diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 33caeac..62eba7f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -65,7 +65,7 @@ jobs: which libtool # Install socket_vmnet to `_output/bin` which is used in $PATH SOCKET_VMNET_TEMP_PREFIX=$(pwd)/_output/ make lima-socket-vmnet - make install.lima-dependencies binaries + make install.lima-dependencies dependencies - name: Run e2e tests shell: zsh {0} run: make test-e2e diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4174ebc..2f572b0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -48,9 +48,7 @@ jobs: brew install cpanm brew upgrade sudo cpanm install JSON - curl -OL https://bitbucket.org/objective-see/deploy/downloads/FileMonitor_1.3.0.zip - rm -rf /Applications/FileMonitor.app - unzip FileMonitor_1.3.0.zip -d /Applications + bash bin/install-file-monitor.sh shell: zsh {0} - name: Make and release deps @@ -109,9 +107,7 @@ jobs: brew install cpanm brew upgrade sudo cpanm install JSON - curl -OL https://bitbucket.org/objective-see/deploy/downloads/FileMonitor_1.3.0.zip - rm -rf /Applications/FileMonitor.app - unzip FileMonitor_1.3.0.zip -d /Applications + bash bin/install-file-monitor.sh shell: zsh {0} - name: Make and release deps diff --git a/.github/workflows/rootfs.yaml b/.github/workflows/rootfs.yaml index 11f65af..6c5dcb6 100644 --- a/.github/workflows/rootfs.yaml +++ b/.github/workflows/rootfs.yaml @@ -63,11 +63,14 @@ jobs: docker container create --platform linux/${{ matrix.arch }} --name ${{ matrix.arch }}-rootfs finch-rootfs-image-production:intermediate docker container export -o finch-rootfs-production-${{ matrix.arch }}.tar ${{ matrix.arch }}-rootfs - gzip -9 -c finch-rootfs-production-${{ matrix.arch }}.tar > finch-rootfs-production-${{ matrix.arch }}-"$TIMESTAMP".tar.gz + compressed_archive=finch-rootfs-production-${{ matrix.arch }}-"$TIMESTAMP".tar.gz + gzip -9 -c finch-rootfs-production-${{ matrix.arch }}.tar > $compressed_archive + sha512sum $compressed_archive | cut -d " " -f 1 > $compressed_archive.sha512sum ARCHPATH="x86-64" if [ ${{ matrix.arch }} == "arm64" ]; then ARCHPATH="aarch64" fi - aws s3 cp ./finch-rootfs-production-${{ matrix.arch }}-"$TIMESTAMP".tar.gz s3://${{ secrets.DEPENDENCY_BUCKET_NAME }}/${{ matrix.platform }}/$ARCHPATH/ + # Upload tarball and shasum to S3 + aws s3 cp ./finch-rootfs-production-${{ matrix.arch }}-"$TIMESTAMP".tar.gz* s3://${{ secrets.DEPENDENCY_BUCKET_NAME }}/${{ matrix.platform }}/$ARCHPATH/ diff --git a/Makefile b/Makefile index 973607d..c8fdf1c 100644 --- a/Makefile +++ b/Makefile @@ -2,228 +2,43 @@ PREFIX ?= $(CURDIR)/_output DEST := $(shell echo "$(DESTDIR)/$(PREFIX)" | sed 's:///*:/:g; s://*$$::') OUTDIR ?= $(CURDIR)/_output -HASH_DIR ?= $(CURDIR)/hashes DOWNLOAD_DIR := $(CURDIR)/downloads -OS_DOWNLOAD_DIR := $(DOWNLOAD_DIR)/os LIMA_DOWNLOAD_DIR := $(DOWNLOAD_DIR)/dependencies LIMA_OUTDIR ?= $(OUTDIR)/lima -ROOTFS_DOWNLOAD_DIR := $(DOWNLOAD_DIR)/os -DEPENDENCIES_DOWNLOAD_DIR := $(DOWNLOAD_DIR)/dependencies -SOCKET_VMNET_TEMP_PREFIX ?= $(OUTDIR)/dependencies/lima-socket_vmnet/opt/finch UNAME := $(shell uname -m) ARCH ?= $(UNAME) BUILD_TS := $(shell date +%s) -# Set these variables if they aren't set, or if they are set to "" -# Allows callers to override these default values -# From https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/ -FINCH_OS_x86_URL := $(or $(FINCH_OS_x86_URL),https://deps.runfinch.com/Fedora-Cloud-Base-40-1.14.x86_64-20240514214655.qcow2) -FINCH_OS_x86_DIGEST := $(or $(FINCH_OS_x86_DIGEST),"sha256:a7d5203d353ea6f5b4de73fdb0f36fe4f58b844c8d401f57015430f553a873c4") -# From https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/aarch64/images/ -FINCH_OS_AARCH64_URL := $(or $(FINCH_OS_AARCH64_URL),https://deps.runfinch.com/Fedora-Cloud-Base-40-1.14.aarch64-20240514214641.qcow2) -FINCH_OS_AARCH64_DIGEST := $(or $(FINCH_OS_AARCH64_DIGEST),"sha256:16268745d1f401cc543cb89bf354c49f8bc3d00ce723d59aa289d21b9c872b60") - -FINCH_ROOTFS_x86_URL := $(or $(FINCH_ROOTFS_x86_URL),https://deps.runfinch.com/common/x86-64/finch-rootfs-production-amd64-1715724303.tar.gz) -FINCH_ROOTFS_x86_DIGEST := $(or $(FINCH_ROOTFS_x86_DIGEST),"sha256:8bf3e620782ac8991102120b80c0d1be259cd880451c900dd7e8bd284c86f171") +OUTPUT_DIRECTORIES=$(OUTDIR) $(DOWNLOAD_DIR) $(LIMA_DOWNLOAD_DIR) $(LIMA_OUTDIR) LIMA_DEPENDENCY_FILE_NAME ?= lima-and-qemu.tar.gz .DEFAULT_GOAL := all -WINGIT_TEMP_DIR := $(CURDIR)/wingit-temp -WINGIT_x86_URL := $(or $(WINGIT_x86_URL),https://github.com/git-for-windows/git/releases/download/v2.42.0.windows.2/Git-2.42.0.2-64-bit.tar.bz2) -WINGIT_x86_BASENAME ?= $(notdir $(WINGIT_x86_URL)) -WINGIT_x86_HASH := $(or $(WINGIT_x86_HASH),"sha256:c192e56f8ed3d364acc87ad04d1f5aa6ae03c23b32b67bf65fcc6f9b8f032e65") - -ifneq (,$(findstring arm64,$(ARCH))) - LIMA_ARCH = aarch64 - LIMA_URL ?= https://deps.runfinch.com/aarch64/lima-and-qemu.macos-aarch64.1715099032.tar.gz - FINCH_OS_BASENAME := $(notdir $(FINCH_OS_AARCH64_URL)) - FINCH_OS_IMAGE_URL := $(FINCH_OS_AARCH64_URL) - FINCH_OS_DIGEST ?= $(FINCH_OS_AARCH64_DIGEST) - # TODO: Use Finch rootfs in Finch on Windows testing - FINCH_ROOTFS_BASENAME := $(notdir $(FINCH_ROOTFS_AARCH64_URL)) - FINCH_ROOTFS_URL ?= $(FINCH_ROOTFS_AARCH64_URL) - FINCH_ROOTFS_DIGEST ?= $(FINCH_ROOTFS_AARCH64_DIGEST) - HOMEBREW_PREFIX ?= /opt/homebrew - -else ifneq (,$(findstring x86_64,$(ARCH))) - LIMA_ARCH = x86_64 - LIMA_URL ?= https://deps.runfinch.com/x86-64/lima-and-qemu.macos-x86_64.1715099032.tar.gz - FINCH_OS_BASENAME := $(notdir $(FINCH_OS_x86_URL)) - FINCH_OS_IMAGE_URL := $(FINCH_OS_x86_URL) - FINCH_OS_DIGEST ?= $(FINCH_OS_x86_DIGEST) - # TODO: Use Finch rootfs in Finch on Windows testing - FINCH_ROOTFS_BASENAME := $(notdir $(FINCH_ROOTFS_x86_URL)) - FINCH_ROOTFS_URL ?= $(FINCH_ROOTFS_x86_URL) - FINCH_ROOTFS_DIGEST ?= $(FINCH_ROOTFS_x86_DIGEST) - HOMEBREW_PREFIX ?= /usr/local - -endif - -FINCH_OS_IMAGE_LOCATION ?= $(OUTDIR)/os/$(FINCH_OS_BASENAME) -FINCH_OS_IMAGE_INSTALLATION_LOCATION ?= $(DEST)/os/$(FINCH_OS_BASENAME) - -FINCH_ROOTFS_LOCATION ?= $(OUTDIR)/os/$(FINCH_ROOTFS_BASENAME) - .PHONY: all -all: binaries +all: dependencies -.PHONY: binaries -.PHONY: download +# dependencies is a make target defined by the respective platform makefile +# pull the required finch core dependencies for the platform. +.PHONY: dependencies -# Rootfs required for Windows, require full OS for Linux and Mac +# Rootfs required for Windows, require full OS for Mac FINCH_IMAGE_LOCATION ?= FINCH_IMAGE_DIGEST ?= FEDORA_YAML ?= BUILD_OS ?= $(OS) ifeq ($(BUILD_OS), Windows_NT) -binaries: rootfs lima -download: download.rootfs -lima: lima-exe install.lima-dependencies-wsl2 -FINCH_IMAGE_LOCATION := $(FINCH_ROOTFS_LOCATION) -FINCH_IMAGE_DIGEST := $(FINCH_ROOTFS_DIGEST) +include Makefile.windows else -binaries: os lima-socket-vmnet lima-template -download: download.os -FINCH_IMAGE_LOCATION := $(FINCH_OS_IMAGE_LOCATION) -FINCH_IMAGE_DIGEST := $(FINCH_OS_DIGEST) -FEDORA_YAML := fedora.yaml +include Makefile.darwin endif -$(OS_DOWNLOAD_DIR)/$(FINCH_OS_BASENAME): - mkdir -p $(OS_DOWNLOAD_DIR) - curl -L --fail $(FINCH_OS_IMAGE_URL) > "$(OS_DOWNLOAD_DIR)/$(FINCH_OS_BASENAME)" - cd $(OS_DOWNLOAD_DIR) && shasum -a 512 --check $(HASH_DIR)/$(FINCH_OS_BASENAME).sha512 || exit 1 - -$(ROOTFS_DOWNLOAD_DIR)/$(FINCH_ROOTFS_BASENAME): - mkdir -p $(ROOTFS_DOWNLOAD_DIR) - mkdir -p $(OUTDIR)/os - curl -L --fail $(FINCH_ROOTFS_URL) > "$(ROOTFS_DOWNLOAD_DIR)/$(FINCH_ROOTFS_BASENAME)" - cp $(ROOTFS_DOWNLOAD_DIR)/$(FINCH_ROOTFS_BASENAME) $(OUTDIR)/os - - -.PHONY: download.os -download.os: $(OS_DOWNLOAD_DIR)/$(FINCH_OS_BASENAME) - -.PHONY: download.rootfs -download.rootfs: $(ROOTFS_DOWNLOAD_DIR)/$(FINCH_ROOTFS_BASENAME) - $(eval FINCH_ROOTFS_DIGEST := "sha256:$(sha256 $(ROOTFS_DOWNLOAD_DIR)/$(FINCH_ROOTFS_BASENAME))") - -$(LIMA_DOWNLOAD_DIR)/$(LIMA_DEPENDENCY_FILE_NAME): - mkdir -p $(DEPENDENCIES_DOWNLOAD_DIR) - curl -L --fail $(LIMA_URL) > "$(DEPENDENCIES_DOWNLOAD_DIR)/$(LIMA_DEPENDENCY_FILE_NAME)" - mkdir -p ${OUTDIR} - tar -xvzf ${DEPENDENCIES_DOWNLOAD_DIR}/${LIMA_DEPENDENCY_FILE_NAME} -C ${OUTDIR} - -.PHONY: download.lima-dependencies -download.lima-dependencies: $(LIMA_DOWNLOAD_DIR)/$(LIMA_DEPENDENCY_FILE_NAME) - -.PHONY: install.lima-dependencies -install.lima-dependencies: download.lima-dependencies - -# Only redownload/extract if this file is missing (there's no particular reason for choosing this file instead of any other) -$(LIMA_OUTDIR)/bin/ssh.exe: - mkdir -p $(DEPENDENCIES_DOWNLOAD_DIR) - mkdir -p $(OUTDIR)/bin - - curl -L --fail $(WINGIT_x86_URL) > $(DEPENDENCIES_DOWNLOAD_DIR)/$(WINGIT_x86_BASENAME) - pwsh.exe -NoLogo -NoProfile -c ./bin/verify_hash.ps1 "$(DEPENDENCIES_DOWNLOAD_DIR)\$(WINGIT_x86_BASENAME)" $(WINGIT_x86_HASH) - mkdir -p $(WINGIT_TEMP_DIR) - # this takes a long time because of an almost 4:1 compression ratio and needing to extract many small files - tar --force-local -xvjf "$(DEPENDENCIES_DOWNLOAD_DIR)\$(WINGIT_x86_BASENAME)" -C $(WINGIT_TEMP_DIR) - - # Lima runtime dependencies - mkdir -p $(LIMA_OUTDIR)/bin - - # From https://packages.msys2.org/package/gzip?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/gzip.exe $(LIMA_OUTDIR)/bin/ - # From https://packages.msys2.org/package/msys2-runtime?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/cygpath.exe $(LIMA_OUTDIR)/bin/ - # From https://packages.msys2.org/package/tar?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/tar.exe $(LIMA_OUTDIR)/bin/ - # From https://packages.msys2.org/package/openssh?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/ssh.exe $(LIMA_OUTDIR)/bin/ - # From https://packages.msys2.org/package/openssh?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/ssh-keygen.exe $(LIMA_OUTDIR)/bin/ - - # Dependency DLLs, extracted with https://github.com/lucasg/Dependencies - # Dependencies.exe -chain $(WINGIT_TEMP_DIR)\usr\bin\ssh.exe -depth 3 -json - # Depth 3 is only needed for ssh.exe, everything else only needs depth 1 - # TODO: Automate - - # Required by all MSYS2 programs, from https://github.com/msys2/msys2-runtime - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-2.0.dll $(LIMA_OUTDIR)/bin/ - # Required by tar.exe, from https://packages.msys2.org/package/libiconv?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-iconv-2.dll $(LIMA_OUTDIR)/bin/ - # Required by msys-iconv-2.dll, from https://packages.msys2.org/package/libintl?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-intl-8.dll $(LIMA_OUTDIR)/bin/ - # GCC exception handling, required for all programs that throw exceptions, from https://packages.msys2.org/package/gcc-libs?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-gcc_s-seh-1.dll $(LIMA_OUTDIR)/bin/ - - # Required by ssh.exe, from https://packages.msys2.org/package/libopenssl?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-crypto-3.dll $(LIMA_OUTDIR)/bin/ - # Required by ssh.exe, from https://packages.msys2.org/package/zlib-devel?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-z.dll $(LIMA_OUTDIR)/bin/ - # Required by ssh.exe, from https://packages.msys2.org/package/libcrypt?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-crypt-0.dll $(LIMA_OUTDIR)/bin/ - # Required by heimdal-libs, from https://packages.msys2.org/package/libsqlite?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-sqlite3-0.dll $(LIMA_OUTDIR)/bin/ - - # Required by ssh.exe, from https://packages.msys2.org/package/heimdal-libs?repo=msys&variant=x86_64 - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-asn1-8.dll $(LIMA_OUTDIR)/bin/ - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-com_err-1.dll $(LIMA_OUTDIR)/bin/ - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-gssapi-3.dll $(LIMA_OUTDIR)/bin/ - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-hcrypto-4.dll $(LIMA_OUTDIR)/bin/ - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-heimbase-1.dll $(LIMA_OUTDIR)/bin/ - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-heimntlm-0.dll $(LIMA_OUTDIR)/bin/ - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-hx509-5.dll $(LIMA_OUTDIR)/bin/ - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-krb5-26.dll $(LIMA_OUTDIR)/bin/ - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-roken-18.dll $(LIMA_OUTDIR)/bin/ - cp $(WINGIT_TEMP_DIR)/usr/bin/msys-wind-0.dll $(LIMA_OUTDIR)/bin/ - - -@rm -rf $(WINGIT_TEMP_DIR) - -.PHONY: install.lima-dependencies-wsl2 -install.lima-dependencies-wsl2: $(LIMA_OUTDIR)/bin/ssh.exe - -.PHONY: lima-template -lima-template: download - mkdir -p $(OUTDIR)/lima-template - cp lima-template/fedora.yaml $(OUTDIR)/lima-template - # using -i.bak is very intentional, it allows the following commands to succeed for both GNU / BSD sed - # this sed command uses the alternative separator of "|" because the image location uses "/" - sed -i.bak -e "s||$(FINCH_IMAGE_LOCATION)|g" $(OUTDIR)/lima-template/fedora.yaml - sed -i.bak -e "s//$(LIMA_ARCH)/g" $(OUTDIR)/lima-template/fedora.yaml - sed -i.bak -e "s//$(FINCH_IMAGE_DIGEST)/g" $(OUTDIR)/lima-template/fedora.yaml - rm $(OUTDIR)/lima-template/*.yaml.bak - -.PHONY: lima-socket-vmnet -lima-socket-vmnet: - git submodule update --init --recursive src/socket_vmnet - cd src/socket_vmnet && git clean -f -d - cd src/socket_vmnet && PREFIX=$(SOCKET_VMNET_TEMP_PREFIX) "$(MAKE)" install.bin - -.PHONY: lima lima-exe -lima-exe: - cd src/lima && \ - "$(MAKE)" exe _output/share/lima/lima-guestagent.Linux-x86_64 - mkdir -p ${OUTDIR}/lima - cp -r src/lima/_output/* ${OUTDIR}/lima +$(OUTPUT_DIRECTORIES): + @mkdir -p $@ .PHONY: download-sources download-sources: ./bin/download-sources.pl -.PHONY: os -os: download - mkdir -p $(OUTDIR)/os - lz4 -dcf $(DOWNLOAD_DIR)/os/$(FINCH_OS_BASENAME) > "$(OUTDIR)/os/$(FINCH_OS_BASENAME)" - -.PHONY: rootfs -rootfs: download - mkdir -p $(OUTDIR)/os - cp $(DOWNLOAD_DIR)/os/$(FINCH_ROOTFS_BASENAME) "$(OUTDIR)/os/$(FINCH_ROOTFS_BASENAME)" - .PHONY: install install: uninstall mkdir -p $(DEST) diff --git a/Makefile.darwin b/Makefile.darwin new file mode 100644 index 0000000..e91db3a --- /dev/null +++ b/Makefile.darwin @@ -0,0 +1,56 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +OS_OUTDIR := $(OUTDIR)/os +LIMA_TEMPLATE_OUTDIR := $(OUTDIR)/lima-template +OUTPUT_DIRECTORIES += $(OS_OUTDIR) $(LIMA_TEMPLATE_OUTDIR) +SOCKET_VMNET_TEMP_PREFIX ?= $(OUTDIR)/dependencies/lima-socket_vmnet/opt/finch + +include $(CURDIR)/deps/full-os.conf +ifeq ($(ARCH),x86_64) +FINCH_OS_BASENAME ?= $(X86_64_ARTIFACT) +FINCH_OS_DIGEST ?= $(X86_64_512_DIGEST) +LIMA_ARCH = x86_64 +else +FINCH_OS_BASENAME ?= $(AARCH64_ARTIFACT) +FINCH_OS_DIGEST ?= $(AARCH64_512_DIGEST) +LIMA_ARCH = aarch64 +endif + +FINCH_IMAGE_LOCATION := $(OS_OUTDIR)/$(FINCH_OS_BASENAME) +FINCH_IMAGE_DIGEST := "sha512:$(FINCH_OS_DIGEST)" +FEDORA_YAML := fedora.yaml + +dependencies: download.os install.lima-dependencies lima-socket-vmnet lima-template + +.PHONY: download.os +download.os: $(OS_OUTDIR)/$(FINCH_OS_BASENAME) + +$(OS_OUTDIR)/$(FINCH_OS_BASENAME): $(OS_OUTDIR) $(CURDIR)/deps/full-os.conf + bash deps/install.sh --output $@ $(CURDIR)/deps/full-os.conf + +.PHONY: install.lima-dependencies +install.lima-dependencies: download.lima-dependencies $(OUTDIR) + tar -xvzf ${LIMA_DOWNLOAD_DIR}/${LIMA_DEPENDENCY_FILE_NAME} -C $(OUTDIR) + +.PHONY: download.lima-dependencies +download.lima-dependencies: $(LIMA_DOWNLOAD_DIR)/$(LIMA_DEPENDENCY_FILE_NAME) + +$(LIMA_DOWNLOAD_DIR)/$(LIMA_DEPENDENCY_FILE_NAME): $(LIMA_DOWNLOAD_DIR) $(CURDIR)/deps/lima-bundles.conf + bash deps/install.sh --output $@ $(CURDIR)/deps/lima-bundles.conf + +.PHONY: lima-socket-vmnet +lima-socket-vmnet: + git submodule update --init --recursive src/socket_vmnet + cd src/socket_vmnet && git clean -f -d + cd src/socket_vmnet && PREFIX=$(SOCKET_VMNET_TEMP_PREFIX) "$(MAKE)" install.bin + +.PHONY: lima-template +lima-template: $(LIMA_TEMPLATE_OUTDIR) + cp lima-template/fedora.yaml $(LIMA_TEMPLATE_OUTDIR) + # using -i.bak is very intentional, it allows the following commands to succeed for both GNU / BSD sed + # this sed command uses the alternative separator of "|" because the image location uses "/" + sed -i.bak -e "s||$(FINCH_IMAGE_LOCATION)|g" $(LIMA_TEMPLATE_OUTDIR)/fedora.yaml + sed -i.bak -e "s//$(LIMA_ARCH)/g" $(LIMA_TEMPLATE_OUTDIR)/fedora.yaml + sed -i.bak -e "s//$(FINCH_IMAGE_DIGEST)/g" $(LIMA_TEMPLATE_OUTDIR)/fedora.yaml + rm $(LIMA_TEMPLATE_OUTDIR)/*.yaml.bak diff --git a/Makefile.windows b/Makefile.windows new file mode 100644 index 0000000..5cb7938 --- /dev/null +++ b/Makefile.windows @@ -0,0 +1,98 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +# TODO: Use Finch rootfs in Finch on Windows testing +ROOTFS_OUTPUT_DIR := $(OUTDIR)/os +OUTPUT_DIRECTORIES += $(ROOTFS_OUTPUT_DIR) + +include $(CURDIR)/deps/rootfs.conf +ifeq ($(ARCH), x86_64) +FINCH_ROOTFS_BASENAME ?= $(X86_64_ARTIFACT) +FINCH_ROOTFS_DIGEST ?= $(X86_64_512_DIGEST) +else +$(error Finch on Windows ARM not supported) +endif + +WINGIT_TEMP_DIR := $(CURDIR)/wingit-temp +WINGIT_x86_URL := $(or $(WINGIT_x86_URL),https://github.com/git-for-windows/git/releases/download/v2.42.0.windows.2/Git-2.42.0.2-64-bit.tar.bz2) +WINGIT_x86_BASENAME ?= $(notdir $(WINGIT_x86_URL)) +WINGIT_x86_HASH := $(or $(WINGIT_x86_HASH),"sha256:c192e56f8ed3d364acc87ad04d1f5aa6ae03c23b32b67bf65fcc6f9b8f032e65") + +dependencies: install.rootfs lima + +.PHONY: install.rootfs +install.rootfs: $(ROOTFS_OUTPUT_DIR)/$(FINCH_ROOTFS_BASENAME) + +$(ROOTFS_OUTPUT_DIR)/$(FINCH_ROOTFS_BASENAME): $(ROOTFS_OUTPUT_DIR) $(CURDIR)/deps/rootfs.conf + bash deps/install.sh --output $@ $(CURDIR)/deps/rootfs.conf + +lima: lima-exe install.lima-dependencies-wsl2 + +.PHONY: lima lima-exe +lima-exe: + cd src/lima && \ + "$(MAKE)" exe _output/share/lima/lima-guestagent.Linux-x86_64 + mkdir -p $(OUTDIR)/lima + cp -r src/lima/_output/* $(OUTDIR)/lima + +.PHONY: install.lima-dependencies-wsl2 +install.lima-dependencies-wsl2: $(LIMA_OUTDIR)/bin/ssh.exe + +# Only redownload/extract if this file is missing (there's no particular reason for choosing this file instead of any other) +$(LIMA_OUTDIR)/bin/ssh.exe: $(LIMA_OUTDIR) $(LIMA_DOWNLOAD_DIR) + curl -L --fail $(WINGIT_x86_URL) > $(LIMA_DOWNLOAD_DIR)/$(WINGIT_x86_BASENAME) + pwsh.exe -NoLogo -NoProfile -c ./bin/verify_hash.ps1 "$(LIMA_DOWNLOAD_DIR)\$(WINGIT_x86_BASENAME)" $(WINGIT_x86_HASH) + mkdir -p $(WINGIT_TEMP_DIR) + # this takes a long time because of an almost 4:1 compression ratio and needing to extract many small files + tar --force-local -xvjf "$(LIMA_DOWNLOAD_DIR)\$(WINGIT_x86_BASENAME)" -C $(WINGIT_TEMP_DIR) + + # Lima runtime dependencies + mkdir -p $(LIMA_OUTDIR)/bin + + # From https://packages.msys2.org/package/gzip?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/gzip.exe $(LIMA_OUTDIR)/bin/ + # From https://packages.msys2.org/package/msys2-runtime?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/cygpath.exe $(LIMA_OUTDIR)/bin/ + # From https://packages.msys2.org/package/tar?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/tar.exe $(LIMA_OUTDIR)/bin/ + # From https://packages.msys2.org/package/openssh?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/ssh.exe $(LIMA_OUTDIR)/bin/ + # From https://packages.msys2.org/package/openssh?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/ssh-keygen.exe $(LIMA_OUTDIR)/bin/ + + # Dependency DLLs, extracted with https://github.com/lucasg/Dependencies + # Dependencies.exe -chain $(WINGIT_TEMP_DIR)\usr\bin\ssh.exe -depth 3 -json + # Depth 3 is only needed for ssh.exe, everything else only needs depth 1 + # TODO: Automate + + # Required by all MSYS2 programs, from https://github.com/msys2/msys2-runtime + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-2.0.dll $(LIMA_OUTDIR)/bin/ + # Required by tar.exe, from https://packages.msys2.org/package/libiconv?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-iconv-2.dll $(LIMA_OUTDIR)/bin/ + # Required by msys-iconv-2.dll, from https://packages.msys2.org/package/libintl?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-intl-8.dll $(LIMA_OUTDIR)/bin/ + # GCC exception handling, required for all programs that throw exceptions, from https://packages.msys2.org/package/gcc-libs?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-gcc_s-seh-1.dll $(LIMA_OUTDIR)/bin/ + + # Required by ssh.exe, from https://packages.msys2.org/package/libopenssl?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-crypto-3.dll $(LIMA_OUTDIR)/bin/ + # Required by ssh.exe, from https://packages.msys2.org/package/zlib-devel?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-z.dll $(LIMA_OUTDIR)/bin/ + # Required by ssh.exe, from https://packages.msys2.org/package/libcrypt?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-crypt-0.dll $(LIMA_OUTDIR)/bin/ + # Required by heimdal-libs, from https://packages.msys2.org/package/libsqlite?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-sqlite3-0.dll $(LIMA_OUTDIR)/bin/ + + # Required by ssh.exe, from https://packages.msys2.org/package/heimdal-libs?repo=msys&variant=x86_64 + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-asn1-8.dll $(LIMA_OUTDIR)/bin/ + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-com_err-1.dll $(LIMA_OUTDIR)/bin/ + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-gssapi-3.dll $(LIMA_OUTDIR)/bin/ + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-hcrypto-4.dll $(LIMA_OUTDIR)/bin/ + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-heimbase-1.dll $(LIMA_OUTDIR)/bin/ + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-heimntlm-0.dll $(LIMA_OUTDIR)/bin/ + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-hx509-5.dll $(LIMA_OUTDIR)/bin/ + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-krb5-26.dll $(LIMA_OUTDIR)/bin/ + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-roken-18.dll $(LIMA_OUTDIR)/bin/ + cp $(WINGIT_TEMP_DIR)/usr/bin/msys-wind-0.dll $(LIMA_OUTDIR)/bin/ + + -@rm -rf $(WINGIT_TEMP_DIR) diff --git a/bin/install-file-monitor.sh b/bin/install-file-monitor.sh new file mode 100644 index 0000000..fbe255d --- /dev/null +++ b/bin/install-file-monitor.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +# A script for installing file monitor dependency. +# +# Usage: bash install-file-monitor.sh + +set -euxo pipefail + +CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd -- "${CURRENT_DIR}/.." && pwd)" + +DEPENDENCY="FileMonitor_1.3.0.zip" +DEPENDENCY_URL="https://bitbucket.org/objective-see/deploy/downloads/FileMonitor_1.3.0.zip" +DEPENDENCY_DIGEST="17a1335e76fb9298ed4e33fd7d7fc8e2f96c1b849db86fb250caf58f1689d2b2bf09eb5cc8cd10ac95f9b8bf38c90b8b99899505b3f3816cdfd14038011c000e" + +# Pull tarball to project's downloads directory to verify and install. +mkdir -p "${PROJECT_ROOT}/downloads" +file="${PROJECT_ROOT}/downloads/${DEPENDENCY}" +curl -L --fail ${DEPENDENCY_URL} > "${file}" + +# Validate shasum for downloaded dependency +(shasum --algorithm 512 "${file}" | cut -d ' ' -f 1 | grep -xq "^${DEPENDENCY_DIGEST}$") || \ + (echo "error: shasum verification failed for file monitor dependency" && exit 1) + +rm -rf /Applications/FileMonitor.app +unzip "${file}" -d /Applications diff --git a/bin/update-deps.sh b/bin/update-deps.sh index f2a8cde..d7735e4 100755 --- a/bin/update-deps.sh +++ b/bin/update-deps.sh @@ -1,30 +1,59 @@ -#!/bin/bash +#!/usr/bin/env bash -DEPENDENCY_CLOUDFRONT_URL="https://deps.runfinch.com/" -AARCH64_FILENAME_PATTERN="aarch64/lima-and-qemu.macos-aarch64.[0-9].*\.gz$" -AMD64_FILENAME_PATTERN="x86-64/lima-and-qemu.macos-x86_64.[0-9].*\.gz$" +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +# A script to update the lima dependency used for Finch on MacOS and Windows. +# +# Usage: bash update-deps.sh -d + +set -euxo pipefail + +CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd -- "${CURRENT_DIR}/.." && pwd)" + +# shellcheck source=/dev/null +source "${PROJECT_ROOT}/bin/utility.sh" + +DEPENDENCY_CLOUDFRONT_URL="https://deps.runfinch.com" +AARCH64_FILENAME_PATTERN="lima-and-qemu.macos-aarch64.[0-9].*\.gz$" +AMD64_FILENAME_PATTERN="lima-and-qemu.macos-x86_64.[0-9].*\.gz$" AARCH64="aarch64" X86_64="x86-64" -set -x - while getopts d: flag do - case "${flag}" in - d) dependency_bucket=${OPTARG};; - esac + case "${flag}" in + d) dependency_bucket=${OPTARG};; + *) echo "Error: unknown flag" && exit 1;; + esac done [[ -z "$dependency_bucket" ]] && { echo "Error: Dependency bucket not set"; exit 1; } - -aarch64Deps=$(aws s3 ls s3://${dependency_bucket}/${AARCH64}/ --recursive | grep "$AARCH64_FILENAME_PATTERN" | sort | tail -n 1 | awk '{print $4}') - -[[ -z "$aarch64Deps" ]] && { echo "Error: aarch64 dependency not found"; exit 1; } - - -amd64Deps=$(aws s3 ls s3://${dependency_bucket}/${X86_64}/ --recursive | grep "$AMD64_FILENAME_PATTERN" | sort | tail -n 1 | awk '{print $4}') - -[[ -z "$amd64Deps" ]] && { echo "Error: x86_64 dependency not found"; exit 1; } - -sed -E -i.bak 's|^([[:blank:]]*LIMA_URL[[:blank:]]*\?=[[:blank:]]*'${DEPENDENCY_CLOUDFRONT_URL}')('${AARCH64_FILENAME_PATTERN}')|\1'$aarch64Deps'|' Makefile -sed -E -i.bak 's|^([[:blank:]]*LIMA_URL[[:blank:]]*\?=[[:blank:]]*'${DEPENDENCY_CLOUDFRONT_URL}')('${AMD64_FILENAME_PATTERN}')|\1'$amd64Deps'|' Makefile +aarch64_deps=$(find_latest_object_match_from_s3 "${AARCH64_FILENAME_PATTERN}" "${dependency_bucket}/${AARCH64}") +[[ -z "$aarch64_deps" ]] && { echo "Error: aarch64 dependency not found"; exit 1; } + +# Need to pull the shasum of the artifact to store for later verification. +aarch64_deps_shasum_url="${DEPENDENCY_CLOUDFRONT_URL}/${aarch64_deps}.sha512sum" +aarch64_deps_shasum=$(curl -L --fail "${aarch64_deps_shasum_url}") + +amd64_deps=$(find_latest_object_match_from_s3 "${AMD64_FILENAME_PATTERN}" "${dependency_bucket}/${X86_64}") +[[ -z "$amd64_deps" ]] && { echo "Error: x86_64 dependency not found"; exit 1; } + +amd64_deps_shasum_url="${DEPENDENCY_CLOUDFRONT_URL}/${amd64_deps}.sha512sum" +amd64_deps_shasum=$(curl -L --fail "${amd64_deps_shasum_url}") + +# Update bundles file with latest artifacts and digests. +BUNDLES_FILE="${PROJECT_ROOT}/deps/lima-bundles.conf" +truncate -s 0 "${BUNDLES_FILE}" +{ + echo "ARTIFACT_BASE_URL=${DEPENDENCY_CLOUDFRONT_URL}" + echo "" + echo "AARCH64_ARTIFACT_PATHING=${AARCH64}" + echo "AARCH64_ARTIFACT=${aarch64_deps}" + echo "AARCH64_512_DIGEST=${aarch64_deps_shasum}" + echo "" + echo "X86_64_ARTIFACT_PATHING=${X86_64}" + echo "X86_64_ARTIFACT=${amd64_deps}" + echo "X86_64_512_DIGEST=${amd64_deps_shasum}" +} >> "${BUNDLES_FILE}" diff --git a/bin/update-rootfs.sh b/bin/update-rootfs.sh index 5101428..51b1619 100755 --- a/bin/update-rootfs.sh +++ b/bin/update-rootfs.sh @@ -1,29 +1,50 @@ -#!/bin/bash +#!/usr/bin/env bash + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +# A script to update the rootfs dependency used for Finch on Windows. +# +# Usage: bash update-rootfs.sh -d + set -euxo pipefail -DEPENDENCY_CLOUDFRONT_URL="https://deps.runfinch.com/" -AARCH64_FILENAME_PATTERN="common/aarch64/finch-rootfs-production-arm64-[0-9].*\.tar.zst$" -AMD64_FILENAME_PATTERN="common/x86-64/finch-rootfs-production-amd64-[0-9].*\.tar.zst$" +CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd -- "${CURRENT_DIR}/.." && pwd)" + +# shellcheck source=/dev/null +source "${PROJECT_ROOT}/bin/utility.sh" + +DEPENDENCY_CLOUDFRONT_URL="https://deps.runfinch.com" +AMD64_FILENAME_PATTERN="finch-rootfs-production-amd64-[0-9]+\.tar.gz" PLATFORM="common" -AARCH64="aarch64" +# ARM not currently supported for Finch on Windows +# AARCH64="aarch64" X86_64="x86-64" while getopts d: flag do - case "${flag}" in - d) dependency_bucket=${OPTARG};; - esac + case "${flag}" in + d) dependency_bucket=${OPTARG};; + *) echo "Error: unknown flag" && exit 1;; + esac done [[ -z "$dependency_bucket" ]] && { echo "Error: Dependency bucket not set"; exit 1; } -aarch64Deps=$(aws s3 ls s3://${dependency_bucket}/${PLATFORM}/${AARCH64}/ --recursive | grep "$AARCH64_FILENAME_PATTERN" | sort | tail -n 1 | awk '{print $4}') - -[[ -z "$aarch64Deps" ]] && { echo "Error: aarch64 dependency not found"; exit 1; } - -amd64Deps=$(aws s3 ls s3://${dependency_bucket}/${PLATFORM}/${X86_64}/ --recursive | grep "$AMD64_FILENAME_PATTERN" | sort | tail -n 1 | awk '{print $4}') - -[[ -z "$amd64Deps" ]] && { echo "Error: x86_64 dependency not found"; exit 1; } - -sed -E -i.bak 's|^([[:blank:]]*FINCH_ROOTFS_URL[[:blank:]]*\?=[[:blank:]]*'${DEPENDENCY_CLOUDFRONT_URL}')('${AARCH64_FILENAME_PATTERN}')|\1'$aarch64Deps'|' Makefile -sed -E -i.bak 's|^([[:blank:]]*FINCH_ROOTFS_URL[[:blank:]]*\?=[[:blank:]]*'${DEPENDENCY_CLOUDFRONT_URL}')('${AMD64_FILENAME_PATTERN}')|\1'$amd64Deps'|' Makefile +amd64_deps=$(find_latest_object_match_from_s3 "${AMD64_FILENAME_PATTERN}" "${dependency_bucket}/${PLATFORM}/${X86_64}") +[[ -z "$amd64_deps" ]] && { echo "Error: x86_64 dependency not found"; exit 1; } + +amd64_deps_shasum_url="${DEPENDENCY_CLOUDFRONT_URL}/${amd64_deps}.sha512sum" +amd64_deps_shasum=$(curl -L --fail "${amd64_deps_shasum_url}") + +# Update rootfs file with latest artifacts and digests +ROOTFS_FILE="${PROJECT_ROOT}/deps/rootfs.conf" +truncate -s 0 "${ROOTFS_FILE}" +{ + echo "ARTIFACT_BASE_URL=${DEPENDENCY_CLOUDFRONT_URL}" + echo "" + echo "X86_64_ARTIFACT_PATHING=${PLATFORM}/${X86_64}" + echo "X86_64_ARTIFACT=${amd64_deps}" + echo "X86_64_512_DIGEST=${amd64_deps_shasum}" +} >> "${ROOTFS_FILE}" diff --git a/bin/utility.sh b/bin/utility.sh new file mode 100644 index 0000000..88a7b22 --- /dev/null +++ b/bin/utility.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +# find_latest_object_match_from_s3 is a function for retrieving the +# latest object from a S3 bucket matching the provided pattern. +# +# @param object_pattern - pattern to match S3 objects +# @param s3_bucket - the S3 bucket to inspect +# @return if found, returns the last object matching the pattern with exit code 0 +# else returns an error message with exit code 1. +find_latest_object_match_from_s3() { + local object_pattern="$1" + local s3_bucket="$2" + + object=$(aws s3 ls "s3://${s3_bucket}" --recursive | grep "${object_pattern}" | sort | tail -n 1 | awk '{print $4}') + if [[ -z "$object" ]]; then + echo "error: no match found for pattern ${object_pattern}" + exit 1 + fi + + echo "$object" +} diff --git a/deps/README.md b/deps/README.md new file mode 100644 index 0000000..d5e9528 --- /dev/null +++ b/deps/README.md @@ -0,0 +1,44 @@ +# Required Dependencies + +## Installation + +All required dependencies for the Finch virtual machine are +available via https://www.deps.runfinch.com. + +Finch core provides a utility tool ([`deps/install.sh`](../deps/install.sh)) for pulling and verifying the required artifacts for each platform. + +### Artifact configuration + +To effectively pull and verify dependency artifacts, the tooling +needs several pieces of information. This artifact metadata is +modeled in artifact configuration files. e.g. [`deps/lima-bundles.conf`](../deps/lima-bundles.conf) +models the information required to pull and verify the Lima bundle +needed for running Finch on macOS. + +* **ARTIFACT_BASE_URL** - the consistent part or the root of the +URL for pulling the artifact. (Required) +* **AARCH64_ARTIFACT_PATHING** - the specific pathing for the ARM +variant of the artifact. (Optional) +* **AARCH64_ARTIFACT** - the ARM64 artifact file name. +* **AARCH64_512_DIGEST** - the SHA-512 checksum for the artifact. +* **X86_64_ARTIFACT_PATHING** - the specific pathing for the +x86-64 variant of the artifact. (Optional) +* **X86_64_ARTIFACT** - the x86-64 artifact file name. +* **X86_64_512_DIGEST** - the SHA-512 checksum for the artifact. + +** Note: not every dependency will require both ARM and x86-64 +architecture support. e.g. Finch on Windows ARM is not currently +supported so the ARM configuration is not required in +[`deps/rootfs.conf`](../deps/rootfs.conf). + +## Updating artifact configuration + +Artifact configuration for the Lima bundle for Finch on macOS and the rootfs +for Finch on Windows is updated via the +[update dependencies](../.github/workflows/update-dependencies.yaml) +GitHub Actions workflow. The workflow scans S3 for more up-to-date +versions of the required dependency and opens a pull request with +the configuration updates. + +Artifact configuration for the Finch on macOS virtual machine image +is still manually updated. diff --git a/deps/full-os.conf b/deps/full-os.conf new file mode 100644 index 0000000..9b4ef31 --- /dev/null +++ b/deps/full-os.conf @@ -0,0 +1,9 @@ +ARTIFACT_BASE_URL=https://deps.runfinch.com + +# From https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/aarch64/images/ +AARCH64_ARTIFACT=Fedora-Cloud-Base-40-1.14.aarch64-20240514214641.qcow2 +AARCH64_512_DIGEST=9574dbbee1e34c005334fada0e29a6598cdbc3312b7b54214f20cc36549e48aa34f197a93d3fa9e83208db6d7e32ce6e04bb620048ac2c5620ce86690067f986 + +# From https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/ +X86_64_ARTIFACT=Fedora-Cloud-Base-40-1.14.x86_64-20240514214655.qcow2 +X86_64_512_DIGEST=0a4894f10b5b8c4096c8bb7bdcbd23d59f4f5c6ceed228101f7ff3ea0a2e017d7e669b2e794628d52523e599a4028d7f6bd665b37336c0607e605dac4701d5b1 diff --git a/deps/install.sh b/deps/install.sh new file mode 100644 index 0000000..b0308e3 --- /dev/null +++ b/deps/install.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +# A script for pulling and unpacking a dependency artifact. +# +# Usage: bash install.sh [-o|--output ] + +set -euxo pipefail + +file="" +sources="" + +while [[ $# -gt 0 ]]; do + case $1 in + --output|-o) + shift # past argument + file=$1 + shift # past value + ;; + --*|-*) + echo "error: unknown option $1" + exit 1 + ;; + *) + sources=$1 + shift # past value + ;; + esac +done + +if [[ -z "$sources" ]]; then + echo "error: sources file not provided" && exit 1 +fi + +# shellcheck source=/dev/null +source "${sources}" + +artifact="" +digest="" +url="${ARTIFACT_BASE_URL}" + +arch="$(uname -m)" +case "${arch}" in + "arm64") + if [[ -z "$AARCH64_ARTIFACT" ]]; then + echo "error: ARM architecture not supported for dependency" && exit 1 + fi + + artifact="${AARCH64_ARTIFACT}" + digest="${AARCH64_512_DIGEST}" + + if [[ -n "${AARCH64_ARTIFACT_PATHING+unset}" ]]; then + url="${url}/${AARCH64_ARTIFACT_PATHING}" + fi + ;; + "x86_64") + artifact="${X86_64_ARTIFACT}" + digest="${X86_64_512_DIGEST}" + + if [[ -n "${X86_64_ARTIFACT_PATHING+unset}" ]]; then + url="${url}/${X86_64_ARTIFACT_PATHING}" + fi + ;; + *) + echo "error: unsupported architecture" && exit 1 + ;; +esac + +# pull artifact from dependency repository +curl -L --fail "${url}/${artifact}" > "${file}" + +# validate shasum for downloaded artifact +(shasum --algorithm 512 "${file}" | cut -d ' ' -f 1 | grep -xq "^${digest}$") || \ + (echo "error: shasum verification failed for dependency" && rm -f "${file}" && exit 1) diff --git a/deps/lima-bundles.conf b/deps/lima-bundles.conf new file mode 100644 index 0000000..1cc2c42 --- /dev/null +++ b/deps/lima-bundles.conf @@ -0,0 +1,9 @@ +ARTIFACT_BASE_URL=https://deps.runfinch.com + +AARCH64_ARTIFACT_PATHING=aarch64 +AARCH64_ARTIFACT=lima-and-qemu.macos-aarch64.1715099032.tar.gz +AARCH64_512_DIGEST=1610a671472dd77d2ea207fbad72b71c09b773e13c96f10bc6a9a3873a62b81f06b75b63f1a6d14ddf1b4029785eda0d028069f884514649ea20c87776044c00 + +X86_64_ARTIFACT_PATHING=x86-64 +X86_64_ARTIFACT=lima-and-qemu.macos-x86_64.1715099032.tar.gz +X86_64_512_DIGEST=ee6805f561b76c4f764191ef620ae662b61226426a71465a83d60ed8f67dc2033ff88c09676e1ded77cea9708bd03cfa6f779dd9a344373ad041a4fd0408361d diff --git a/deps/rootfs.conf b/deps/rootfs.conf new file mode 100644 index 0000000..5683ddd --- /dev/null +++ b/deps/rootfs.conf @@ -0,0 +1,5 @@ +ARTIFACT_BASE_URL=https://deps.runfinch.com + +X86_64_ARTIFACT_PATHING=common/x86-64 +X86_64_ARTIFACT=finch-rootfs-production-amd64-1715724303.tar.gz +X86_64_512_DIGEST=93ff4407f289f695424d3a4fe47158f712201d2b5ffcb0033a15d64e2082ddf8ef6e2f1612fa07ebb2bc9d57b38d0a5f3164fee1418d354847716e3594bd998d diff --git a/hashes/Fedora-Cloud-Base-40-1.14.aarch64-20240514214641.qcow2.sha512 b/hashes/Fedora-Cloud-Base-40-1.14.aarch64-20240514214641.qcow2.sha512 deleted file mode 100644 index 70d0534..0000000 --- a/hashes/Fedora-Cloud-Base-40-1.14.aarch64-20240514214641.qcow2.sha512 +++ /dev/null @@ -1,2 +0,0 @@ -# Fedora-Cloud-Base-40-1.14.aarch64-20240514214641.qcow2 -9574dbbee1e34c005334fada0e29a6598cdbc3312b7b54214f20cc36549e48aa34f197a93d3fa9e83208db6d7e32ce6e04bb620048ac2c5620ce86690067f986 *Fedora-Cloud-Base-40-1.14.aarch64-20240514214641.qcow2 diff --git a/hashes/Fedora-Cloud-Base-40-1.14.x86_64-20240514214655.qcow2.sha512 b/hashes/Fedora-Cloud-Base-40-1.14.x86_64-20240514214655.qcow2.sha512 deleted file mode 100644 index 9fca4c1..0000000 --- a/hashes/Fedora-Cloud-Base-40-1.14.x86_64-20240514214655.qcow2.sha512 +++ /dev/null @@ -1,2 +0,0 @@ -# Fedora-Cloud-Base-40-1.14.x86_64-20240514214655.qcow2 -0a4894f10b5b8c4096c8bb7bdcbd23d59f4f5c6ceed228101f7ff3ea0a2e017d7e669b2e794628d52523e599a4028d7f6bd665b37336c0607e605dac4701d5b1 *Fedora-Cloud-Base-40-1.14.x86_64-20240514214655.qcow2 diff --git a/hashes/lima.sha512 b/hashes/lima.sha512 deleted file mode 100644 index e3a2e94..0000000 --- a/hashes/lima.sha512 +++ /dev/null @@ -1,2 +0,0 @@ -# lima -SHA512 (lima.tar.gz) = 9050ad1b457a298646d31a3d6926df8b5b0ae33b3dac92304e16edbdb97926183e01bc07b80310745b38d8dbf1ee81c7fc6a57d157a6b470ff4ecc45c70f5075