diff --git a/MODULE.bazel b/MODULE.bazel index dd4c312..dd29958 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -17,7 +17,7 @@ bazel_dep(name = "buildifier_prebuilt", version = "8.2.0.2", dev_dependency = Tr bazel_dep(name = "stardoc", version = "0.8.0", dev_dependency = True, repo_name = "io_bazel_stardoc") toolchain = use_extension("//apko:extensions.bzl", "apko") -toolchain.toolchain(apko_version = "v0.30.22") +toolchain.toolchain(apko_version = "v0.30.32") use_repo(toolchain, "apko_toolchains") register_toolchains("@apko_toolchains//:all") diff --git a/apko/private/apk.bzl b/apko/private/apk.bzl index db26a91..37c4e84 100644 --- a/apko/private/apk.bzl +++ b/apko/private/apk.bzl @@ -189,8 +189,10 @@ def _cachePathFromURL(url): Mimicks https://github.com/chainguard-dev/go-apk/blob/7b08e8f3b0fcaa0f0a44757aedf23f6778cd8e4f/pkg/apk/cache.go#L326C6-L326C22 Is interprets URL as following path: {repo}/{arch}/{file} [but also used for keyring files that don't obey {arch} part]. + For RSA public key files (*.rsa.pub), the file is stored in a directory named after the full filename. + Examples: - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub -> https%3A%2F%2Fpackages.wolfi.dev%2F/os/wolfi-signing.rsa.pub + https://packages.wolfi.dev/os/wolfi-signing.rsa.pub -> https%3A%2F%2Fpackages.wolfi.dev%2F/os/wolfi-signing.rsa.pub/wolfi-signing.rsa.pub https://packages.wolfi.dev/os/aarch64/sqlite-libs-3.44.0-r0.apk -> https%3A%2F%2Fpackages.wolfi.dev%2Fos/arch64/sqlite-libs-3.44.0-r0.apk """ url_split = url.rsplit("/", 2) @@ -199,7 +201,13 @@ def _cachePathFromURL(url): # Seems the Apko adds additional "/" if the URL is short. repo += "/" repo_escaped = util.url_escape(repo) - return "{}/{}/{}".format(repo_escaped, url_split[1], url_split[2]) + filename = url_split[2] + + # For RSA public key files, store them in a directory named after the full filename + if filename.endswith(".rsa.pub"): + return "{}/{}/{}/{}".format(repo_escaped, url_split[1], filename, filename) + + return "{}/{}/{}".format(repo_escaped, url_split[1], filename) def _apk_keyring_impl(rctx): public_key = _cachePathFromURL(rctx.attr.url) diff --git a/apko/private/versions.bzl b/apko/private/versions.bzl index e46be83..234ec6e 100644 --- a/apko/private/versions.bzl +++ b/apko/private/versions.bzl @@ -3,11 +3,11 @@ # Add new versions by running # ./scripts/mirror_apko.sh APKO_VERSIONS = { - "v0.30.22": { - "darwin_amd64": "sha256-g7rbw7G/eRKq7N76dUl9Tr+449JQ92b2MCG4W9J6YJA=", - "darwin_arm64": "sha256-L2Bgc0rUZzvNmqj0zjsO0EBwJWzuKWYt2LD2w+bj4fw=", - "linux_386": "sha256-Nh+P8TXmb0OE5dDhvJBJ7jGgKqas4OSxnFjiE5A+aQE=", - "linux_amd64": "sha256-2H2ToTuuOHQSD/hGux3FZ5C6R9swk65aX4+QS8vQK1Q=", - "linux_arm64": "sha256-81H7VSHQuqn5WtJWICTHzgDvm/ynxE2gRbu0OHTRqK0=", + "v0.30.32": { + "darwin_amd64": "sha256-jt1VJHkF9JiExvzjgzLg0xmOVF92SsKLlmuKcUVOV3c=", + "darwin_arm64": "sha256-h5cMiTzvwaW+ynwDivmOSQdHq+meSgkJ60AfD9fcg1A=", + "linux_386": "sha256-cW1EQNcKCFYrWTd91NSXA6v5VbYzb4VblqROHhBerq8=", + "linux_amd64": "sha256-zygC0MGD5zA1iwTLtA9Eh8NS1N38Mnrnn81mSbYGTy4=", + "linux_arm64": "sha256-7Z+g+m7vXpnrRP4Uepar2M5iuKykbByE5S3olM0ZxSI=", }, } diff --git a/apko/tests/versions_test.bzl b/apko/tests/versions_test.bzl index bdca5aa..cce5332 100644 --- a/apko/tests/versions_test.bzl +++ b/apko/tests/versions_test.bzl @@ -7,7 +7,7 @@ load("//apko/private:versions.bzl", "APKO_VERSIONS") def _smoke_test_impl(ctx): env = unittest.begin(ctx) - asserts.equals(env, "v0.30.22", APKO_VERSIONS.keys()[0]) + asserts.equals(env, "v0.30.32", APKO_VERSIONS.keys()[0]) return unittest.end(env) # The unittest library requires that we export the test cases as named test rules,