From fc362c970aa152f8c0d596f5a81cfc453a2e5eec Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Wed, 31 Jul 2024 11:27:31 -0700 Subject: [PATCH] Upgrade to git ls-remote for openssl releases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit instead of html scraping 😅 now that it is hosted on github --- 3.12/alpine/Dockerfile | 2 +- 3.12/ubuntu/Dockerfile | 2 +- 3.13/alpine/Dockerfile | 2 +- 3.13/ubuntu/Dockerfile | 2 +- 4.0-rc/alpine/Dockerfile | 2 +- 4.0-rc/ubuntu/Dockerfile | 2 +- Dockerfile-alpine.template | 2 +- Dockerfile-ubuntu.template | 2 +- versions.sh | 25 +++++++++++++++++-------- 9 files changed, 25 insertions(+), 16 deletions(-) diff --git a/3.12/alpine/Dockerfile b/3.12/alpine/Dockerfile index 57f86fb2..0dffdff7 100644 --- a/3.12/alpine/Dockerfile +++ b/3.12/alpine/Dockerfile @@ -50,7 +50,7 @@ RUN set -eux; \ # /usr/local/src doesn't exist in Alpine by default mkdir -p /usr/local/src; \ \ - OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ + OPENSSL_SOURCE_URL="https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \ \ diff --git a/3.12/ubuntu/Dockerfile b/3.12/ubuntu/Dockerfile index bb842620..0a8f3d0c 100644 --- a/3.12/ubuntu/Dockerfile +++ b/3.12/ubuntu/Dockerfile @@ -50,7 +50,7 @@ ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl # gnupg: Required to verify OpenSSL artefacts # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli RUN set -eux; \ - OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ + OPENSSL_SOURCE_URL="https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \ \ diff --git a/3.13/alpine/Dockerfile b/3.13/alpine/Dockerfile index cf9c34cf..585507c0 100644 --- a/3.13/alpine/Dockerfile +++ b/3.13/alpine/Dockerfile @@ -50,7 +50,7 @@ RUN set -eux; \ # /usr/local/src doesn't exist in Alpine by default mkdir -p /usr/local/src; \ \ - OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ + OPENSSL_SOURCE_URL="https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \ \ diff --git a/3.13/ubuntu/Dockerfile b/3.13/ubuntu/Dockerfile index 6fb73d86..e7357b38 100644 --- a/3.13/ubuntu/Dockerfile +++ b/3.13/ubuntu/Dockerfile @@ -50,7 +50,7 @@ ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl # gnupg: Required to verify OpenSSL artefacts # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli RUN set -eux; \ - OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ + OPENSSL_SOURCE_URL="https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \ \ diff --git a/4.0-rc/alpine/Dockerfile b/4.0-rc/alpine/Dockerfile index e693f4fb..648c98bd 100644 --- a/4.0-rc/alpine/Dockerfile +++ b/4.0-rc/alpine/Dockerfile @@ -50,7 +50,7 @@ RUN set -eux; \ # /usr/local/src doesn't exist in Alpine by default mkdir -p /usr/local/src; \ \ - OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ + OPENSSL_SOURCE_URL="https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \ \ diff --git a/4.0-rc/ubuntu/Dockerfile b/4.0-rc/ubuntu/Dockerfile index caa1d4fb..6cc0400d 100644 --- a/4.0-rc/ubuntu/Dockerfile +++ b/4.0-rc/ubuntu/Dockerfile @@ -50,7 +50,7 @@ ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl # gnupg: Required to verify OpenSSL artefacts # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli RUN set -eux; \ - OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ + OPENSSL_SOURCE_URL="https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \ \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 114f9daa..435ea08f 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -84,7 +84,7 @@ RUN set -eux; \ # /usr/local/src doesn't exist in Alpine by default mkdir -p /usr/local/src; \ \ - OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ + OPENSSL_SOURCE_URL="https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \ \ diff --git a/Dockerfile-ubuntu.template b/Dockerfile-ubuntu.template index 6a14f748..96b18b64 100644 --- a/Dockerfile-ubuntu.template +++ b/Dockerfile-ubuntu.template @@ -84,7 +84,7 @@ ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl # gnupg: Required to verify OpenSSL artefacts # libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli RUN set -eux; \ - OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ + OPENSSL_SOURCE_URL="https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \ \ diff --git a/versions.sh b/versions.sh index 6a871fd5..83e1a9f0 100755 --- a/versions.sh +++ b/versions.sh @@ -123,18 +123,27 @@ for version in "${versions[@]}"; do export otpVersion otpSourceSha256 opensslMajor="${opensslMajors[$rcVersion]}" - opensslVersion="$( - wget -qO- 'https://www.openssl.org/source/' \ - | grep -oE 'href="openssl-'"$opensslMajor"'[^"]+[.]tar[.]gz"' \ - | sed -e 's/^href="openssl-//' -e 's/[.]tar[.]gz"//' \ - | sort -uV \ - | tail -1 - )" + # grab versions from upstream and ignore any alpha/beta releases + opensslVersions=( $( + git ls-remote --tags https://github.com/openssl/openssl.git \ + "refs/tags/openssl-$opensslMajor.*"\ + | cut -d'/' -f3- \ + | cut -d'^' -f1 \ + | cut -d- -f2- \ + | grep -vE -- '-[A-Za-z]+' \ + | sort -urV + ) ) + opensslVersion= + for possibleVersion in "${opensslVersions[@]}"; do + if opensslSourceSha256="$(wget -qO- "https://github.com/openssl/openssl/releases/download/openssl-$possibleVersion/openssl-$possibleVersion.tar.gz.sha256")"; then + opensslVersion="$possibleVersion" + break + fi + done if [ -z "$opensslVersion" ]; then echo >&2 "warning: failed to get OpenSSL version for '$version' ($fullVersion); skipping" continue fi - opensslSourceSha256="$(wget -qO- "https://www.openssl.org/source/openssl-$opensslVersion.tar.gz.sha256")" export opensslVersion opensslSourceSha256 # OpenSSL 3.0.5's sha256 file starts with a single space 😬