apko
apko copied to clipboard
chainguard-dev
`apko lock` includes @ label in repository url
Given a .yaml definition as such:
contents:
keyring:
- https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
- https://packages.sgdev.org/sourcegraph-melange-prod.rsa.pub
repositories:
- https://packages.wolfi.dev/os
- '@sourcegraph https://packages.sgdev.org/main'
...
apko lock generates a lock file as such:
{
"version": "v1",
"contents": {
// ...
"repositories": [
{
"name": "packages.wolfi.dev/os/x86_64",
"url": "https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz",
"architecture": "x86_64"
},
{
"name": "@sourcegraph https://packages.sgdev.org/main/x86_64",
"url": "@sourcegraph https://packages.sgdev.org/main/x86_64/APKINDEX.tar.gz",
"architecture": "x86_64"
}
],
// ...
}
}
Which is problematic when used as part of https://github.com/chainguard-dev/rules_apko:
INFO: Repository gitserver_lock_at_sourcegraph_https___packages.sgdev.org_main_x86_64_x86_64 instantiated at:
/Users/noah/Sourcegraph/sourcegraph/WORKSPACE:533:18: in <toplevel>
/private/var/tmp/_bazel_noah/dcf2fbfa8ce2981c9fc4201fa6327d3b/external/gitserver_lock/repositories.bzl:895:19: in apko_repositories
Repository rule apk_repository defined at:
/private/var/tmp/_bazel_noah/dcf2fbfa8ce2981c9fc4201fa6327d3b/external/rules_apko/apko/private/apk.bzl:122:33: in <toplevel>
ERROR: An error occurred during the fetch of repository 'gitserver_lock_at_sourcegraph_https___packages.sgdev.org_main_x86_64_x86_64':
Traceback (most recent call last):
File "/private/var/tmp/_bazel_noah/dcf2fbfa8ce2981c9fc4201fa6327d3b/external/rules_apko/apko/private/apk.bzl", line 116, column 18, in _apk_repository_impl
rctx.download(
Error in download: java.io.IOException: Bad URL: @sourcegraph https://packages.sgdev.org/main/x86_64/APKINDEX.tar.gz
ERROR: /Users/noah/Sourcegraph/sourcegraph/WORKSPACE:533:18: fetching apk_repository rule //external:gitserver_lock_at_sourcegraph_https___packages.sgdev.org_main_x86_64_x86_64: Traceback (most recent call last):
File "/private/var/tmp/_bazel_noah/dcf2fbfa8ce2981c9fc4201fa6327d3b/external/rules_apko/apko/private/apk.bzl", line 116, column 18, in _apk_repository_impl
rctx.download(
Error in download: java.io.IOException: Bad URL: @sourcegraph https://packages.sgdev.org/main/x86_64/APKINDEX.tar.gz
ERROR: no such package '@@gitserver_lock_at_sourcegraph_https___packages.sgdev.org_main_x86_64_x86_64//': java.io.IOException: Bad URL: @sourcegraph https://packages.sgdev.org/main/x86_64/APKINDEX.tar.gz
I've been able to work around it with a patch to rules_apko (easier to distribute than making everyone have a patched apko binary), but ideally there'd be a more permanent fix 🙂
diff --git a/apko/private/apk.bzl b/apko/private/apk.bzl
index ebd9780..0592e25 100644
--- a/apko/private/apk.bzl
+++ b/apko/private/apk.bzl
@@ -16,8 +16,13 @@ def _range(url, range):
def _check_initial_setup(rctx):
output = rctx.path(".rangecheck/output")
+
+ url = rctx.attr.url
+ if url[0] == '@':
+ url = url.partition(' ')[2]
+
rctx.download(
- url = [_range(rctx.attr.url, "bytes=0-0")],
+ url = [_range(url, "bytes=0-0")],
output = output,
)
r = rctx.execute(["wc", "-c", output])
@@ -40,7 +45,11 @@ To resolve this issue and enable partial package fetching, please follow the ste
""".format(bytes[0]))
def _apk_import_impl(rctx):
- repo = util.repo_url(rctx.attr.url, rctx.attr.architecture)
+ url = rctx.attr.url
+ if url[0] == '@':
+ url = url.partition(' ')[2]
+
+ repo = util.repo_url(url, rctx.attr.architecture)
repo_escaped = util.url_escape(repo)
output = "{}/{}/{}-{}".format(repo_escaped, rctx.attr.architecture, rctx.attr.package_name, rctx.attr.version)
@@ -54,18 +63,18 @@ def _apk_import_impl(rctx):
apk_output = "{}/{}/{}-{}.apk".format(repo_escaped, rctx.attr.architecture, rctx.attr.package_name, rctx.attr.version)
rctx.download(
- url = [_range(rctx.attr.url, rctx.attr.signature_range)],
+ url = [_range(url, rctx.attr.signature_range)],
output = sig_output,
# TODO: signatures does not have stable checksums. find a way to fail gracefully.
integrity = rctx.attr.signature_checksum,
)
rctx.download(
- url = [_range(rctx.attr.url, rctx.attr.control_range)],
+ url = [_range(url, rctx.attr.control_range)],
output = control_output,
integrity = rctx.attr.control_checksum,
)
rctx.download(
- url = [_range(rctx.attr.url, rctx.attr.data_range)],
+ url = [_range(url, rctx.attr.data_range)],
output = data_output,
integrity = rctx.attr.data_checksum,
)
@@ -105,11 +114,16 @@ filegroup(
"""
def _apk_repository_impl(rctx):
- repo = util.repo_url(rctx.attr.url, rctx.attr.architecture)
+ url = rctx.attr.url
+ if url[0] == '@':
+ url = url.partition(' ')[2]
+
+ repo = util.repo_url(url, rctx.attr.architecture)
repo_escaped = util.url_escape(repo)
_check_initial_setup(rctx)
+
rctx.download(
- url = [rctx.attr.url],
+ url = [url],
output = "{}/{}/APKINDEX/latest.tar.gz".format(repo_escaped, rctx.attr.architecture),
)
rctx.file("BUILD.bazel", APK_REPOSITORY_TMPL)
@@ -151,8 +165,11 @@ def _cachePathFromURL(url):
return "{}/{}/{}".format(repo_escaped, url_split[1], url_split[2])
def _apk_keyring_impl(rctx):
- public_key = _cachePathFromURL(rctx.attr.url)
- rctx.download(url = [rctx.attr.url], output = public_key)
+ url = rctx.attr.url
+ if url[0] == '@':
+ url = url.partition(' ')[2]
+ public_key = _cachePathFromURL(url)
+ rctx.download(url = [url], output = public_key)
rctx.file("BUILD.bazel", APK_KEYRING_TMPL.format(public_key = public_key))
apk_keyring = repository_rule(
Is this in the pipeline to get fixed? I'm encountering the same issue trying to use rules_apko
