From: Levente Kálé <levente.kale@nokia.com>
Date: Tue, 15 Oct 2019 12:09:59 +0000 (+0000)
Subject: Merge "CVE-2019-16276 Vulnerability fix."
X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Fcaas-helm.git;a=commitdiff_plain;h=14c3d7f410dc71ce5b6c8947c72b7c52b1f9e042;hp=1bf60aa38b0c1f5612447e7be1722aabd2d683ab

Merge "CVE-2019-16276 Vulnerability fix."
---

diff --git a/SPECS/caas-chartrepo.spec b/SPECS/caas-chartrepo.spec
index b4524c4..9bc2b66 100644
--- a/SPECS/caas-chartrepo.spec
+++ b/SPECS/caas-chartrepo.spec
@@ -26,7 +26,7 @@ Version:        %{RPM_MAJOR_VERSION}
 Release:        %{RPM_MINOR_VERSION}%{?dist}
 Summary:        Containers as a Service %{COMPONENT} component
 License:        %{_platform_licence} and MIT license and BSD and Apache License and Lesser General Public License
-BuildArch:      x86_64
+BuildArch:      %{_arch}
 Vendor:         %{_platform_vendor} and kubernetes/kubernetes unmodified
 Source0:        %{name}-%{version}.tar.gz
 
diff --git a/SPECS/caas-helm.spec b/SPECS/caas-helm.spec
index ae9dcb6..b68aa28 100644
--- a/SPECS/caas-helm.spec
+++ b/SPECS/caas-helm.spec
@@ -22,18 +22,19 @@
 %define docker_build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build
 %define docker_save_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save
 %define built_binaries_dir /binary-save
+%define centos_build 191001
 
 Name:           %{RPM_NAME}
 Version:        %{RPM_MAJOR_VERSION}
 Release:        %{RPM_MINOR_VERSION}%{?dist}
 Summary:        Containers as a Service %{COMPONENT} component
 License:        %{_platform_licence} and MIT license and BSD and Apache License and Lesser General Public License
-BuildArch:      x86_64
+BuildArch:      %{_arch}
 Vendor:         %{_platform_vendor} and helm/helm unmodified
 Source0:        %{name}-%{version}.tar.gz
 
 Requires: docker-ce >= 18.09.2, rsync
-BuildRequires: docker-ce-cli >= 18.09.2, rsync, xz
+BuildRequires: docker-ce-cli >= 18.09.2, rsync, xz, wget
 
 %description
 This rpm contains the %{COMPONENT} container for CaaS subsystem.
@@ -43,6 +44,7 @@ This container contains the %{COMPONENT} service.
 %autosetup
 
 %build
+wget --progress=dot:giga http://artifacts.ci.centos.org/sig-cloudinstance/centos-7-%{centos_build}/%{_arch}/centos-7-%{_arch}-docker.tar.xz -O %{docker_build_dir}/helm-builder/centos-7-docker.tar.xz
 # Build Helm binaries
 docker build \
   --network=host \
diff --git a/docker-build/helm-builder/Dockerfile b/docker-build/helm-builder/Dockerfile
index 7f1caaa..23b41d8 100644
--- a/docker-build/helm-builder/Dockerfile
+++ b/docker-build/helm-builder/Dockerfile
@@ -12,7 +12,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM centos:7.6.1810
+FROM scratch
+ADD centos-7-docker.tar.xz /
+CMD ["/bin/bash"]
+
 MAINTAINER Krisztian Lengyel <krisztian.lengyel@nokia.com>
 
 ARG HELM_VERSION
@@ -28,7 +31,8 @@ ENV PATH="$GOPATH/bin:$go_install_dir/bin:$PATH"
 RUN yum install -y --setopt=skip_missing_names_on_install=False \
       ${build_packages} \
 &&  mkdir -p $go_install_dir \
-&&  curl -fsSL -k https://dl.google.com/go/go${go_version}.linux-amd64.tar.gz | tar zx --strip-components=1 -C ${go_install_dir} \
+&&  if [ $(uname -m) == 'aarch64' ]; then HOST_ARCH=arm64; else HOST_ARCH=amd64; fi \
+&&  curl -fsSL -k https://dl.google.com/go/go${go_version}.linux-${HOST_ARCH}.tar.gz | tar zx --strip-components=1 -C ${go_install_dir} \
 \
 # Build Helm
 &&  mkdir -p $GOPATH/src/k8s.io \
@@ -37,8 +41,8 @@ RUN yum install -y --setopt=skip_missing_names_on_install=False \
 &&  cd helm \
 &&  make GIT_TAG=v${HELM_VERSION} bootstrap build-cross \
 &&  mkdir -p ${binaries} \
-&&  mv ./_dist/linux-amd64/tiller ${binaries}/ \
-&&  mv ./_dist/linux-amd64/helm ${binaries}/ \
+&&  mv ./_dist/linux-${HOST_ARCH}/tiller ${binaries}/ \
+&&  mv ./_dist/linux-${HOST_ARCH}/helm ${binaries}/ \
 &&  rm -rf $GOPATH \
 &&  rm -rf $go_install_dir \
 &&  rm -rf /build \