diff --git a/images/linux/scripts/installers/aws.sh b/images/linux/scripts/installers/aws.sh index 6bf8898f..7cb8d67c 100644 --- a/images/linux/scripts/installers/aws.sh +++ b/images/linux/scripts/installers/aws.sh @@ -2,6 +2,7 @@ ################################################################################ ## File: aws.sh ## Desc: Installs the AWS CLI, Session Manager plugin for the AWS CLI, and AWS SAM CLI +## Supply chain security: AWS SAM CLI - checksum validation ################################################################################ # Source the helpers for use with the script @@ -15,11 +16,16 @@ unzip -qq /tmp/awscliv2.zip -d /tmp download_with_retries "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" "/tmp" "session-manager-plugin.deb" apt install /tmp/session-manager-plugin.deb -# Download & install the latest aws sam cli release -zipName="aws-sam-cli-linux-x86_64.zip" -zipUrl="https://github.com/aws/aws-sam-cli/releases/latest/download/${zipName}" -download_with_retries $zipUrl "/tmp" $zipName -unzip /tmp/${zipName} -d /tmp +# Download the latest aws sam cli release +aws_sam_cli_zip_name="aws-sam-cli-linux-x86_64.zip" +download_with_retries "https://github.com/aws/aws-sam-cli/releases/latest/download/${aws_sam_cli_zip_name}" "/tmp" $aws_sam_cli_zip_name + +# Supply chain security - AWS SAM CLI +aws_sam_cli_hash=$(get_github_package_hash "aws" "aws-sam-cli" "${aws_sam_cli_zip_name}.. ") +use_checksum_comparison "/tmp/${aws_sam_cli_zip_name}" "$aws_sam_cli_hash" + +# Install the latest aws sam cli release +unzip /tmp/${aws_sam_cli_zip_name} -d /tmp /tmp/install invoke_tests "CLI.Tools" "AWS" diff --git a/images/linux/scripts/installers/kotlin.sh b/images/linux/scripts/installers/kotlin.sh index c7d0253f..59b3f889 100644 --- a/images/linux/scripts/installers/kotlin.sh +++ b/images/linux/scripts/installers/kotlin.sh @@ -2,16 +2,22 @@ ################################################################################ ## File: kotlin.sh ## Desc: Installs Kotlin +## Supply chain security: Kotlin - checksum validation ################################################################################ source $HELPER_SCRIPTS/install.sh KOTLIN_ROOT="/usr/share" -downloadUrl=$(get_github_package_download_url "JetBrains/kotlin" "contains(\"kotlin-compiler\")") -download_with_retries "$downloadUrl" "/tmp" +kotlin_zip_name="kotlin-compiler.zip" +download_url=$(get_github_package_download_url "JetBrains/kotlin" "contains(\"kotlin-compiler\")") +download_with_retries "$download_url" "/tmp" "$kotlin_zip_name" -unzip -qq /tmp/kotlin-compiler*.zip -d $KOTLIN_ROOT +# Supply chain security - Kotlin +kotlin_hash=$(get_github_package_hash "JetBrains" "kotlin" "kotlin-compiler" "" "latest" "false" "|" 3) +use_checksum_comparison "/tmp/${kotlin_zip_name}" "$kotlin_hash" + +unzip -qq /tmp/${kotlin_zip_name} -d $KOTLIN_ROOT rm $KOTLIN_ROOT/kotlinc/bin/*.bat ln -sf $KOTLIN_ROOT/kotlinc/bin/* /usr/bin -invoke_tests "Tools" "Kotlin" \ No newline at end of file +invoke_tests "Tools" "Kotlin" diff --git a/images/linux/scripts/installers/kubernetes-tools.sh b/images/linux/scripts/installers/kubernetes-tools.sh index b79f0520..3858061a 100644 --- a/images/linux/scripts/installers/kubernetes-tools.sh +++ b/images/linux/scripts/installers/kubernetes-tools.sh @@ -2,6 +2,7 @@ ################################################################################ ## File: kubernetes-tools.sh ## Desc: Installs kubectl, helm, kustomize +## Supply chain security: minikube - checksum validation ################################################################################ # Source the helpers for use with the script @@ -24,6 +25,11 @@ curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 # Install minikube curl -fsSL -O https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 + +# Supply chain security - minikube +minikube_hash=$(get_github_package_hash "kubernetes" "minikube" "linux-amd64" "" "latest" "false" ":" 2) +use_checksum_comparison "minikube-linux-amd64" "$minikube_hash" + sudo install minikube-linux-amd64 /usr/local/bin/minikube # Install kustomize