From b4279c71b6936e10743f18a10d3d5648d5a3b82e Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Wed, 17 Dec 2025 01:37:29 +0000 Subject: [PATCH 1/2] automated: Update to new apko release Signed-off-by: octo-sts[bot] <157150467+octo-sts[bot]@users.noreply.github.com> --- MODULE.bazel | 2 +- apko/private/versions.bzl | 12 ++++++------ apko/tests/versions_test.bzl | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index dd4c312..dd29958 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -17,7 +17,7 @@ bazel_dep(name = "buildifier_prebuilt", version = "8.2.0.2", dev_dependency = Tr bazel_dep(name = "stardoc", version = "0.8.0", dev_dependency = True, repo_name = "io_bazel_stardoc") toolchain = use_extension("//apko:extensions.bzl", "apko") -toolchain.toolchain(apko_version = "v0.30.22") +toolchain.toolchain(apko_version = "v0.30.32") use_repo(toolchain, "apko_toolchains") register_toolchains("@apko_toolchains//:all") diff --git a/apko/private/versions.bzl b/apko/private/versions.bzl index e46be83..234ec6e 100644 --- a/apko/private/versions.bzl +++ b/apko/private/versions.bzl @@ -3,11 +3,11 @@ # Add new versions by running # ./scripts/mirror_apko.sh APKO_VERSIONS = { - "v0.30.22": { - "darwin_amd64": "sha256-g7rbw7G/eRKq7N76dUl9Tr+449JQ92b2MCG4W9J6YJA=", - "darwin_arm64": "sha256-L2Bgc0rUZzvNmqj0zjsO0EBwJWzuKWYt2LD2w+bj4fw=", - "linux_386": "sha256-Nh+P8TXmb0OE5dDhvJBJ7jGgKqas4OSxnFjiE5A+aQE=", - "linux_amd64": "sha256-2H2ToTuuOHQSD/hGux3FZ5C6R9swk65aX4+QS8vQK1Q=", - "linux_arm64": "sha256-81H7VSHQuqn5WtJWICTHzgDvm/ynxE2gRbu0OHTRqK0=", + "v0.30.32": { + "darwin_amd64": "sha256-jt1VJHkF9JiExvzjgzLg0xmOVF92SsKLlmuKcUVOV3c=", + "darwin_arm64": "sha256-h5cMiTzvwaW+ynwDivmOSQdHq+meSgkJ60AfD9fcg1A=", + "linux_386": "sha256-cW1EQNcKCFYrWTd91NSXA6v5VbYzb4VblqROHhBerq8=", + "linux_amd64": "sha256-zygC0MGD5zA1iwTLtA9Eh8NS1N38Mnrnn81mSbYGTy4=", + "linux_arm64": "sha256-7Z+g+m7vXpnrRP4Uepar2M5iuKykbByE5S3olM0ZxSI=", }, } diff --git a/apko/tests/versions_test.bzl b/apko/tests/versions_test.bzl index bdca5aa..cce5332 100644 --- a/apko/tests/versions_test.bzl +++ b/apko/tests/versions_test.bzl @@ -7,7 +7,7 @@ load("//apko/private:versions.bzl", "APKO_VERSIONS") def _smoke_test_impl(ctx): env = unittest.begin(ctx) - asserts.equals(env, "v0.30.22", APKO_VERSIONS.keys()[0]) + asserts.equals(env, "v0.30.32", APKO_VERSIONS.keys()[0]) return unittest.end(env) # The unittest library requires that we export the test cases as named test rules, From ac7c5506d7603ac8d9787ca11912bc2fe55dffda Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Fri, 12 Dec 2025 22:23:42 +0000 Subject: [PATCH 2/2] Update for new key cashing structure --- apko/private/apk.bzl | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/apko/private/apk.bzl b/apko/private/apk.bzl index db26a91..37c4e84 100644 --- a/apko/private/apk.bzl +++ b/apko/private/apk.bzl @@ -189,8 +189,10 @@ def _cachePathFromURL(url): Mimicks https://github.com/chainguard-dev/go-apk/blob/7b08e8f3b0fcaa0f0a44757aedf23f6778cd8e4f/pkg/apk/cache.go#L326C6-L326C22 Is interprets URL as following path: {repo}/{arch}/{file} [but also used for keyring files that don't obey {arch} part]. + For RSA public key files (*.rsa.pub), the file is stored in a directory named after the full filename. + Examples: - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub -> https%3A%2F%2Fpackages.wolfi.dev%2F/os/wolfi-signing.rsa.pub + https://packages.wolfi.dev/os/wolfi-signing.rsa.pub -> https%3A%2F%2Fpackages.wolfi.dev%2F/os/wolfi-signing.rsa.pub/wolfi-signing.rsa.pub https://packages.wolfi.dev/os/aarch64/sqlite-libs-3.44.0-r0.apk -> https%3A%2F%2Fpackages.wolfi.dev%2Fos/arch64/sqlite-libs-3.44.0-r0.apk """ url_split = url.rsplit("/", 2) @@ -199,7 +201,13 @@ def _cachePathFromURL(url): # Seems the Apko adds additional "/" if the URL is short. repo += "/" repo_escaped = util.url_escape(repo) - return "{}/{}/{}".format(repo_escaped, url_split[1], url_split[2]) + filename = url_split[2] + + # For RSA public key files, store them in a directory named after the full filename + if filename.endswith(".rsa.pub"): + return "{}/{}/{}/{}".format(repo_escaped, url_split[1], filename, filename) + + return "{}/{}/{}".format(repo_escaped, url_split[1], filename) def _apk_keyring_impl(rctx): public_key = _cachePathFromURL(rctx.attr.url)