diff --git a/tooling/release_download_test.sh b/tooling/release_download_test.sh index ca56551051..624d2527c9 100755 --- a/tooling/release_download_test.sh +++ b/tooling/release_download_test.sh @@ -25,10 +25,10 @@ TAG=${1:-$TAG} if echo "$TAG" | grep jdk8u; then MAJOR_VERSION=8 elif echo "$TAG" | grep ^jdk-; then - MAJOR_VERSION=$(echo $TAG | cut -d- -f2 | cut -d. -f1 | cut -d\+ -f1) + MAJOR_VERSION=$(echo "$TAG" | cut -d- -f2 | cut -d. -f1 | cut -d\+ -f1) else # Probably a beta with the tag starting jdkXXu - MAJOR_VERSION=$(echo $TAG | cut -d- -f1 | tr -d jdku) + MAJOR_VERSION=$(echo "$TAG" | cut -d- -f1 | tr -d jdku) fi echo "$(date +%T) : IVT : I will be checking https://github.com/adoptium/temurin${MAJOR_VERSION}-binaries/releases/tag/$TAG" @@ -37,13 +37,12 @@ if [ -z "${MAJOR_VERSION}" -o -z "${TAG}" ]; then exit 1 fi -curl -sS https://api.github.com/repos/adoptium/temurin${MAJOR_VERSION}-binaries/releases > "$WORKSPACE/jdk${MAJOR_VERSION}.txt" -if [ $? -ne 0 ]; then +if ! curl -sS "https://api.github.com/repos/adoptium/temurin${MAJOR_VERSION}-binaries/releases" > "$WORKSPACE/jdk${MAJOR_VERSION}.txt"; then echo "github API call failed - aborting" exit 2 fi -[ "$VERBOSE" = "tru" ] && echo "$(date +%T) : IVT: Downloading files from release repository" +[ "$VERBOSE" = "true" ] && echo "$(date +%T) : IVT: Downloading files from release repository" # Leaving this "if/fi" commented out as it can be useful if doing standalone # testing to avoid having to re-download. May be removed in future @@ -52,14 +51,14 @@ fi mkdir staging "staging/$TAG" cd "staging/$TAG" || exit 3 # Early access versions are currently in a different format - if echo $TAG | grep ea-beta; then + if echo "$TAG" | grep ea-beta; then FILTER="ea_${MAJOR_VERSION}" else FILTER=$(echo $TAG | sed 's/+/%2B/g') fi # Parse the releases list for the one we want and download everything in it - for URL in $(cat "$WORKSPACE/jdk${MAJOR_VERSION}.txt" | grep "$FILTER" | awk -F'"' '/browser_download_url/{print$4}'); do - [ "$VERBOSE" = "true" ] && echo "Downloading $(basename $URL)" + for URL in $(grep "$FILTER" "$WORKSPACE/jdk${MAJOR_VERSION}.txt" | awk -F'"' '/browser_download_url/{print$4}'); do + [ "$VERBOSE" = "true" ] && echo Downloading $(basename "$URL") curl -LORsS "$URL" done @@ -97,22 +96,22 @@ done echo "$(date +%T): IVT : Verifying that all tarballs are a valid format and counting files within them" for A in OpenJDK*.tar.gz; do - if ! tar tfz $A > /dev/null; then + if ! tar tfz "$A" > /dev/null; then echo "ERROR: Failed to verify that $A can be extracted" RC=4 fi # NOTE: 40 chosen because the static-libs is in the 40s - maybe switch for different tarballs in the future? - if [ "$(tar tfz $A | wc -l)" -lt 40 ]; then + if [ "$(tar tfz "$A" | wc -l)" -lt 40 ]; then echo "ERROR: Less than 40 files in $A - that does not seem correct" RC=4 fi done for A in OpenJDK*.zip; do - if ! unzip -t $A > /dev/null; then + if ! unzip -t "$A" > /dev/null; then echo "ERROR: Failed to verify that $A can be extracted" RC=4 fi - if [ "$(unzip -l $A | wc -l)" -lt 44 ]; then + if [ "$(unzip -l "$A" | wc -l)" -lt 44 ]; then echo "ERROR: Less than 40 files in $A - that does not seem correct" RC=4 fi @@ -150,13 +149,13 @@ fi chmod 700 cyclonedx-linux-* cd "$STARTDIR" -for SBOM in $(ls -1 staging/$TAG/OpenJDK*-sbom*json | grep -v metadata); do +for SBOM in $(ls -1 staging/"$TAG"/OpenJDK*-sbom*json | grep -v metadata); do echo "$(date +%T) : IVT : Validating $SBOM ..." - if ! staging/$TAG/cyclonedx-linux-arm64 validate --input-file "$SBOM"; then + if ! staging/"$TAG"/cyclonedx-linux-arm64 validate --input-file "$SBOM"; then echo "ERROR: Failed CycloneDX validation check" RC=5 fi - if ! bash $(dirname $0)/validateSBOMcontent.sh "$SBOM" $MAJOR_VERSION $TAG; then + if ! bash $(dirname "$0")/validateSBOMcontent.sh "$SBOM" "$MAJOR_VERSION" "$TAG"; then echo "ERROR: Failed checks on $SBOM" RC=6 fi diff --git a/tooling/validateSBOMcontent.sh b/tooling/validateSBOMcontent.sh index 01fd3a150f..fc9bd5a31c 100755 --- a/tooling/validateSBOMcontent.sh +++ b/tooling/validateSBOMcontent.sh @@ -7,15 +7,14 @@ if [ $# -lt 3 ]; then fi SBOMFILE="$1" MAJORVERSION="$2" -FULLVERSION="$3" +#FULLVERSION="$3" -GLIBC=$(jq '.metadata.tools[] | select(.name|test("GLIBC")) | .version' $1 | tr -d \") -GCC=$(jq '.metadata.tools[] | select(.name|test("GCC")) | .version' $1 | tr -d \") - -BOOTJDK=$(jq '.metadata.tools[] | select(.name|test("BOOTJDK")) | .version' $1 | tr -d \") -ALSA=$(jq '.metadata.tools[] | select(.name|test("ALSA")) | .version' $1 | tr -d \" | sed -e 's/^.*alsa-lib-//' -e 's/\.tar.bz2//') -FREETYPE=$(jq '.metadata.tools[] | select(.name|test("FreeType")) | .version' $1 | tr -d \") -FREEMARKER=$(jq '.metadata.tools[] | select(.name|test("FreeMarker")) | .version' $1 | tr -d \") +GLIBC=$(jq '.metadata.tools[] | select(.name|test("GLIBC")) | .version' "$1" | tr -d \") +GCC=$(jq '.metadata.tools[] | select(.name|test("GCC")) | .version' "$1" | tr -d \") +BOOTJDK=$(jq '.metadata.tools[] | select(.name|test("BOOTJDK")) | .version' "$1" | tr -d \") +ALSA=$(jq '.metadata.tools[] | select(.name|test("ALSA")) | .version' "$1" | tr -d \" | sed -e 's/^.*alsa-lib-//' -e 's/\.tar.bz2//') +FREETYPE=$(jq '.metadata.tools[] | select(.name|test("FreeType")) | .version' "$1" | tr -d \") +FREEMARKER=$(jq '.metadata.tools[] | select(.name|test("FreeMarker")) | .version' "$1" | tr -d \") COMPILER=$(jq '.components[0].properties[] | select(.name|test("Build Tools Summary")).value' $SBOMFILE | sed -e 's/^.*Toolchain: //g' -e 's/\ *\*.*//g') EXPECTED_COMPILER="gcc (GNU Compiler Collection)" @@ -23,19 +22,19 @@ EXPECTED_GLIBC="" EXPECTED_GCC="" # [ "${MAJORVERSION}" = "17" ] && EXPECTED_GCC=10.3.0 EXPECTED_ALSA=N.A -EXPECTED_FREETYPE=N.A # https://github.com/adoptium/temurin-build/issues/3493 +#EXPECTED_FREETYPE=N.A # https://github.com/adoptium/temurin-build/issues/3493 #EXPECTED_FREETYPE=https://github.com/freetype/freetype/commit/86bc8a95056c97a810986434a3f268cbe67f2902 if echo "$SBOMFILE" | grep _solaris_; then - EXPECTED_FREETYPE=N.A + #EXPECTED_FREETYPE=N.A EXPECTED_COMPILER="solstudio (Oracle Solaris Studio)" elif echo "$SBOMFILE" | grep _aix_; then EXPECTED_COMPILER="xlc (IBM XL C/C++)" elif echo "$SBOMFILE" | grep _alpine-linux_ > /dev/null; then - EXPECTED_FREETYPE=N.A + #EXPECTED_FREETYPE=N.A EXPECTED_ALSA=1.1.6 EXPECTED_GCC=10.3.1 elif echo "$SBOMFILE" | grep _linux_; then - if [ $MAJORVERSION -lt 20 ] && echo "$SBOMFILE" | grep x64 > /dev/null; then + if [ "$MAJORVERSION" -lt 20 ] && echo "$SBOMFILE" | grep x64 > /dev/null; then EXPECTED_GLIBC=2.12 elif echo "$SBOMFILE" | grep _arm_ > /dev/null; then EXPECTED_GLIBC=2.23 @@ -47,20 +46,20 @@ elif echo "$SBOMFILE" | grep _linux_; then [ "${MAJORVERSION}" = "17" ] && EXPECTED_GCC=10.3.0 [ "${MAJORVERSION}" -ge 20 ] && EXPECTED_GCC=11.2.0 EXPECTED_ALSA=1.1.6 - EXPECTED_FREETYPE=N.A + #EXPECTED_FREETYPE=N.A #elif echo $SBOMFILE | grep _mac_; then # EXPECTED_COMPILER="clang (clang/LLVM from Xcode 10.3)" elif echo "$SBOMFILE" | grep _x64_windows_; then if [ "${MAJORVERSION}" = "8" ]; then EXPECTED_COMPILER="microsoft (Microsoft Visual Studio 2017 - CURRENTLY NOT WORKING)" - EXPECTED_FREETYPE="https://github.com/freetype/freetype/commit/ec8853cd18e1a0c275372769bdad37a79550ed66" + #EXPECTED_FREETYPE="https://github.com/freetype/freetype/commit/ec8853cd18e1a0c275372769bdad37a79550ed66" else EXPECTED_COMPILER="microsoft (Microsoft Visual Studio 2019)" fi elif echo "$SBOMFILE" | grep _x86-32_windows_; then if [ "${MAJORVERSION}" = "8" ]; then EXPECTED_COMPILER="microsoft (Microsoft Visual Studio 2013)" - EXPECTED_FREETYPE="https://github.com/freetype/freetype/commit/ec8853cd18e1a0c275372769bdad37a79550ed66" + #EXPECTED_FREETYPE="https://github.com/freetype/freetype/commit/ec8853cd18e1a0c275372769bdad37a79550ed66" elif [ "${MAJORVERSION}" = "11" ]; then EXPECTED_COMPILER="microsoft (Microsoft Visual Studio 2017)" else @@ -71,13 +70,13 @@ elif echo "$SBOMFILE" | grep _mac_; then EXPECTED_COMPILER="clang (clang/LLVM from Xcode 12.4)" if [ "${MAJORVERSION}" = "8" -o "${MAJORVERSION}" = "11" ] && echo "$SBOMFILE" | grep _x64_; then EXPECTED_COMPILER="clang (clang/LLVM)" - EXPECTED_FREETYPE="https://github.com/freetype/freetype/commit/ec8853cd18e1a0c275372769bdad37a79550ed66" +# EXPECTED_FREETYPE="https://github.com/freetype/freetype/commit/ec8853cd18e1a0c275372769bdad37a79550ed66" fi fi EXPECTED_FREEMARKER=N.A RC=0 -if echo "$SBOMFILE" | egrep 'linux_'; then +if echo "$SBOMFILE" | grep 'linux_'; then [ "${GLIBC}" != "$EXPECTED_GLIBC" ] && echo "ERROR: GLIBC version not ${EXPECTED_GLIBC} (SBOM has ${GLIBC})" && RC=1 [ "${GCC}" != "$EXPECTED_GCC" ] && echo "ERROR: GCC version not ${EXPECTED_GCC} (SBOM has ${GCC})" && RC=1 fi @@ -86,25 +85,25 @@ echo "BOOTJDK is ${BOOTJDK}" [ "${ALSA}" != "$EXPECTED_ALSA" ] && echo "ERROR: ALSA version not ${EXPECTED_ALSA} (SBOM has ${ALSA})" && RC=1 # Freetype versions are inconsistent at present - see build#3484 #[ "${FREETYPE}" != "$EXPECTED_FREETYPE" ] && echo "ERROR: FreeType version not ${EXPECTED_FREETYPE} (SBOM has ${FREETYPE})" && RC=1 -[ ! -z "$(echo $FREETYPE | tr -d '[0-9]\.')" ] && echo "ERROR: FreeType version not a valid number (SBOM has ${FREETYPE})" && RC=1 +[ -n "$(echo $FREETYPE | tr -d '[0-9]\.')" ] && echo "ERROR: FreeType version not a valid number (SBOM has ${FREETYPE})" && RC=1 echo "FREETYPE is ${FREETYPE}" [ "${FREEMARKER}" != "$EXPECTED_FREEMARKER" ] && echo "ERROR: Freemarker version not ${EXPECTED_FREEMARKER} (SBOM has ${FREEMARKER})" && RC=1 echo -n "Checking for JDK source SHA validity: " -GITSHA=$(jq '.components[].properties[] | select(.name|test("OpenJDK Source Commit")) | .value' $1 | tr -d \") +GITSHA=$(jq '.components[].properties[] | select(.name|test("OpenJDK Source Commit")) | .value' "$1" | tr -d \") GITREPO=$(echo "$GITSHA" | cut -d/ -f1-5) GITSHA=$( echo "$GITSHA" | cut -d/ -f7) -if ! git ls-remote ${GITREPO} | grep ${GITSHA}; then +if ! git ls-remote "${GITREPO}" | grep "${GITSHA}"; then echo "ERROR: git sha of source repo not found" RC=1 fi echo -n "Checking for temurin-build SHA validity: " -GITSHA=$(jq '.components[].properties[] | select(.name|test("Temurin Build Ref")) | .value' $1 | tr -d \") +GITSHA=$(jq '.components[].properties[] | select(.name|test("Temurin Build Ref")) | .value' "$1" | tr -d \") GITREPO=$(echo "$GITSHA" | cut -d/ -f1-5) GITSHA=$(echo "$GITSHA" | cut -d/ -f7) echo "Checking for temurin-build SHA $GITSHA" -if ! git ls-remote ${GITREPO} | grep ${GITSHA}; then +if ! git ls-remote "${GITREPO}" | grep "${GITSHA}"; then echo "WARNING: temurin-build SHA check failed. This can happen if it was not a tagged level" if echo "$1" | grep '[0-9][0-9]-[0-9][0-9]-[0-9][0-9]-[0-9][0-9]' 2>/dev/null; then echo "Ignoring return code as filename looks like a nightly"