Skip to content

Commit c0b3cb0

Browse files
danish9039Copilot
danish9039
and
Copilot
authored
test(ci): harden Kustomize checksum verification (#3368)
* test(ci): harden Kustomize checksum verification Signed-off-by: danish9039 <danishsiddiqui040@gmail.com> * Update tests/install_KinD_create_KinD_cluster_install_kustomize.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: hippie-danish <133037056+danish9039@users.noreply.github.com> --------- Signed-off-by: danish9039 <danishsiddiqui040@gmail.com> Signed-off-by: hippie-danish <133037056+danish9039@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 parent 27d176e commit c0b3cb0

1 file changed

Lines changed: 8 additions & 3 deletions

File tree

tests/install_KinD_create_KinD_cluster_install_kustomize.sh

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -68,13 +68,18 @@ kubectl cluster-info
6868

6969
echo "Install Kustomize ..."
7070
{
71-
curl --silent --location --remote-name "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"
72-
curl --silent --location "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/checksums.txt" | grep "linux_amd64" > checksums.txt
71+
KUSTOMIZE_ASSET="kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"
72+
curl --fail --show-error --silent --location --remote-name "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/${KUSTOMIZE_ASSET}"
73+
curl --fail --show-error --silent --location "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/checksums.txt" | grep " ${KUSTOMIZE_ASSET}$" > checksums.txt
74+
if [ "$(wc -l < checksums.txt)" -ne 1 ]; then
75+
echo "Failed to verify Kustomize checksums: expected exactly one checksum entry for ${KUSTOMIZE_ASSET}"
76+
exit 1
77+
fi
7378
if ! sha256sum --check checksums.txt; then
7479
echo "Failed to verify Kustomize checksums"
7580
exit 1
7681
fi
77-
tar -xzvf "kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"
82+
tar -xzvf "${KUSTOMIZE_ASSET}"
7883
chmod a+x kustomize
7984
sudo mv kustomize /usr/local/bin/kustomize
8085
} || { echo "Failed to install Kustomize"; exit 1; }

0 commit comments

Comments
 (0)