mirror of https://github.com/apache/cloudstack.git
20e880c5f6
cks: harden ISO build script with pipefail, --fail, and strict mode: - Replace 'set -e' with 'set -o errexit', 'set -o nounset', 'set -o pipefail'; - Add TRACE env var support for debug with 'set -o xtrace'; - Add --fail (-f) flag to curl commands in pipelines to prevent silent; - Add --fail and tar.gz integrity validation for etcd download; - Fix ARCH validation error message to list all accepted values (x86_64, amd64, aarch64, arm64). cks: fix semver comparison using sort -V instead of awk: - Replace awk numeric comparison with a sort -V based version_lt() function. The previous approach treated '1.9.0' as 1.9 and '1.18.0' as 1.18, making 1.9 > 1.18 and selecting the wrong source for kubelet.service and 10-kubeadm.conf. cks: vendor kubelet.service and 10-kubeadm.conf to reduce supply-chain risk: - Vendor kubelet.service and 10-kubeadm.conf from shapeblue/cloudstack-nonoss into the repository instead of fetching them at build time from a mutable remote branch. These files are executed with root privileges as systemd units, and pinning to a mutable branch without checksum verification posed a supply-chain risk. cks: only add Cilium Helm repo if not already configured: - Replace 'helm repo add ... || true' with an explicit check via 'helm repo list'. The previous approach suppressed all failures (including network/DNS errors), which could cause a later, less-clear failure during 'helm template'. cks: move Cilium ISO script to scripts/util/cks/ and add download progress: - Move create-kubernetes-binaries-iso-with-cilium.sh to scripts/util/cks/ alongside vendored kubelet.service and 10-kubeadm.conf; - Download kubeadm, kubelet, kubectl individually with --progress-bar for visibility during long downloads. |
||
|---|---|---|
| .. | ||
| 10-kubeadm.conf | ||
| create-kubernetes-binaries-iso-with-cilium.sh | ||
| kubelet.service | ||