forked from containers/conmon-rs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
get
executable file
·99 lines (85 loc) · 2.6 KB
/
get
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/env bash
set -euo pipefail
BASE_URL=https://storage.googleapis.com/cri-o/conmon-rs
COMMIT=
OUTPUT=conmonrs
usage() {
printf "Usage: %s [ -t SHA ] [ -h ]\n\n" "$(basename "$0")"
echo "Possible arguments:"
printf " -o\tOutput path for the downloaded binary (defaults to './conmonrs')\n"
printf " -t\tFull length SHA to be used (defaults to the latest available main)\n"
printf " -h\tShow this help message\n"
}
parse_args() {
echo "Welcome to the conmon-rs install script!"
while getopts 'o:t:h' OPTION; do
case "$OPTION" in
o)
OUTPUT="$OPTARG"
echo "Using output path: $OUTPUT"
;;
t)
COMMIT="$OPTARG"
echo "Using commit: $COMMIT"
;;
h)
usage
exit 0
;;
?)
usage
exit 1
;;
esac
done
}
verify_requirements() {
CMDS=(curl)
echo "Checking if all commands are available: ${CMDS[*]}"
for CMD in "${CMDS[@]}"; do
if ! command -v "$CMD" >/dev/null; then
echo "Command $CMD not available but required"
exit 1
fi
done
}
curl_retry() {
curl -sSfL --retry 5 --retry-delay 3 "$@"
}
download_binary() {
if [[ $COMMIT == "" ]]; then
COMMIT=$(curl_retry $BASE_URL/latest-main.txt)
fi
echo "Using commit $COMMIT"
mkdir -p "$(dirname "$OUTPUT")"
if command -v cosign >/dev/null; then
echo "Found cosign, verifying binary signature"
TMPDIR=$(mktemp -d)
trap 'rm -rf $TMPDIR' EXIT
pushd "$TMPDIR" >/dev/null
FILES=(conmonrs conmonrs.sig conmonrs.cert)
for FILE in "${FILES[@]}"; do
curl_retry "$BASE_URL/$COMMIT/$FILE" -o "$FILE"
done
SLUG=containers/conmon-rs
GIT_REF=refs/heads/main
cosign verify-blob conmonrs \
--certificate-identity "https://github.com/$SLUG/.github/workflows/ci.yml@$GIT_REF" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-name ci \
--certificate-github-workflow-repository "$SLUG" \
--certificate-github-workflow-ref $GIT_REF \
--signature conmonrs.sig \
--certificate conmonrs.cert
popd >/dev/null
mv "$TMPDIR/conmonrs" "$OUTPUT"
else
curl_retry "$BASE_URL/$COMMIT/conmonrs" -o "$OUTPUT"
fi
chmod +x "$OUTPUT"
printf "Installed binary into: %s\n\n" "$OUTPUT"
eval "$(realpath "$OUTPUT")" -v
}
parse_args "$@"
verify_requirements
download_binary