From 2dece79f0bf3c4d16da7b30833bd21fd271bee03 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 21 Oct 2024 10:48:02 +0200 Subject: [PATCH 1/4] install-from-source: avoid using `which` before it is installed The `which` executable must often be installed because it is missing from many a Docker image. Therefore, it won't _really_ work if one checks `which which` to figure out whether `which` is installed. Let's avoid this by using `type`, which is a shell builtin for most shells. The `type` utility is specified in the POSIX standard, as per https://pubs.opengroup.org/onlinepubs/9699919799/utilities/type.html, yet neither command-line options nor output is standardized. The only thing we _can_ rely on is the exit status. Note: _Technically_, this poses a change of behavior, as `which` resolves only to executables that are on the `PATH` while `type` will also happily report shell builtins. However, this is a net improvement: If running the script in, say, BusyBox, where many of the common utilities (including `which`!) are shell builtins, we would like to avoid forcefully installing the packages without need. Signed-off-by: Johannes Schindelin --- src/linux/Packaging.Linux/install-from-source.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/linux/Packaging.Linux/install-from-source.sh b/src/linux/Packaging.Linux/install-from-source.sh index be6ea1579..40259eded 100755 --- a/src/linux/Packaging.Linux/install-from-source.sh +++ b/src/linux/Packaging.Linux/install-from-source.sh @@ -63,7 +63,7 @@ install_packages() { for package in $packages; do # Ensure we don't stomp on existing installations. - if [ ! -z $(which $package) ]; then + if type $package >/dev/null 2>&1; then continue fi From 89adecefada837d99c9c10a32be2a9c84a7fb9fc Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 21 Oct 2024 10:56:17 +0200 Subject: [PATCH 2/4] install-from-source(mariner): awk is required to make dotnet-install.sh work The dotnet-install.sh script expects `awk` to be present, which is not installed by default in Mariner Linux. Signed-off-by: Johannes Schindelin --- src/linux/Packaging.Linux/install-from-source.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/linux/Packaging.Linux/install-from-source.sh b/src/linux/Packaging.Linux/install-from-source.sh index 40259eded..0126d1ddf 100755 --- a/src/linux/Packaging.Linux/install-from-source.sh +++ b/src/linux/Packaging.Linux/install-from-source.sh @@ -228,7 +228,7 @@ case "$distribution" in $sudo_cmd tdnf update -y # Install dotnet/GCM dependencies. - install_packages tdnf install "curl git krb5-libs libicu openssl-libs zlib findutils which bash" + install_packages tdnf install "curl git krb5-libs libicu openssl-libs zlib findutils which bash awk" ensure_dotnet_installed ;; From 7b721ea32fab8dadcebe0c988c74f9dc0a67742b Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 21 Oct 2024 14:50:48 +0200 Subject: [PATCH 3/4] install-from-source(mariner): ensure that CA certificates are installed This seems to be necessary to avoid problems with the `curl` calls when `dotnet-install.sh` tries to download the `dotnet-sdk` TAR archive: dotnet-install: Attempting to download using aka.ms link https://dotnetcli.azureedge.net/dotnet/Sdk/8.0.403/dotnet-sdk-8.0.403-linux-x64.tar.gz curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. Signed-off-by: Johannes Schindelin --- src/linux/Packaging.Linux/install-from-source.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/linux/Packaging.Linux/install-from-source.sh b/src/linux/Packaging.Linux/install-from-source.sh index 0126d1ddf..8cf60251c 100755 --- a/src/linux/Packaging.Linux/install-from-source.sh +++ b/src/linux/Packaging.Linux/install-from-source.sh @@ -228,7 +228,7 @@ case "$distribution" in $sudo_cmd tdnf update -y # Install dotnet/GCM dependencies. - install_packages tdnf install "curl git krb5-libs libicu openssl-libs zlib findutils which bash awk" + install_packages tdnf install "curl ca-certificates git krb5-libs libicu openssl-libs zlib findutils which bash awk" ensure_dotnet_installed ;; From 41a26cf6dc4f5459835df6cdad0b6d6a43e81502 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 21 Oct 2024 10:25:14 +0200 Subject: [PATCH 4/4] ci: also verify that installation works on Mariner and Arch Linux These currently work, too, and we probably want to keep it that way. Signed-off-by: Johannes Schindelin --- .github/workflows/validate-install-from-source.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/validate-install-from-source.yml b/.github/workflows/validate-install-from-source.yml index 4b67b00ae..2b1fd7696 100644 --- a/.github/workflows/validate-install-from-source.yml +++ b/.github/workflows/validate-install-from-source.yml @@ -27,6 +27,8 @@ jobs: - image: opensuse/leap - image: opensuse/tumbleweed - image: registry.suse.com/suse/sle15:15.4.27.11.31 + - image: archlinux + - image: mcr.microsoft.com/cbl-mariner/base/core:2.0 container: ${{matrix.vector.image}} steps: - run: | @@ -34,6 +36,9 @@ jobs: zypper -n install tar gzip elif [[ ${{matrix.vector.image}} == *"centos"* ]]; then dnf install which -y + elif [[ ${{matrix.vector.image}} == *"mariner"* ]]; then + GNUPGHOME=/root/.gnupg tdnf update -y && + GNUPGHOME=/root/.gnupg tdnf install tar -y # needed for `actions/checkout` fi - uses: actions/checkout@v4