make some shell scripts use hermetic aspect toolchains

GoogleContainerTools · Dec 14, 2024 · bc0d10b · bc0d10b
1 parent 81c2dfd
commit bc0d10b
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 35 deletions.
diff --git a/apt/private/dpkg_status.bzl b/apt/private/dpkg_status.bzl
@@ -7,19 +7,28 @@ _DOC = """TODO: docs"""
 
 def _dpkg_status_impl(ctx):
     bsdtar = ctx.toolchains[tar_lib.TOOLCHAIN_TYPE]
+    coreutils = ctx.toolchains["@aspect_bazel_lib//lib:coreutils_toolchain_type"]
 
     output = ctx.actions.declare_file(ctx.attr.name + ".tar")
 
     args = ctx.actions.args()
     args.add(bsdtar.tarinfo.binary)
+    args.add(coreutils.coreutils_info.bin.path)
     args.add(output)
     args.add_all(ctx.files.controls)
 
+    tools = depset(
+        transitive = [
+            bsdtar.default.files,
+            depset([coreutils.coreutils_info.bin]),
+        ]
+    )
+
     ctx.actions.run(
         executable = ctx.executable._dpkg_status_sh,
         inputs = ctx.files.controls,
         outputs = [output],
-        tools = bsdtar.default.files,
+        tools = tools,
         arguments = [args],
     )
 
@@ -42,5 +51,8 @@ dpkg_status = rule(
         ),
     },
     implementation = _dpkg_status_impl,
-    toolchains = [tar_lib.TOOLCHAIN_TYPE],
+    toolchains = [
+        tar_lib.TOOLCHAIN_TYPE,
+        "@aspect_bazel_lib//lib:coreutils_toolchain_type",
+    ],
 )
diff --git a/apt/private/dpkg_status.sh b/apt/private/dpkg_status.sh
@@ -2,23 +2,27 @@
 set -o pipefail -o errexit -o nounset
 
 readonly bsdtar="$1"
-readonly out="$2"
-shift 2
+readonly coreutils="$2"
+readonly out="$3"
+shift 3
 
-tmp_out=$(mktemp)
+tmp_out=$($coreutils mktemp)
 
 while  (( $# > 0 )); do
-    $bsdtar -xf "$1" --to-stdout ./control |
-    awk '{
-        print $0; 
-        if (NR == 1) { print "Status: install ok installed"};
-    } END { print "" }
-    ' >> $tmp_out
+    $bsdtar -xf "$1" --to-stdout ./control | (
+        # Print first line
+        read -r line && echo "$line" && echo "Status: install ok installed"
+        # Print remaining lines, including the last one
+        while read -r line || [ -n "$line" ]; do
+            echo "$line"
+        done
+        echo ""
+    ) >> "$tmp_out"
     shift
 done
 
 echo "#mtree
 ./var/lib/dpkg/status type=file uid=0 gid=0 mode=0644 time=1672560000 contents=$tmp_out
-" | "$bsdtar" $@ -cf "$out" "@-"
+" | "$bsdtar" "$@" -cf "$out" "@-"
 
-rm $tmp_out
+$coreutils rm "$tmp_out"
diff --git a/apt/private/dpkg_statusd.bzl b/apt/private/dpkg_statusd.bzl
@@ -7,22 +7,31 @@ _DOC = """TODO: docs"""
 
 def _dpkg_statusd_impl(ctx):
     bsdtar = ctx.toolchains[tar_lib.TOOLCHAIN_TYPE]
+    coreutils = ctx.toolchains["@aspect_bazel_lib//lib:coreutils_toolchain_type"]
 
     ext = tar_lib.common.compression_to_extension[ctx.attr.compression] if ctx.attr.compression else ".tar"
     output = ctx.actions.declare_file(ctx.attr.name + ext)
 
     args = ctx.actions.args()
     args.add(bsdtar.tarinfo.binary)
+    args.add(coreutils.coreutils_info.bin.path)
     args.add(output)
     args.add(ctx.file.control)
     args.add(ctx.attr.package_name)
     tar_lib.common.add_compression_args(ctx.attr.compression, args)
 
+    tools = depset(
+        transitive = [
+            bsdtar.default.files,
+            depset([coreutils.coreutils_info.bin]),
+        ]
+    )
+
     ctx.actions.run(
         executable = ctx.executable._dpkg_statusd_sh,
         inputs = [ctx.file.control],
         outputs = [output],
-        tools = bsdtar.default.files,
+        tools = tools,
         arguments = [args],
     )
 
@@ -50,5 +59,8 @@ dpkg_statusd = rule(
         ),
     },
     implementation = _dpkg_statusd_impl,
-    toolchains = [tar_lib.TOOLCHAIN_TYPE],
+    toolchains = [
+        tar_lib.TOOLCHAIN_TYPE,
+        "@aspect_bazel_lib//lib:coreutils_toolchain_type",
+    ],
 )
diff --git a/apt/private/dpkg_statusd.sh b/apt/private/dpkg_statusd.sh
@@ -2,28 +2,40 @@
 set -o pipefail -o errexit -o nounset
 
 readonly bsdtar="$1"
-readonly out="$2"
-readonly control_path="$3"
-readonly package_name="$4"
-shift 4
+readonly coreutils="$2"
+readonly out="$3"
+readonly control_path="$4"
+readonly package_name="$5"
+shift 5
 
 include=(--include "^./control$" --include "^./md5sums$")
 
-tmp=$(mktemp -d)
+tmp=$($coreutils mktemp -d)
 "$bsdtar" -xf "$control_path" "${include[@]}" -C "$tmp"
 
-"$bsdtar" -cf - $@ --format=mtree "${include[@]}" --options '!gname,!uname,!sha1,!nlink,!time' "@$control_path" | \
-awk -v pkg="$package_name" '{ 
-    if ($1=="#mtree") {
-        print $1; next
-    };
-    # strip leading ./ prefix
-    sub(/^\.?\//, "", $1);
-
-    if ($1 ~ /^control/) {
-        $1 = "./var/lib/dpkg/status.d/" pkg " contents=./" $1; 
-    } else if ($1 ~ /^md5sums/) {
-        $1 = "./var/lib/dpkg/status.d/" pkg ".md5sums contents=./" $1; 
-    }
-    print $0
-}' | "$bsdtar" $@ -cf "$out" -C "$tmp/" @-
+"$bsdtar" -cf - "$@" --format=mtree "${include[@]}" --options '!gname,!uname,!sha1,!nlink,!time' "@$control_path" | \
+while IFS= read -r line; do
+   first_field=$(echo "$line" | cut -d' ' -f1) 
+   rest_of_line=$(echo "$line" | cut -d' ' -f2-)
+
+   if [ "$first_field" = "#mtree" ]; then
+       echo "$line"
+       continue
+   fi
+
+   # Strip leading ./ prefix using parameter expansion
+   first_field="${first_field/#.\//}"
+   first_field="${first_field/#\//}"
+
+   if [[ "$first_field" =~ ^control ]]; then
+       first_field="./var/lib/dpkg/status.d/${package_name} contents=./${first_field}"
+   elif [[ "$first_field" =~ ^md5sums ]]; then
+       first_field="./var/lib/dpkg/status.d/${package_name}.md5sums contents=./${first_field}"
+   fi
+
+   if [ -n "$rest_of_line" ]; then
+       echo "$first_field $rest_of_line"
+   else
+       echo "$first_field"
+   fi
+done | "$bsdtar" "$@" -cf "$out" -C "$tmp/" @-