From 2935707876d4e08794ca720972fa7349138dca3e Mon Sep 17 00:00:00 2001 From: Scott Blum Date: Wed, 5 Jan 2022 10:41:50 -0500 Subject: [PATCH 1/3] remove dependency on external python --- container/BUILD | 6 ++--- container/go/cmd/sha256/BUILD | 16 +++++++++++++ container/go/cmd/sha256/sha256.go | 39 +++++++++++++++++++++++++++++++ container/image.bzl | 2 +- container/import.bzl | 2 +- container/layer.bzl | 2 +- docker/util/run.bzl | 2 +- skylib/BUILD | 5 ++++ skylib/hash.bzl | 23 ++++++++++++++++++ 9 files changed, 90 insertions(+), 7 deletions(-) create mode 100644 container/go/cmd/sha256/BUILD create mode 100644 container/go/cmd/sha256/sha256.go create mode 100644 skylib/hash.bzl diff --git a/container/BUILD b/container/BUILD index 07bbbeb63..96d1831ce 100644 --- a/container/BUILD +++ b/container/BUILD @@ -99,10 +99,10 @@ bzl_library( ":layer_tools", ":providers", "//skylib:filetype", + "//skylib:hash", "//skylib:label", "//skylib:path", "@bazel_skylib//lib:dicts", - "@bazel_tools//tools/build_defs/hash:hash.bzl", ], ) @@ -113,9 +113,9 @@ bzl_library( ":layer_tools", ":providers", "//skylib:filetype", + "//skylib:hash", "//skylib:path", "//skylib:zip", - "@bazel_tools//tools/build_defs/hash:hash.bzl", ], ) @@ -126,9 +126,9 @@ bzl_library( ":layer_tools", ":providers", "//skylib:filetype", + "//skylib:hash", "//skylib:path", "//skylib:zip", - "@bazel_tools//tools/build_defs/hash:hash.bzl", ], ) diff --git a/container/go/cmd/sha256/BUILD b/container/go/cmd/sha256/BUILD new file mode 100644 index 000000000..06e321481 --- /dev/null +++ b/container/go/cmd/sha256/BUILD @@ -0,0 +1,16 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") + +# Build file for sha256 binary. + +go_library( + name = "go_default_library", + srcs = ["sha256.go"], + importpath = "github.com/bazelbuild/rules_docker/container/go/cmd/sha256", + visibility = ["//visibility:private"], +) + +go_binary( + name = "sha256", + embed = [":go_default_library"], + visibility = ["//visibility:public"], +) diff --git a/container/go/cmd/sha256/sha256.go b/container/go/cmd/sha256/sha256.go new file mode 100644 index 000000000..236c9a39d --- /dev/null +++ b/container/go/cmd/sha256/sha256.go @@ -0,0 +1,39 @@ +// Portable SHA256 tool. +package main + +import ( + "crypto/sha256" + "encoding/hex" + "flag" + "io" + "io/ioutil" + "log" + "os" +) + +func main() { + flag.Parse() + if len(os.Args) != 3 { + log.Fatalf("Usage: %s input output", os.Args[0]) + } + + inputfile, err := os.Open(os.Args[1]) + if err != nil { + log.Fatalf("error reading %s: %s", os.Args[1], err) + } + + h := sha256.New() + if _, err := io.Copy(h, inputfile); err != nil { + log.Fatalf("error reading %s: %s", os.Args[1], err) + } + + if err := inputfile.Close(); err != nil { + log.Fatalf("error reading %s: %s", os.Args[1], err) + } + sum := h.Sum(nil) + hexSum := hex.EncodeToString(sum) + + if err := ioutil.WriteFile(os.Args[2], []byte(hexSum), 0666); err != nil { + log.Fatalf("error writing %s: %s", os.Args[2], err) + } +} diff --git a/container/image.bzl b/container/image.bzl index 429f0c3af..fd2b72962 100644 --- a/container/image.bzl +++ b/container/image.bzl @@ -20,7 +20,7 @@ more specialized build leveraging the same implementation. load("@bazel_skylib//lib:dicts.bzl", "dicts") load( - "@bazel_tools//tools/build_defs/hash:hash.bzl", + "//skylib:hash.bzl", _hash_tools = "tools", _sha256 = "sha256", ) diff --git a/container/import.bzl b/container/import.bzl index ca610776b..d956df3d9 100644 --- a/container/import.bzl +++ b/container/import.bzl @@ -15,7 +15,7 @@ load("@bazel_skylib//lib:dicts.bzl", "dicts") load( - "@bazel_tools//tools/build_defs/hash:hash.bzl", + "//skylib:hash.bzl", _hash_tools = "tools", _sha256 = "sha256", ) diff --git a/container/layer.bzl b/container/layer.bzl index dc77da41c..c7f0445a5 100644 --- a/container/layer.bzl +++ b/container/layer.bzl @@ -15,7 +15,7 @@ load("@bazel_skylib//lib:dicts.bzl", "dicts") load( - "@bazel_tools//tools/build_defs/hash:hash.bzl", + "//skylib:hash.bzl", _hash_tools = "tools", _sha256 = "sha256", ) diff --git a/docker/util/run.bzl b/docker/util/run.bzl index 3eee2eb79..903ceb936 100644 --- a/docker/util/run.bzl +++ b/docker/util/run.bzl @@ -20,7 +20,7 @@ the host machine. load("@bazel_skylib//lib:dicts.bzl", "dicts") load( - "@bazel_tools//tools/build_defs/hash:hash.bzl", + "//skylib:hash.bzl", _hash_tools = "tools", ) load("@io_bazel_rules_docker//container:layer.bzl", "zip_layer") diff --git a/skylib/BUILD b/skylib/BUILD index 33f43a1fb..ea5f173f0 100644 --- a/skylib/BUILD +++ b/skylib/BUILD @@ -42,3 +42,8 @@ bzl_library( name = "zip", srcs = ["zip.bzl"], ) + +bzl_library( + name = "hash", + srcs = ["hash.bzl"], +) diff --git a/skylib/hash.bzl b/skylib/hash.bzl new file mode 100644 index 000000000..4e20a2c93 --- /dev/null +++ b/skylib/hash.bzl @@ -0,0 +1,23 @@ +"""Functions for producing the hash of an artifact.""" + +def sha256(ctx, artifact, execution_requirements = None): + """Create an action to compute the SHA-256 of an artifact.""" + out = ctx.actions.declare_file(artifact.basename + ".sha256") + ctx.actions.run( + executable = ctx.executable.sha256, + arguments = [artifact.path, out.path], + inputs = [artifact], + outputs = [out], + mnemonic = "SHA256", + execution_requirements = execution_requirements, + ) + return out + +tools = { + "sha256": attr.label( + default = Label("//container/go/cmd/sha256:sha256"), + cfg = "host", + executable = True, + allow_files = True, + ), +} From d256d6bee1bbacd03d7d601a09b144a8ed15e047 Mon Sep 17 00:00:00 2001 From: Scott Blum Date: Wed, 5 Jan 2022 11:44:12 -0500 Subject: [PATCH 2/3] test fix --- docs/container.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/container.md b/docs/container.md index 01c444210..2defe4488 100644 --- a/docs/container.md +++ b/docs/container.md @@ -87,7 +87,7 @@ A rule that imports a docker image into our intermediate form. | layers | The list of layer .tar.gz files in the order they appear in the config.json's layer section, or in the order that they appear in the Layers field of the docker save tarballs' manifest.json (these may or may not be gzipped).

Note that the layers should each have a different basename. | List of labels | required | | | manifest | - | Label | optional | None | | repository | - | String | optional | "bazel" | -| sha256 | - | Label | optional | //tools/build_defs/hash:sha256 | +| sha256 | - | Label | optional | //container/go/cmd/sha256:sha256 | @@ -126,7 +126,7 @@ A rule that assembles data into a tarball which can be use as in layers attr in | mtime | - | Integer | optional | -1 | | operating_system | - | String | optional | "linux" | | portable_mtime | - | Boolean | optional | False | -| sha256 | - | Label | optional | //tools/build_defs/hash:sha256 | +| sha256 | - | Label | optional | //container/go/cmd/sha256:sha256 | | symlinks | Symlinks to create in the Docker image.

For example,

symlinks = { "/path/to/link": "/path/to/target", ... }, | Dictionary: String -> String | optional | {} | | tars | Tar file to extract in the layer.

A list of tar files whose content should be in the Docker image. | List of labels | optional | [] | From 81f0f430d17769c81b46969b5263354af93c429d Mon Sep 17 00:00:00 2001 From: Scott Blum Date: Wed, 19 Jan 2022 15:40:32 -0500 Subject: [PATCH 3/3] add copyright and docs --- container/go/cmd/sha256/sha256.go | 19 ++++++++++++++++++- skylib/hash.bzl | 21 ++++++++++++++++++++- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/container/go/cmd/sha256/sha256.go b/container/go/cmd/sha256/sha256.go index 236c9a39d..e9773f8aa 100644 --- a/container/go/cmd/sha256/sha256.go +++ b/container/go/cmd/sha256/sha256.go @@ -1,4 +1,21 @@ -// Portable SHA256 tool. +// Copyright 2022 The Bazel Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +////////////////////////////////////////////////////////////////////// +// This binary computes SHA256 for //skylib:hash.bzl +// +// Drop-in replacement for @bazel_tools//tools/build_defs/hash:sha256.py +// See: https://github.com/bazelbuild/bazel/blob/master/tools/build_defs/hash/sha256.py package main import ( diff --git a/skylib/hash.bzl b/skylib/hash.bzl index 4e20a2c93..3f27c357d 100644 --- a/skylib/hash.bzl +++ b/skylib/hash.bzl @@ -1,4 +1,23 @@ -"""Functions for producing the hash of an artifact.""" +# Copyright 2022 The Bazel Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Functions for producing the hash of an artifact. + +Drop-in replacement for @bazel_tools//tools/build_defs/hash:hash.bzl +See: https://github.com/bazelbuild/bazel/blob/master/tools/build_defs/hash/hash.bzl + +Computes SHA256 without depending on Python. +""" def sha256(ctx, artifact, execution_requirements = None): """Create an action to compute the SHA-256 of an artifact."""