb7312f8e9a80f1f7fff56
Verifying artifact /tmp/560065472: PASSED

PASSED: SLSA verification passed
INFO[0007] create a symbolic link                        aqua_version=2.37.2 env=linux/amd64 new_version=v2.42.2 package_name=aquaproj/aqua package_version=v2.42.2 program=aqua

===============================================================
[INFO] aqua is installed into xxxx
[INFO] Please add the path to the environment variable "PATH"
[INFO] export PATH=${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH
===============================================================

aqua version 2.42.2 (13a9cafa216888d815fb7312f8e9a80f1f7fff56)
$ echo $?
0

MacOS

$ ./aqua-installer
[INFO] Installing aqua v2.37.2 for bootstrapping...
[INFO] Downloading https://github.com/aquaproj/aqua/releases/download/v2.37.2/aqua_darwin_arm64.tar.gz ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 6716k  100 6716k    0     0  1462k      0  0:00:04  0:00:04 --:--:-- 2197k
[INFO] Verifying checksum of aqua v2.37.2 ...
aqua_darwin_arm64.tar.gz: OK
x LICENSE
x README.md
x aqua
[INFO] /var/folders/pv/cwy8r3rj0gqbdtc7crqk3t1r0000gp/T/tmp.Ra7i0NnGYe/aqua update-aqua
INFO[0000] download and unarchive the package            aqua_version=2.37.2 env=darwin/arm64 new_version=v2.42.2 package_name=aquaproj/aqua package_version=v2.42.2 program=aqua registry=
INFO[0005] verify a package with slsa-verifier           aqua_version=2.37.2 env=darwin/arm64 new_version=v2.42.2 package_name=aquaproj/aqua package_version=v2.42.2 program=aqua registry=
INFO[0005] download and unarchive the package            aqua_version=2.37.2 env=darwin/arm64 new_version=v2.42.2 package_name=slsa-framework/slsa-verifier package_version=v2.6.0 program=aqua registry=
Verified signature against tlog entry index 160522274 at URL: https://rekor.sigstore.dev/api/v1/log/entries/108e9186e8c5677af2f56649a1f83b4a04f67298136401fa8fe2876730df7396cf9a748e3537fcc4
Verified build using builder "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v2.0.0" at commit 13a9cafa216888d815fb7312f8e9a80f1f7fff56
Verifying artifact /var/folders/pv/cwy8r3rj0gqbdtc7crqk3t1r0000gp/T/520181352: PASSED

PASSED: SLSA verification passed
INFO[0018] create a symbolic link                        aqua_version=2.37.2 env=darwin/arm64 new_version=v2.42.2 package_name=aquaproj/aqua package_version=v2.42.2 program=aqua

===============================================================
[INFO] aqua is installed into xxxx
[INFO] Please add the path to the environment variable "PATH"
[INFO] export PATH=${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH
===============================================================

aqua version 2.42.2 (13a9cafa216888d815fb7312f8e9a80f1f7fff56)
$ echo $?
0

@Takashi-kun Takashi-kun marked this pull request as ready for review January 21, 2025 02:24
@suzuki-shunsuke
Copy link
Member

Thank you for your contribution!
But I don't understand why the problem occurs.
In my laptop, the problem doesn't occur.

$ uname -rvo
24.2.0 Darwin Kernel Version 24.2.0: Fri Dec  6 19:02:41 PST 2024; root:xnu-11215.61.5~2/RELEASE_ARM64_T6030 Darwin
# https://github.com/aquaproj/aqua-installer/releases/tag/v3.1.0
$ sha256sum aqua-installer
62fecc49c98bdec0bba1ff1e5c2719f116e235769e0998090a7397473ef631e9  aqua-installer

$ bash ./aqua-installer 
[INFO] Installing aqua v2.37.2 for bootstrapping...
[INFO] Downloading https://github.com/aquaproj/aqua/releases/download/v2.37.2/aqua_darwin_arm64.tar.gz ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 6716k  100 6716k    0     0  4782k      0  0:00:01  0:00:01 --:--:-- 36.0M
[INFO] Verifying checksum of aqua v2.37.2 ...
aqua_darwin_arm64.tar.gz: OK
x LICENSE
x README.md
x aqua
[INFO] /var/folders/fc/1bgyy3_d3x90m_t04qbw5f8m0000gn/T/tmp.RwYeTgj3H9/aqua update-aqua
INFO[0000] download and unarchive the package            aqua_version=2.37.2 env=darwin/arm64 new_version=v2.42.2 package_name=aquaproj/aqua package_version=v2.42.2 program=aqua registry=
Downloading aquaproj/aqua v2.42.2 100% |███████████████████████████████████████████████████████████████████████| (7.2/7.2 MB, 44 MB/s)        
INFO[0001] verify a package with slsa-verifier           aqua_version=2.37.2 env=darwin/arm64 new_version=v2.42.2 package_name=aquaproj/aqua package_version=v2.42.2 program=aqua registry=
Verified signature against tlog entry index 160522274 at URL: https://rekor.sigstore.dev/api/v1/log/entries/108e9186e8c5677af2f56649a1f83b4a04f67298136401fa8fe2876730df7396cf9a748e3537fcc4
Verified build using builder "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v2.0.0" at commit 13a9cafa216888d815fb7312f8e9a80f1f7fff56
Verifying artifact /var/folders/fc/1bgyy3_d3x90m_t04qbw5f8m0000gn/T/244477901: PASSED

PASSED: SLSA verification passed

===============================================================
[INFO] aqua is installed into /Users/shunsukesuzuki/.local/share/aquaproj-aqua/bin/aqua
[INFO] Please add the path to the environment variable "PATH"
[INFO] export PATH=${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH
===============================================================

aqua version 2.42.2 (13a9cafa216888d815fb7312f8e9a80f1f7fff56)

$ echo $?
0

And this problem has never been reported.

@suzuki-shunsuke
Copy link
Member

suzuki-shunsuke commented Jan 21, 2025
edited
Loading 

man sha256sum
       With no FILE, or when FILE is -, read standard input.

GNU coreutils 9.6                                                January 2025                                                    SHA256SUM(1)

$ sha256sum --version
sha256sum (GNU coreutils) 9.6
Copyright (C) 2025 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Ulrich Drepper, Scott Miller, and David Madore.

According to the man page, the current code has no problem in my laptop.
I'm not sure if this depends on the environment.

@suzuki-shunsuke
Copy link
Member

suzuki-shunsuke commented Jan 21, 2025
edited
Loading

I could reproduce the issue using BSD sha256sum.

$ which sha256sum
/sbin/sha256sum

$ bash aqua-installer 
[INFO] Installing aqua v2.37.2 for bootstrapping...
[INFO] Downloading https://github.com/aquaproj/aqua/releases/download/v2.37.2/aqua_darwin_arm64.tar.gz ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 6716k  100 6716k    0     0  5889k      0  0:00:01  0:00:01 --:--:-- 7774k
[INFO] Verifying checksum of aqua v2.37.2 ...
usage: sha256sum [-bctwz] [files ...]

@suzuki-shunsuke suzuki-shunsuke added the bug Something isn't working label Jan 21, 2025
@suzuki-shunsuke suzuki-shunsuke added this to the v3.1.1 milestone Jan 21, 2025
@suzuki-shunsuke suzuki-shunsuke merged commit e2d0136 into aquaproj:main Jan 21, 2025
13 checks passed
@suzuki-shunsuke
Copy link
Member

🎉 https://github.com/aquaproj/aqua-installer/releases/tag/v3.1.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
v3.1.1
Development

Successfully merging this pull request may close these issues.
2 participants
@Takashi-kun @suzuki-shunsuke