From 08c43d2c7e851b61720ccdfd0f179f142cb9717e Mon Sep 17 00:00:00 2001 From: Michael Eischer Date: Fri, 7 Jun 2024 21:00:10 +0200 Subject: [PATCH] update release verification script for latest docker --- doc/developer_information.rst | 2 +- helpers/verify-release-binaries.sh | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/developer_information.rst b/doc/developer_information.rst index c7757e087..f0fe28c32 100644 --- a/doc/developer_information.rst +++ b/doc/developer_information.rst @@ -123,7 +123,7 @@ The specified go compiler version must match the one used to build the official binaries. For example, for restic 0.16.2 the command would be ``helpers/verify-release-binaries.sh 0.16.2 1.21.3``. -The script requires bash, curl, docker, git, gpg, shasum and tar. +The script requires bash, curl, docker (version >= 25.0), git, gpg, shasum and tar. The script first downloads all release binaries, checks the SHASUM256 file and its signature. Afterwards it checks that the tarball matches the restic git repository diff --git a/helpers/verify-release-binaries.sh b/helpers/verify-release-binaries.sh index 4e80528e2..5ac57027b 100755 --- a/helpers/verify-release-binaries.sh +++ b/helpers/verify-release-binaries.sh @@ -89,13 +89,14 @@ extract_docker() { restic_platform=$3 out=restic_${restic_version}_linux_${restic_platform}.bz2 + # requires at least docker 25.0 docker image pull --platform "linux/${docker_platform}" ${image}:${restic_version} > /dev/null docker image save ${image}:${restic_version} -o docker.tar mkdir img - tar xvf docker.tar -C img --wildcards \*/layer.tar > /dev/null + tar xvf docker.tar -C img --wildcards blobs/sha256/\* > /dev/null rm docker.tar - for i in img/*/layer.tar; do + for i in img/blobs/sha256/*; do tar -xvf "$i" -C img usr/bin/restic 2> /dev/null 1>&2 || true if [[ -f img/usr/bin/restic ]]; then if [[ -f restic-docker ]]; then