diff --git a/SPECS/helm/generate_source_tarball.sh b/SPECS/helm/generate_source_tarball.sh index d710ad54dc2..b6fdf986844 100755 --- a/SPECS/helm/generate_source_tarball.sh +++ b/SPECS/helm/generate_source_tarball.sh @@ -9,14 +9,12 @@ PKG_VERSION="" SRC_TARBALL="" OUT_FOLDER="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -# parameters: -# -# --srcTarball : src tarball file -# this file contains the 'initial' source code of the component -# and should be replaced with the new/modified src code -# --outFolder : folder where to copy the new tarball(s) -# --pkgVersion : package version -# +# --srcTarball : src tarball file +# this file contains the 'initial' source code of the component +# and should be replaced with the new/modified src code +# --outFolder : folder where to copy the new tarball(s) +# --pkgVersion : package version +# --vendorVersion : vendor version PARAMS="" while (( "$#" )); do case "$1" in @@ -47,6 +45,15 @@ while (( "$#" )); do exit 1 fi ;; + --vendorVersion) + if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then + VENDOR_VERSION=$2 + shift 2 + else + echo "Error: Argument for $1 is missing" >&2 + exit 1 + fi + ;; -*|--*=) # unsupported flags echo "Error: Unsupported flag $1" >&2 exit 1 @@ -58,9 +65,10 @@ while (( "$#" )); do esac done -echo "--srcTarball -> $SRC_TARBALL" -echo "--outFolder -> $OUT_FOLDER" -echo "--pkgVersion -> $PKG_VERSION" +echo "--srcTarball -> $SRC_TARBALL" +echo "--outFolder -> $OUT_FOLDER" +echo "--pkgVersion -> $PKG_VERSION" +echo "--vendorVersion -> $VENDOR_VERSION" if [ -z "$PKG_VERSION" ]; then echo "--pkgVersion parameter cannot be empty" @@ -79,7 +87,7 @@ pushd $tmpdir > /dev/null NAME="helm" NAME_VER="$NAME-$PKG_VERSION" -VENDOR_TARBALL="$OUT_FOLDER/$NAME_VER-vendor.tar.gz" +VENDOR_TARBALL="$OUT_FOLDER/$NAME_VER-govendor-v$VENDOR_VERSION.tar.gz" echo "Unpacking source tarball..." tar -xf $SRC_TARBALL diff --git a/SPECS/helm/helm.signatures.json b/SPECS/helm/helm.signatures.json index 67c03a1bdd4..fa338a06cf4 100644 --- a/SPECS/helm/helm.signatures.json +++ b/SPECS/helm/helm.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "helm-3.15.2-vendor.tar.gz": "b7b805732765d0976a0cc9e37ba4ce1c0a92a03c6c6257330ebfd50f860896dc", + "helm-3.15.2-govendor-v1.tar.gz": "b7b805732765d0976a0cc9e37ba4ce1c0a92a03c6c6257330ebfd50f860896dc", "helm-3.15.2.tar.gz": "c26b74f855cd403183729f24be5a60ed6ed018d2855f0d9caf99cacb127f34b2" } } diff --git a/SPECS/helm/helm.spec b/SPECS/helm/helm.spec index 9c31d5446dd..0bf4c7b6923 100644 --- a/SPECS/helm/helm.spec +++ b/SPECS/helm/helm.spec @@ -2,7 +2,7 @@ Name: helm Version: 3.15.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Kubernetes Package Manager Group: Applications/Networking License: Apache 2.0 @@ -10,20 +10,7 @@ Vendor: Microsoft Corporation Distribution: Azure Linux Url: https://helm.sh/ Source0: https://github.com/helm/helm/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -# Below is a manually created tarball, no download link. -# We're using pre-populated Go modules from this tarball, since network is disabled during build time. -# How to re-build this file: -# 1. wget https://github.com/helm/helm/archive/v%%{version}.tar.gz -O %%{name}-%%{version}.tar.gz -# 2. tar -xf %%{name}-%%{version}.tar.gz -# 3. cd %%{name}-%%{version} -# 4. go mod vendor -# 5. tar --sort=name \ -# --mtime="2021-04-26 00:00Z" \ -# --owner=0 --group=0 --numeric-owner \ -# --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \ -# -cf %%{name}-%%{version}-vendor.tar.gz vendor -# -Source1: %{name}-%{version}-vendor.tar.gz +Source1: %{name}-%{version}-govendor-v1.tar.gz Patch0: CVE-2024-45338.patch BuildRequires: golang @@ -55,6 +42,9 @@ install -m 755 ./helm %{buildroot}%{_bindir} go test -v ./cmd/helm %changelog +* Wed Jan 29 2025 Mykhailo Bykhovtsev - 3.15.2-3 +- Change vendor naming convention to match other go packages. + * Tue Dec 31 2024 Rohit Rawat - 3.15.2-2 - Add patch for CVE-2024-45338