Add runtime checking of golang version

Forces other groups packaging k3s to intentionally choose to build k3s with an unvalidated golang version

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
pull/6874/head
Brad Davidson 12 months ago committed by Brad Davidson
parent 5fe074b540
commit b297996b92

@ -14,7 +14,7 @@ ENTRYPOINT ["/bin/test-mods"]
FROM test-base as test-k3s FROM test-base as test-k3s
RUN apk -U --no-cache add git gcc musl-dev docker curl coreutils python3 openssl py3-pip procps findutils RUN apk -U --no-cache add git gcc musl-dev docker curl coreutils python3 openssl py3-pip procps findutils yq
RUN python3 -m pip install awscli RUN python3 -m pip install awscli

@ -20,6 +20,9 @@ import (
) )
func Run(ctx *cli.Context) error { func Run(ctx *cli.Context) error {
// Validate build env
cmds.MustValidateGolang()
// hide process arguments from ps output, since they may contain // hide process arguments from ps output, since they may contain
// database credentials or other secrets. // database credentials or other secrets.
gspt.SetProcTitle(os.Args[0] + " agent") gspt.SetProcTitle(os.Args[0] + " agent")

@ -0,0 +1,27 @@
package cmds
import (
"fmt"
"runtime"
"strings"
"github.com/k3s-io/k3s/pkg/version"
"github.com/sirupsen/logrus"
)
func ValidateGolang() error {
k8sVersion, _, _ := strings.Cut(version.Version, "+")
if version.UpstreamGolang == "" {
return fmt.Errorf("kubernetes golang build version not set - see 'golang: upstream version' in https://github.com/kubernetes/kubernetes/blob/%s/build/dependencies.yaml", k8sVersion)
}
if v, _, _ := strings.Cut(runtime.Version(), " "); version.UpstreamGolang != v {
return fmt.Errorf("incorrect golang build version - kubernetes %s should be built with %s, runtime version is %s", k8sVersion, version.UpstreamGolang, v)
}
return nil
}
func MustValidateGolang() {
if err := ValidateGolang(); err != nil {
logrus.Fatalf("Failed to validate golang version: %v", err)
}
}

@ -49,6 +49,8 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
var ( var (
err error err error
) )
// Validate build env
cmds.MustValidateGolang()
// hide process arguments from ps output, since they may contain // hide process arguments from ps output, since they may contain
// database credentials or other secrets. // database credentials or other secrets.

@ -7,4 +7,6 @@ var (
ProgramUpper = strings.ToUpper(Program) ProgramUpper = strings.ToUpper(Program)
Version = "dev" Version = "dev"
GitCommit = "HEAD" GitCommit = "HEAD"
UpstreamGolang = ""
) )

@ -22,6 +22,7 @@ buildDate=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
VERSIONFLAGS=" VERSIONFLAGS="
-X ${PKG}/pkg/version.Version=${VERSION} -X ${PKG}/pkg/version.Version=${VERSION}
-X ${PKG}/pkg/version.GitCommit=${COMMIT:0:8} -X ${PKG}/pkg/version.GitCommit=${COMMIT:0:8}
-X ${PKG}/pkg/version.UpstreamGolang=${VERSION_GOLANG}
-X ${PKG_K8S_CLIENT}/version.gitVersion=${VERSION} -X ${PKG_K8S_CLIENT}/version.gitVersion=${VERSION}
-X ${PKG_K8S_CLIENT}/version.gitCommit=${COMMIT} -X ${PKG_K8S_CLIENT}/version.gitCommit=${COMMIT}

@ -29,10 +29,8 @@ if [ -n "$DIRTY" ]; then
fi fi
echo Running: go version echo Running: go version
DEPENDENCIES_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/${VERSION_K8S}/build/dependencies.yaml" if ! go version | grep -s "go version ${VERSION_GOLANG} "; then
GOLANG_VERSION=$(curl -sL "${DEPENDENCIES_URL}" | yq e '.dependencies[] | select(.name == "golang: upstream version").version' -) echo "Unexpected $(go version) - Kubernetes ${VERSION_K8S} should be built with go version ${VERSION_GOLANG}"
if ! go version | grep -s "go version go${GOLANG_VERSION} "; then
echo "Unexpected $(go version) - Kubernetes ${VERSION_K8S} should be built with go version go${GOLANG_VERSION}"
exit 1 exit 1
fi fi

@ -77,6 +77,9 @@ fi
VERSION_ROOT="v0.12.2" VERSION_ROOT="v0.12.2"
DEPENDENCIES_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/${VERSION_K8S}/build/dependencies.yaml"
VERSION_GOLANG="go"$(curl -sL "${DEPENDENCIES_URL}" | yq e '.dependencies[] | select(.name == "golang: upstream version").version' -)
if [[ -n "$GIT_TAG" ]]; then if [[ -n "$GIT_TAG" ]]; then
if [[ ! "$GIT_TAG" =~ ^"$VERSION_K8S"[+-] ]]; then if [[ ! "$GIT_TAG" =~ ^"$VERSION_K8S"[+-] ]]; then
echo "Tagged version '$GIT_TAG' does not match expected version '$VERSION_K8S[+-]*'" >&2 echo "Tagged version '$GIT_TAG' does not match expected version '$VERSION_K8S[+-]*'" >&2

Loading…
Cancel
Save