Skip to content

Commit

Permalink
Fix installing latest git from PPA in bionic (#1056)
Browse files Browse the repository at this point in the history
* add failing bionic test

* Enforce keyserver test order (fixes #1055)

* bump feature version

* remove check for gettext

* update centos7 .repo files to reference vault.centos.org instead of mirrorlist.centos.org

* fix centos7 build from source
  • Loading branch information
trxcllnt authored Jul 26, 2024
1 parent 648c8d5 commit 788017f
Show file tree
Hide file tree
Showing 4 changed files with 58 additions and 30 deletions.
5 changes: 3 additions & 2 deletions src/git/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "git",
"version": "1.3.1",
"version": "1.3.2",
"name": "Git (from source)",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/git",
"description": "Install an up-to-date version of Git, built from source as needed. Useful for when you want the latest and greatest features. Auto-detects latest stable version and installs needed dependencies.",
Expand All @@ -9,6 +9,7 @@
"type": "string",
"proposals": [
"latest",
"system",
"os-provided"
],
"default": "os-provided",
Expand All @@ -23,4 +24,4 @@
"installsAfter": [
"ghcr.io/devcontainers/features/common-utils"
]
}
}
56 changes: 29 additions & 27 deletions src/git/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,20 @@ elif [ "${ID}" = "alpine" ]; then
ADJUSTED_ID="alpine"
elif [[ "${ID}" = "rhel" || "${ID}" = "fedora" || "${ID}" = "mariner" || "${ID_LIKE}" = *"rhel"* || "${ID_LIKE}" = *"fedora"* || "${ID_LIKE}" = *"mariner"* ]]; then
ADJUSTED_ID="rhel"
VERSION_CODENAME="${ID}{$VERSION_ID}"
VERSION_CODENAME="${ID}${VERSION_ID}"
else
echo "Linux distro ${ID} not supported."
exit 1
fi

if [ "${ADJUSTED_ID}" = "rhel" ] && [ "${VERSION_CODENAME-}" = "centos7" ]; then
# As of 1 July 2024, mirrorlist.centos.org no longer exists.
# Update the repo files to reference vault.centos.org.
sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
fi

if type apt-get > /dev/null 2>&1; then
INSTALL_CMD=apt-get
elif type apk > /dev/null 2>&1; then
Expand Down Expand Up @@ -66,37 +74,41 @@ clean_up

# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)

local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable

if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi

for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
test_keyserver() {
local keyserver="$1"
local keyserver_curl_url="$2"
if curl -s ${curl_args} --max-time 5 "${keyserver_curl_url}" > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
}

# Explicitly test these in order because Bash v4.4.20 (Ubuntu Bionic)
# enumerates associative array keys in a different order than Bash v5
test_keyserver "hkp://keyserver.ubuntu.com" "http://keyserver.ubuntu.com:11371"
test_keyserver "hkp://keyserver.ubuntu.com:80" "http://keyserver.ubuntu.com"
test_keyserver "hkp://keyserver.pgp.com" "http://keyserver.pgp.com:11371"
# Test this server last because keys.openpgp.org strips user IDs from keys unless
# the owner gives permission, which causes gpg in Ubuntu Bionic to reject the key
# (https://github.com/devcontainers/features/issues/1055)
test_keyserver "hkps://keys.openpgp.org" "https://keys.openpgp.org"

if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}

# Import the specified key in a variable name passed in as
# Import the specified key in a variable name passed in as
receive_gpg_keys() {
local keys=${!1}
local keyring_args=""
Expand All @@ -109,7 +121,7 @@ receive_gpg_keys() {
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi

# Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME}
Expand All @@ -119,7 +131,7 @@ receive_gpg_keys() {
local retry_count=0
local gpg_ok="false"
set +e
until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ];
until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ];
do
echo "(*) Downloading GPG key..."
( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys) 2>&1 && gpg_ok="true"
Expand Down Expand Up @@ -224,7 +236,7 @@ if ([ "${GIT_VERSION}" = "latest" ] || [ "${GIT_VERSION}" = "lts" ] || [ "${GIT_
receive_gpg_keys GIT_CORE_PPA_ARCHIVE_GPG_KEY /usr/share/keyrings/gitcoreppa-archive-keyring.gpg
echo -e "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gitcoreppa-archive-keyring.gpg] http://ppa.launchpad.net/git-core/ppa/ubuntu ${VERSION_CODENAME} main\ndeb-src [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gitcoreppa-archive-keyring.gpg] http://ppa.launchpad.net/git-core/ppa/ubuntu ${VERSION_CODENAME} main" > /etc/apt/sources.list.d/git-core-ppa.list
${INSTALL_CMD} update
${INSTALL_CMD} -y install --no-install-recommends git
${INSTALL_CMD} -y install --no-install-recommends git
rm -rf "/tmp/tmp-gnupg"
rm -rf /var/lib/apt/lists/*
exit 0
Expand Down Expand Up @@ -254,17 +266,7 @@ elif [ "${ADJUSTED_ID}" = "alpine" ]; then
check_packages asciidoc curl-dev expat-dev g++ gcc openssl-dev pcre2-dev perl-dev perl-error python3-dev tcl tk xmlto

elif [ "${ADJUSTED_ID}" = "rhel" ]; then

if [ $VERSION_CODENAME = "centos7" ]; then
check_packages centos-release-scl
check_packages devtoolset-11
source /opt/rh/devtoolset-11/enable
else
check_packages gcc
fi


check_packages libcurl-devel expat-devel gettext-devel openssl-devel perl-devel zlib-devel cmake pcre2-devel tar gzip ca-certificates
check_packages gcc libcurl-devel expat-devel gettext-devel openssl-devel perl-devel zlib-devel cmake pcre2-devel tar gzip ca-certificates
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
Expand Down
16 changes: 16 additions & 0 deletions test/git/install_git_from_ppa_bionic.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash

set -e

# Optional: Import test library
source dev-container-features-test-lib

# Definition specific tests
check "version" git --version

cd /tmp && git clone https://github.com/devcontainers/feature-starter.git
cd feature-starter
check "perl" bash -c "git -c grep.patternType=perl grep -q 'a.+b'"

# Report result
reportResults
11 changes: 10 additions & 1 deletion test/git/scenarios.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,15 @@
}
}
},
"install_git_from_ppa_bionic": {
"image": "ubuntu:bionic",
"features": {
"git": {
"version": "latest",
"ppa": "true"
}
}
},
"install_git_from_src_bionic": {
"image": "ubuntu:bionic",
"features": {
Expand Down Expand Up @@ -188,4 +197,4 @@
}
}
}
}
}

0 comments on commit 788017f

Please sign in to comment.