richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7707 Commits
29 Branches
81 Tags
150 MiB
Branch: release-2.25
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'release-2.25'
${ noResults }
kubespray/scripts/download_hash.py

205 lines
9.7 KiB
Raw Permalink Normal View History

Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
Fix the path of download.yml (#10711) Signed-off-by: tu1h <lihai.tu@daocloud.io>
11 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
[release-2.25] Refactor and expand download_hash.py (#11539) * download_hash.py: generalized and data-driven The script is currently limited to one hardcoded URL for kubernetes related binaries, and a fixed set of architectures. The solution is three-fold: 1. Use an url template dictionary for each download -> this allow to easily add support for new downloads. 2. Source the architectures to search from the existing data 3. Enumerate the existing versions in the data and start searching from the last one until no newer version is found (newer in the version order sense, irrespective of actual age) * download_hash.py: support for 'multi-hash' file + runc runc upstream does not provide one hash file per assets in their releases, but one file with all the hashes. To handle this (and/or any arbitrary format from upstreams), add a dictionary mapping the name of the download to a lambda function which transform the file provided by upstream into a dictionary of hashes, keyed by architecture. * download_hash: argument handling with argparse Allow the script to be called with a list of components, to only download new versions checksums for those. By default, we get new versions checksums for all supported (by the script) components. * download_hash: propagate new patch versions to all archs * download_hash: add support for 'simple hash' components * download_hash: support 'multi-hash' components * download_hash: document missing support * download_hash: use persistent session This allows to reuse http connection and be more efficient. From rough measuring it saves around 25-30% of execution time. * download_hash: cache request for 'multi-hash' files This avoid re-downloading the same file for different arch and re-parsing it * download_hash: document usage --------- Co-authored-by: Max Gautier <mg@max.gautier.name>
2 months ago
Download hash script: auto discover versions (#10849) * Download patches version automatically from a minor * Automate versions discovery for hash download * Small refactoring
10 months ago
[release-2.25] Refactor and expand download_hash.py (#11539) * download_hash.py: generalized and data-driven The script is currently limited to one hardcoded URL for kubernetes related binaries, and a fixed set of architectures. The solution is three-fold: 1. Use an url template dictionary for each download -> this allow to easily add support for new downloads. 2. Source the architectures to search from the existing data 3. Enumerate the existing versions in the data and start searching from the last one until no newer version is found (newer in the version order sense, irrespective of actual age) * download_hash.py: support for 'multi-hash' file + runc runc upstream does not provide one hash file per assets in their releases, but one file with all the hashes. To handle this (and/or any arbitrary format from upstreams), add a dictionary mapping the name of the download to a lambda function which transform the file provided by upstream into a dictionary of hashes, keyed by architecture. * download_hash: argument handling with argparse Allow the script to be called with a list of components, to only download new versions checksums for those. By default, we get new versions checksums for all supported (by the script) components. * download_hash: propagate new patch versions to all archs * download_hash: add support for 'simple hash' components * download_hash: support 'multi-hash' components * download_hash: document missing support * download_hash: use persistent session This allows to reuse http connection and be more efficient. From rough measuring it saves around 25-30% of execution time. * download_hash: cache request for 'multi-hash' files This avoid re-downloading the same file for different arch and re-parsing it * download_hash: document usage --------- Co-authored-by: Max Gautier <mg@max.gautier.name>
2 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
Download hash script: auto discover versions (#10849) * Download patches version automatically from a minor * Automate versions discovery for hash download * Small refactoring
10 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
chore: improve performance of python script for hash download (#10335) The old version of the script downloaded all binaries and generated file checksums locally. This was a slow process since all binaries of all architectures needed to be downloaded. The new version simply downloads the .sha256 files containing the binary checksum in text form which saves a lot of traffic and time.
10 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
chore: improve performance of python script for hash download (#10335) The old version of the script downloaded all binaries and generated file checksums locally. This was a slow process since all binaries of all architectures needed to be downloaded. The new version simply downloads the .sha256 files containing the binary checksum in text form which saves a lot of traffic and time.
10 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
chore: improve performance of python script for hash download (#10335) The old version of the script downloaded all binaries and generated file checksums locally. This was a slow process since all binaries of all architectures needed to be downloaded. The new version simply downloads the .sha256 files containing the binary checksum in text form which saves a lot of traffic and time.
10 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
[release-2.25] Refactor and expand download_hash.py (#11539) * download_hash.py: generalized and data-driven The script is currently limited to one hardcoded URL for kubernetes related binaries, and a fixed set of architectures. The solution is three-fold: 1. Use an url template dictionary for each download -> this allow to easily add support for new downloads. 2. Source the architectures to search from the existing data 3. Enumerate the existing versions in the data and start searching from the last one until no newer version is found (newer in the version order sense, irrespective of actual age) * download_hash.py: support for 'multi-hash' file + runc runc upstream does not provide one hash file per assets in their releases, but one file with all the hashes. To handle this (and/or any arbitrary format from upstreams), add a dictionary mapping the name of the download to a lambda function which transform the file provided by upstream into a dictionary of hashes, keyed by architecture. * download_hash: argument handling with argparse Allow the script to be called with a list of components, to only download new versions checksums for those. By default, we get new versions checksums for all supported (by the script) components. * download_hash: propagate new patch versions to all archs * download_hash: add support for 'simple hash' components * download_hash: support 'multi-hash' components * download_hash: document missing support * download_hash: use persistent session This allows to reuse http connection and be more efficient. From rough measuring it saves around 25-30% of execution time. * download_hash: cache request for 'multi-hash' files This avoid re-downloading the same file for different arch and re-parsing it * download_hash: document usage --------- Co-authored-by: Max Gautier <mg@max.gautier.name>
2 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
chore: improve performance of python script for hash download (#10335) The old version of the script downloaded all binaries and generated file checksums locally. This was a slow process since all binaries of all architectures needed to be downloaded. The new version simply downloads the .sha256 files containing the binary checksum in text form which saves a lot of traffic and time.
10 months ago
[release-2.25] Refactor and expand download_hash.py (#11539) * download_hash.py: generalized and data-driven The script is currently limited to one hardcoded URL for kubernetes related binaries, and a fixed set of architectures. The solution is three-fold: 1. Use an url template dictionary for each download -> this allow to easily add support for new downloads. 2. Source the architectures to search from the existing data 3. Enumerate the existing versions in the data and start searching from the last one until no newer version is found (newer in the version order sense, irrespective of actual age) * download_hash.py: support for 'multi-hash' file + runc runc upstream does not provide one hash file per assets in their releases, but one file with all the hashes. To handle this (and/or any arbitrary format from upstreams), add a dictionary mapping the name of the download to a lambda function which transform the file provided by upstream into a dictionary of hashes, keyed by architecture. * download_hash: argument handling with argparse Allow the script to be called with a list of components, to only download new versions checksums for those. By default, we get new versions checksums for all supported (by the script) components. * download_hash: propagate new patch versions to all archs * download_hash: add support for 'simple hash' components * download_hash: support 'multi-hash' components * download_hash: document missing support * download_hash: use persistent session This allows to reuse http connection and be more efficient. From rough measuring it saves around 25-30% of execution time. * download_hash: cache request for 'multi-hash' files This avoid re-downloading the same file for different arch and re-parsing it * download_hash: document usage --------- Co-authored-by: Max Gautier <mg@max.gautier.name>
2 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
[release-2.25] Refactor and expand download_hash.py (#11539) * download_hash.py: generalized and data-driven The script is currently limited to one hardcoded URL for kubernetes related binaries, and a fixed set of architectures. The solution is three-fold: 1. Use an url template dictionary for each download -> this allow to easily add support for new downloads. 2. Source the architectures to search from the existing data 3. Enumerate the existing versions in the data and start searching from the last one until no newer version is found (newer in the version order sense, irrespective of actual age) * download_hash.py: support for 'multi-hash' file + runc runc upstream does not provide one hash file per assets in their releases, but one file with all the hashes. To handle this (and/or any arbitrary format from upstreams), add a dictionary mapping the name of the download to a lambda function which transform the file provided by upstream into a dictionary of hashes, keyed by architecture. * download_hash: argument handling with argparse Allow the script to be called with a list of components, to only download new versions checksums for those. By default, we get new versions checksums for all supported (by the script) components. * download_hash: propagate new patch versions to all archs * download_hash: add support for 'simple hash' components * download_hash: support 'multi-hash' components * download_hash: document missing support * download_hash: use persistent session This allows to reuse http connection and be more efficient. From rough measuring it saves around 25-30% of execution time. * download_hash: cache request for 'multi-hash' files This avoid re-downloading the same file for different arch and re-parsing it * download_hash: document usage --------- Co-authored-by: Max Gautier <mg@max.gautier.name>
2 months ago
Download hash script: auto discover versions (#10849) * Download patches version automatically from a minor * Automate versions discovery for hash download * Small refactoring
10 months ago
[release-2.25] Refactor and expand download_hash.py (#11539) * download_hash.py: generalized and data-driven The script is currently limited to one hardcoded URL for kubernetes related binaries, and a fixed set of architectures. The solution is three-fold: 1. Use an url template dictionary for each download -> this allow to easily add support for new downloads. 2. Source the architectures to search from the existing data 3. Enumerate the existing versions in the data and start searching from the last one until no newer version is found (newer in the version order sense, irrespective of actual age) * download_hash.py: support for 'multi-hash' file + runc runc upstream does not provide one hash file per assets in their releases, but one file with all the hashes. To handle this (and/or any arbitrary format from upstreams), add a dictionary mapping the name of the download to a lambda function which transform the file provided by upstream into a dictionary of hashes, keyed by architecture. * download_hash: argument handling with argparse Allow the script to be called with a list of components, to only download new versions checksums for those. By default, we get new versions checksums for all supported (by the script) components. * download_hash: propagate new patch versions to all archs * download_hash: add support for 'simple hash' components * download_hash: support 'multi-hash' components * download_hash: document missing support * download_hash: use persistent session This allows to reuse http connection and be more efficient. From rough measuring it saves around 25-30% of execution time. * download_hash: cache request for 'multi-hash' files This avoid re-downloading the same file for different arch and re-parsing it * download_hash: document usage --------- Co-authored-by: Max Gautier <mg@max.gautier.name>
2 months ago
Download hash script: auto discover versions (#10849) * Download patches version automatically from a minor * Automate versions discovery for hash download * Small refactoring
10 months ago
[release-2.25] Refactor and expand download_hash.py (#11539) * download_hash.py: generalized and data-driven The script is currently limited to one hardcoded URL for kubernetes related binaries, and a fixed set of architectures. The solution is three-fold: 1. Use an url template dictionary for each download -> this allow to easily add support for new downloads. 2. Source the architectures to search from the existing data 3. Enumerate the existing versions in the data and start searching from the last one until no newer version is found (newer in the version order sense, irrespective of actual age) * download_hash.py: support for 'multi-hash' file + runc runc upstream does not provide one hash file per assets in their releases, but one file with all the hashes. To handle this (and/or any arbitrary format from upstreams), add a dictionary mapping the name of the download to a lambda function which transform the file provided by upstream into a dictionary of hashes, keyed by architecture. * download_hash: argument handling with argparse Allow the script to be called with a list of components, to only download new versions checksums for those. By default, we get new versions checksums for all supported (by the script) components. * download_hash: propagate new patch versions to all archs * download_hash: add support for 'simple hash' components * download_hash: support 'multi-hash' components * download_hash: document missing support * download_hash: use persistent session This allows to reuse http connection and be more efficient. From rough measuring it saves around 25-30% of execution time. * download_hash: cache request for 'multi-hash' files This avoid re-downloading the same file for different arch and re-parsing it * download_hash: document usage --------- Co-authored-by: Max Gautier <mg@max.gautier.name>
2 months ago
Download hash script: auto discover versions (#10849) * Download patches version automatically from a minor * Automate versions discovery for hash download * Small refactoring
10 months ago
[release-2.25] Refactor and expand download_hash.py (#11539) * download_hash.py: generalized and data-driven The script is currently limited to one hardcoded URL for kubernetes related binaries, and a fixed set of architectures. The solution is three-fold: 1. Use an url template dictionary for each download -> this allow to easily add support for new downloads. 2. Source the architectures to search from the existing data 3. Enumerate the existing versions in the data and start searching from the last one until no newer version is found (newer in the version order sense, irrespective of actual age) * download_hash.py: support for 'multi-hash' file + runc runc upstream does not provide one hash file per assets in their releases, but one file with all the hashes. To handle this (and/or any arbitrary format from upstreams), add a dictionary mapping the name of the download to a lambda function which transform the file provided by upstream into a dictionary of hashes, keyed by architecture. * download_hash: argument handling with argparse Allow the script to be called with a list of components, to only download new versions checksums for those. By default, we get new versions checksums for all supported (by the script) components. * download_hash: propagate new patch versions to all archs * download_hash: add support for 'simple hash' components * download_hash: support 'multi-hash' components * download_hash: document missing support * download_hash: use persistent session This allows to reuse http connection and be more efficient. From rough measuring it saves around 25-30% of execution time. * download_hash: cache request for 'multi-hash' files This avoid re-downloading the same file for different arch and re-parsing it * download_hash: document usage --------- Co-authored-by: Max Gautier <mg@max.gautier.name>
2 months ago
Download hash script: auto discover versions (#10849) * Download patches version automatically from a minor * Automate versions discovery for hash download * Small refactoring
10 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
chore: improve performance of python script for hash download (#10335) The old version of the script downloaded all binaries and generated file checksums locally. This was a slow process since all binaries of all architectures needed to be downloaded. The new version simply downloads the .sha256 files containing the binary checksum in text form which saves a lot of traffic and time.
10 months ago
Rewrite download_hash in Python (#5995) - Directly update the main.yml file with the new hashes.
4 years ago
[release-2.25] Refactor and expand download_hash.py (#11539) * download_hash.py: generalized and data-driven The script is currently limited to one hardcoded URL for kubernetes related binaries, and a fixed set of architectures. The solution is three-fold: 1. Use an url template dictionary for each download -> this allow to easily add support for new downloads. 2. Source the architectures to search from the existing data 3. Enumerate the existing versions in the data and start searching from the last one until no newer version is found (newer in the version order sense, irrespective of actual age) * download_hash.py: support for 'multi-hash' file + runc runc upstream does not provide one hash file per assets in their releases, but one file with all the hashes. To handle this (and/or any arbitrary format from upstreams), add a dictionary mapping the name of the download to a lambda function which transform the file provided by upstream into a dictionary of hashes, keyed by architecture. * download_hash: argument handling with argparse Allow the script to be called with a list of components, to only download new versions checksums for those. By default, we get new versions checksums for all supported (by the script) components. * download_hash: propagate new patch versions to all archs * download_hash: add support for 'simple hash' components * download_hash: support 'multi-hash' components * download_hash: document missing support * download_hash: use persistent session This allows to reuse http connection and be more efficient. From rough measuring it saves around 25-30% of execution time. * download_hash: cache request for 'multi-hash' files This avoid re-downloading the same file for different arch and re-parsing it * download_hash: document usage --------- Co-authored-by: Max Gautier <mg@max.gautier.name>
2 months ago
  1. #!/usr/bin/env python3
  3. # After a new version of Kubernetes has been released,
  4. # run this script to update roles/kubespray-defaults/defaults/main/download.yml
  5. # with new hashes.
  7. import sys
  9. from itertools import count, groupby
  10. from collections import defaultdict
  11. from functools import cache
  12. import argparse
  13. import requests
  14. from ruamel.yaml import YAML
  15. from packaging.version import Version
  17. CHECKSUMS_YML = "../roles/kubespray-defaults/defaults/main/checksums.yml"
  19. def open_checksums_yaml():
  20. yaml = YAML()
  21. yaml.explicit_start = True
  22. yaml.preserve_quotes = True
  23. yaml.width = 4096
  25. with open(CHECKSUMS_YML, "r") as checksums_yml:
  26. data = yaml.load(checksums_yml)
  28. return data, yaml
  30. def version_compare(version):
  31. return Version(version.removeprefix("v"))
  33. downloads = {
  34. "calicoctl_binary": "https://github.com/projectcalico/calico/releases/download/{version}/SHA256SUMS",
  35. "ciliumcli_binary": "https://github.com/cilium/cilium-cli/releases/download/{version}/cilium-{os}-{arch}.tar.gz.sha256sum",
  36. "cni_binary": "https://github.com/containernetworking/plugins/releases/download/{version}/cni-plugins-{os}-{arch}-{version}.tgz.sha256",
  37. "containerd_archive": "https://github.com/containerd/containerd/releases/download/v{version}/containerd-{version}-{os}-{arch}.tar.gz.sha256sum",
  38. "crictl": "https://github.com/kubernetes-sigs/cri-tools/releases/download/{version}/critest-{version}-{os}-{arch}.tar.gz.sha256",
  39. "crio_archive": "https://storage.googleapis.com/cri-o/artifacts/cri-o.{arch}.{version}.tar.gz.sha256sum",
  40. "etcd_binary": "https://github.com/etcd-io/etcd/releases/download/{version}/SHA256SUMS",
  41. "kubeadm": "https://dl.k8s.io/release/{version}/bin/linux/{arch}/kubeadm.sha256",
  42. "kubectl": "https://dl.k8s.io/release/{version}/bin/linux/{arch}/kubectl.sha256",
  43. "kubelet": "https://dl.k8s.io/release/{version}/bin/linux/{arch}/kubelet.sha256",
  44. "nerdctl_archive": "https://github.com/containerd/nerdctl/releases/download/v{version}/SHA256SUMS",
  45. "runc": "https://github.com/opencontainers/runc/releases/download/{version}/runc.sha256sum",
  46. "skopeo_binary": "https://github.com/lework/skopeo-binary/releases/download/{version}/skopeo-{os}-{arch}.sha256",
  47. "yq": "https://github.com/mikefarah/yq/releases/download/{version}/checksums-bsd", # see https://github.com/mikefarah/yq/pull/1691 for why we use this url
  48. }
  49. # TODO: downloads not supported
  50. # youki: no checkusms in releases
  51. # kata: no checksums in releases
  52. # gvisor: sha512 checksums
  53. # crun : PGP signatures
  54. # cri_dockerd: no checksums or signatures
  55. # helm_archive: PGP signatures
  56. # krew_archive: different yaml structure
  57. # calico_crds_archive: different yaml structure
  59. # TODO:
  60. # noarch support -> k8s manifests, helm charts
  61. # different checksum format (needs download role changes)
  62. # different verification methods (gpg, cosign) ( needs download role changes) (or verify the sig in this script and only use the checksum in the playbook)
  63. # perf improvements (async)
  65. def download_hash(only_downloads: [str]) -> None:
  66. # Handle file with multiples hashes, with various formats.
  67. # the lambda is expected to produce a dictionary of hashes indexed by arch name
  68. download_hash_extract = {
  69. "calicoctl_binary": lambda hashes : {
  70. line.split('-')[-1] : line.split()[0]
  71. for line in hashes.strip().split('\n')
  72. if line.count('-') == 2 and line.split('-')[-2] == "linux"
  73. },
  74. "etcd_binary": lambda hashes : {
  75. line.split('-')[-1].removesuffix('.tar.gz') : line.split()[0]
  76. for line in hashes.strip().split('\n')
  77. if line.split('-')[-2] == "linux"
  78. },
  79. "nerdctl_archive": lambda hashes : {
  80. line.split()[1].removesuffix('.tar.gz').split('-')[3] : line.split()[0]
  81. for line in hashes.strip().split('\n')
  82. if [x for x in line.split(' ') if x][1].split('-')[2] == "linux"
  83. },
  84. "runc": lambda hashes : {
  85. parts[1].split('.')[1] : parts[0]
  86. for parts in (line.split()
  87. for line in hashes.split('\n')[3:9])
  88. },
  89. "yq": lambda rhashes_bsd : {
  90. pair[0].split('_')[-1] : pair[1]
  91. # pair = (yq_<os>_<arch>, <hash>)
  92. for pair in ((line.split()[1][1:-1], line.split()[3])
  93. for line in rhashes_bsd.splitlines()
  94. if line.startswith("SHA256"))
  95. if pair[0].startswith("yq")
  96. and pair[0].split('_')[1] == "linux"
  97. and not pair[0].endswith(".tar.gz")
  98. },
  99. }
  101. data, yaml = open_checksums_yaml()
  102. s = requests.Session()
  104. @cache
  105. def _get_hash_by_arch(download: str, version: str) -> {str: str}:
  107. hash_file = s.get(downloads[download].format(
  108. version = version,
  109. os = "linux",
  110. ),
  111. allow_redirects=True)
  112. if hash_file.status_code == 404:
  113. print(f"Unable to find {download} hash file for version {version} at {hash_file.url}")
  114. return None
  115. hash_file.raise_for_status()
  116. return download_hash_extract[download](hash_file.content.decode())
  118. for download, url in (downloads if only_downloads == []
  119. else {k:downloads[k] for k in downloads.keys() & only_downloads}).items():
  120. checksum_name = f"{download}_checksums"
  121. # Propagate new patch versions to all architectures
  122. for arch in data[checksum_name].values():
  123. for arch2 in data[checksum_name].values():
  124. arch.update({
  125. v:("NONE" if arch2[v] == "NONE" else 0)
  126. for v in (set(arch2.keys()) - set(arch.keys()))
  127. if v.split('.')[2] == '0'})
  128. # this is necessary to make the script indempotent,
  129. # by only adding a vX.X.0 version (=minor release) in each arch
  130. # and letting the rest of the script populate the potential
  131. # patch versions
  133. for arch, versions in data[checksum_name].items():
  134. for minor, patches in groupby(versions.copy().keys(), lambda v : '.'.join(v.split('.')[:-1])):
  135. for version in (f"{minor}.{patch}" for patch in
  136. count(start=int(max(patches, key=version_compare).split('.')[-1]),
  137. step=1)):
  138. # Those barbaric generators do the following:
  139. # Group all patches versions by minor number, take the newest and start from that
  140. # to find new versions
  141. if version in versions and versions[version] != 0:
  142. continue
  143. if download in download_hash_extract:
  144. hashes = _get_hash_by_arch(download, version)
  145. if hashes == None:
  146. break
  147. sha256sum = hashes.get(arch)
  148. if sha256sum == None:
  149. break
  150. else:
  151. hash_file = s.get(downloads[download].format(
  152. version = version,
  153. os = "linux",
  154. arch = arch
  155. ),
  156. allow_redirects=True)
  157. if hash_file.status_code == 404:
  158. print(f"Unable to find {download} hash file for version {version} (arch: {arch}) at {hash_file.url}")
  159. break
  160. hash_file.raise_for_status()
  161. sha256sum = hash_file.content.decode().split()[0]
  163. if len(sha256sum) != 64:
  164. raise Exception(f"Checksum has an unexpected length: {len(sha256sum)} (binary: {download}, arch: {arch}, release: {version}, checksum: '{sha256sum}')")
  165. data[checksum_name][arch][version] = sha256sum
  166. data[checksum_name] = {arch : {r : releases[r] for r in sorted(releases.keys(),
  167. key=version_compare,
  168. reverse=True)}
  169. for arch, releases in data[checksum_name].items()}
  171. with open(CHECKSUMS_YML, "w") as checksums_yml:
  172. yaml.dump(data, checksums_yml)
  173. print(f"\n\nUpdated {CHECKSUMS_YML}\n")
  175. parser = argparse.ArgumentParser(description=f"Add new patch versions hashes in {CHECKSUMS_YML}",
  176. formatter_class=argparse.RawTextHelpFormatter,
  177. epilog=f"""
  178. This script only lookup new patch versions relative to those already existing
  179. in the data in {CHECKSUMS_YML},
  180. which means it won't add new major or minor versions.
  181. In order to add one of these, edit {CHECKSUMS_YML}
  182. by hand, adding the new versions with a patch number of 0 (or the lowest relevant patch versions)
  183. ; then run this script.
  185. Note that the script will try to add the versions on all
  186. architecture keys already present for a given download target.
  188. The '0' value for a version hash is treated as a missing hash, so the script will try to download it again.
  189. To notify a non-existing version (yanked, or upstream does not have monotonically increasing versions numbers),
  190. use the special value 'NONE'.
  192. EXAMPLES:
  194. crictl_checksums:
  195. ...
  196. amd64:
  197. + v1.30.0: 0
  198. v1.29.0: d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb
  199. v1.28.0: 8dc78774f7cbeaf787994d386eec663f0a3cf24de1ea4893598096cb39ef2508"""
  201. )
  202. parser.add_argument('binaries', nargs='*', choices=downloads.keys())
  204. args = parser.parse_args()
  205. download_hash(args.binaries)