Browse code
Use sha256sum instead of gpg for verification
gpg verification requires network connectivity which is non
mirrorable. We try to avoid that in devstack whenever possible. A
sha256sum is a totally reasonable way of knowing if the downloaded
package is valid.
Closes-Bug: #1693092
Change-Id: Id496ab53f76444f08dc6961f1ecd25f450cc96d7
Sean Dague authored on 2017/05/24 20:56:10Showing 1 changed files
| ... | ... |
@@ -29,6 +29,10 @@ ETCD_VERSION=${ETCD_VERSION:-v3.1.7}
|
| 29 | 29 |
ETCD_DATA_DIR="$DEST/data/etcd" |
| 30 | 30 |
ETCD_SYSTEMD_SERVICE="devstack@etcd.service" |
| 31 | 31 |
ETCD_BIN_DIR="$DEST/bin" |
| 32 |
+ETCD_SHA256_AMD64="4fde194bbcd259401e2b5c462dfa579ee7f6af539f13f130b8f5b4f52e3b3c52" |
|
| 33 |
+# NOTE(sdague): etcd v3.1.7 doesn't have anything for these architectures, though 3.2.0 does. |
|
| 34 |
+ETCD_SHA256_ARM64="" |
|
| 35 |
+ETCD_SHA256_PPC64="" |
|
| 32 | 36 |
|
| 33 | 37 |
if is_ubuntu ; then |
| 34 | 38 |
UBUNTU_RELEASE_BASE_NUM=`lsb_release -r | awk '{print $2}' | cut -d '.' -f 1`
|
| ... | ... |
@@ -82,14 +86,19 @@ function _install_etcd {
|
| 82 | 82 |
# Make sure etcd3 downloads the correct architecture |
| 83 | 83 |
if is_arch "x86_64"; then |
| 84 | 84 |
ETCD_ARCH="amd64" |
| 85 |
+ ETCD_SHA256=${ETCD_SHA256:-$ETCD_SHA256_AMD64}
|
|
| 85 | 86 |
elif is_arch "aarch64"; then |
| 86 | 87 |
ETCD_ARCH="arm64" |
| 88 |
+ ETCD_SHA256=${ETCD_SHA256:-$ETCD_SHA256_ARM64}
|
|
| 87 | 89 |
elif is_arch "ppc64le"; then |
| 88 | 90 |
ETCD_ARCH="ppc64le" |
| 91 |
+ ETCD_SHA256=${ETCD_SHA256:-$ETCD_SHA256_PPC64}
|
|
| 89 | 92 |
else |
| 90 | 93 |
exit_distro_not_supported "invalid hardware type - $ETCD_ARCH" |
| 91 | 94 |
fi |
| 92 | 95 |
|
| 96 |
+ ETCD_NAME=etcd-$ETCD_VERSION-linux-$ETCD_ARCH |
|
| 97 |
+ |
|
| 93 | 98 |
# Install the libraries needed. Note: tooz for example does not have a hard dependency on these libraries |
| 94 | 99 |
pip_install etcd3 |
| 95 | 100 |
pip_install etcd3gw |
| ... | ... |
@@ -99,21 +108,18 @@ function _install_etcd {
|
| 99 | 99 |
sudo mkdir -p $ETCD_DATA_DIR |
| 100 | 100 |
|
| 101 | 101 |
# Download and cache the etcd tgz for subsequent use |
| 102 |
- if [ ! -f "$DEST/etcd/etcd-$ETCD_VERSION-linux-$ETCD_ARCH/etcd" ]; then |
|
| 103 |
- mkdir -p $DEST/etcd |
|
| 104 |
- ETCD_DOWNLOAD_FILE=etcd-$ETCD_VERSION-linux-$ETCD_ARCH.tar.gz |
|
| 105 |
- wget $ETCD_DOWNLOAD_URL/$ETCD_VERSION/$ETCD_DOWNLOAD_FILE -O $DEST/etcd/$ETCD_DOWNLOAD_FILE |
|
| 106 |
- wget $ETCD_DOWNLOAD_URL/$ETCD_VERSION/$ETCD_DOWNLOAD_FILE.asc -O $DEST/etcd/$ETCD_DOWNLOAD_FILE.asc |
|
| 107 |
- |
|
| 108 |
- # use gpg to verify the artifact, use a backup key server in case the first one is down for some reason |
|
| 109 |
- gpg --keyserver hkps.pool.sks-keyservers.net --recv-key FC8A365E || gpg --keyserver pgpkeys.mit.edu --recv-key FC8A365E |
|
| 110 |
- gpg --verify $DEST/etcd/$ETCD_DOWNLOAD_FILE.asc $DEST/etcd/$ETCD_DOWNLOAD_FILE |
|
| 111 |
- |
|
| 112 |
- tar xzvf $DEST/etcd/$ETCD_DOWNLOAD_FILE -C $DEST/etcd |
|
| 113 |
- sudo cp $DEST/etcd/etcd-$ETCD_VERSION-linux-$ETCD_ARCH/etcd $ETCD_BIN_DIR/etcd |
|
| 102 |
+ if [ ! -f "files/etcd-$ETCD_VERSION-linux-$ETCD_ARCH/etcd" ]; then |
|
| 103 |
+ ETCD_DOWNLOAD_FILE=$ETCD_NAME.tar.gz |
|
| 104 |
+ wget $ETCD_DOWNLOAD_URL/$ETCD_VERSION/$ETCD_DOWNLOAD_FILE -O files/$ETCD_DOWNLOAD_FILE |
|
| 105 |
+ echo "${ETCD_SHA256} files/${ETCD_DOWNLOAD_FILE}" > files/etcd.sha256sum
|
|
| 106 |
+ # NOTE(sdague): this should go fatal if this fails |
|
| 107 |
+ sha256sum -c files/etcd.sha256sum |
|
| 108 |
+ |
|
| 109 |
+ tar xzvf files/$ETCD_DOWNLOAD_FILE -C files |
|
| 110 |
+ sudo cp files/$ETCD_NAME/etcd $ETCD_BIN_DIR/etcd |
|
| 114 | 111 |
fi |
| 115 | 112 |
if [ ! -f "$ETCD_BIN_DIR/etcd" ]; then |
| 116 |
- sudo cp $DEST/etcd/etcd-$ETCD_VERSION-linux-$ETCD_ARCH/etcd $ETCD_BIN_DIR/etcd |
|
| 113 |
+ sudo cp files/$ETCD_NAME/etcd $ETCD_BIN_DIR/etcd |
|
| 117 | 114 |
fi |
| 118 | 115 |
} |
| 119 | 116 |
|