Upgrade bazel to 2.1.0

build-chroot/bazel-2.1.0.deb.sha256

@@ -0,0 +1 @@
+bf12c4c0bb853266676295351da20d13075b26bf23f28c4ffdfefc1b35062ccb  bazel-2.1.0.deb

build-chroot/install-bazel.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e -u
 
-VERSION="0.26.1"
+VERSION="2.1.0"
 
 cd "$(dirname "$0")"
 curl -L -o "bazel-${VERSION}.deb" "https://github.com/bazelbuild/bazel/releases/download/${VERSION}/bazel_${VERSION}-linux-x86_64.deb"

platform/.bazelrc

@@ -1,2 +1,2 @@
 startup --host_jvm_args=-Xmx4G
-build --workspace_status_command bazel/workspace-status.sh
+build --workspace_status_command bazel/workspace-status.sh --host_force_python=PY2

platform/bazel/0001-containerregistry-py2.patch

@@ -0,0 +1,10 @@
+--- BUILD.bazel	2020-02-07 15:26:20.248601888 -0500
++++ BUILD.bazel	2020-02-07 15:37:28.144749987 -0500
+@@ -70,6 +70,7 @@
+     main = "tools/fast_pusher_.py",
+     visibility = ["//visibility:public"],
+     deps = [":containerregistry"],
++    python_version = "PY2",
+ )
+
+ par_binary(

platform/bazel/deps.bzl

@@ -1,4 +1,15 @@
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 load("@io_bazel_rules_docker//repositories:repositories.bzl", container_repositories = "repositories")
+load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
 
 def bazel_dependencies():
+    http_archive(
+        name = "containerregistry",
+        sha256 = "a8cdf2452323e0fefa4edb01c08b2ec438c9fa3192bc9f408b89287598c12abc",
+        strip_prefix = "containerregistry-0.0.36",
+        urls = [("https://github.com/google/containerregistry/archive/v0.0.36.tar.gz")],
+        patches = ["//bazel:0001-containerregistry-py2.patch"],
+    )
+
     container_repositories()
+    rules_pkg_dependencies()

platform/bazel/deps_early.bzl

@@ -1,8 +1,14 @@
 load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
 def bazel_dependencies_early():
     git_repository(
         name = "io_bazel_rules_docker",
         remote = "https://github.com/bazelbuild/rules_docker",
-        commit = "968e0b7c8b3bc7e009531231ac926325cd2745bc",
+        commit = "5647f4f7a6b7c247e788675963e2e03a6e7156e1",
+    )
+    http_archive(
+        name = "rules_pkg",
+        url = "https://github.com/bazelbuild/rules_pkg/releases/download/0.1.0/rules_pkg-0.1.0.tar.gz",
+        sha256 = "752146e2813f4c135ec9f71b592bf98f96f026049e6d65248534dbeccb2448e1",
     )

platform/bazel/hash-compute.py

@@ -25,7 +25,7 @@ def sha256_file(f):
 hashes = [sha256(b"".join(sha256(arg) for arg in args))]
 for input in files:
     if input == "--empty":
-        hashes.append("(empty)")  # not a real hash, but we're going to hash it again, so it's okay
+        hashes.append(b"(empty)")  # not a real hash, but we're going to hash it again, so it's okay
     else:
         with open(input, "rb") as f:
             hashes.append(sha256_file(f))

platform/bazel/package.bzl

@@ -1,4 +1,4 @@
-load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar", "pkg_deb")
+load("@rules_pkg//:pkg.bzl", "pkg_deb", "pkg_tar")
 load("//bazel:version.bzl", "hash_compute", "version_compute")
 load("//bazel:oci_digest.bzl", "oci_digest")
 load("@io_bazel_rules_docker//container:container.bzl", "container_image")

platform/kubernetes/0001-fix-bazel-compat.patch

@@ -0,0 +1,29 @@
+commit fe06de1864e72fbfcf1520ed74c290041beecea1
+Author: Sean Sullivan <[email protected]>
+Date:   Fri Nov 1 14:35:04 2019 -0700
+
+    Fixes error in go_pkg()
+
+diff --git build/code_generation.bzl build/code_generation.bzl
+index eed223eb86b..2b13dc3f01f 100644
+--- build/code_generation.bzl
++++ build/code_generation.bzl
+@@ -41,7 +41,8 @@ def go_pkg(pkg):
+         ...
+     )
+     """
+-    return go_prefix + "/" + pkg.replace("staging/src/", "vendor/", maxsplit = 1)
++    count = 1
++    return go_prefix + "/" + pkg.replace("staging/src/", "vendor/", count)
+
+ def openapi_deps():
+     deps = [
+@@ -59,7 +60,7 @@ def applies(pkg, prefixes, default):
+             return True
+     return False
+
+-def gen_openapi(outs, output_pkg, include_pkgs=[], exclude_pkgs=[]):
++def gen_openapi(outs, output_pkg, include_pkgs = [], exclude_pkgs = []):
+     """Calls openapi-gen to produce the zz_generated.openapi.go file,
+     which should be provided in outs.
+     output_pkg should be set to the full go package name for this generated file.

platform/kubernetes/deps.bzl

@@ -159,4 +159,5 @@ def kubernetes_dependencies():
         sha256 = "3f430156abcee1930f1eb0e7bd853c0b411e33f8a43e5b52207c0a49d58eb85c",
         type = "tar.gz",
         urls = ["https://dl.k8s.io/v1.16.0/kubernetes-src.tar.gz"],
+        patches = ["//kubernetes:0001-fix-bazel-compat.patch"],
     )

platform/spire/debian-iso/deps.bzl

@@ -1,8 +1,8 @@
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_file")
 
-VERSION = '20190702+deb10u2'
-RELEASE = 'buster'
-MINI_ISO_HASH = 'fa713fb9ab7853de6aefe6b83c58bcdba19ef79a0310de84d40dd2754a9539d7'
+VERSION = "20190702+deb10u3"
+RELEASE = "buster"
+MINI_ISO_HASH = "26b6f6f6bcb24c4e59b965d4a2a6c44af5d79381b9230d69a7d4db415ddcb4cd"
 
 def debian_iso_dependencies():
     http_file(

tools/bump-debian-iso.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+set -euo pipefail
+
+cd "$(dirname "$0")"
+
+VERSION="${1:-}"
+TARGET="../platform/spire/debian-iso/deps.bzl"
+
+if [ "$VERSION" = "" ]
+then
+    echo "usage: $0 20190702+deb10u3 [or other new version]" 1>&2
+    echo "usage: $0 auto" 1>&2
+    echo 1>&2
+    echo "this command will try to update debian-iso/deps.bzl and then make a commit" 1>&2
+    exit 1
+fi
+
+## discover the latest version, if relevant
+
+if [ "$VERSION" = "auto" ]
+then
+    # yes, this is a HTTP fetch, and in theory could be MITM'd, but if the version number is
+    # invalid, debian-iso-checksum.sh will just fail later.
+    VERSION="$(curl -s http://debian.csail.mit.edu/debian/dists/buster/Release |
+               grep -E "^ [0-9a-f]{64} [ 0-9]+ main/installer-amd64/[0-9]+[+][0-9a-z]+/images/SHA256SUMS$" |
+               sed 's|^[^/]*/installer-amd64/\([^/]*\)/.*|\1|g')"
+fi
+
+## make sure the git state is clean enough for us
+
+if ! git diff --quiet "${TARGET}" || ! git diff --cached --quiet "${TARGET}"
+then
+    echo "cannot update ${TARGET} automatically; it has already been modified" 1>&2
+    exit 1
+fi
+
+## make the change
+
+./debian-iso-checksum.sh "${VERSION}" | ./update-defs.py "${TARGET}"
+
+## make the commit
+
+if git diff --quiet "${TARGET}"
+then
+    echo "no commit to make; files did not change" 1>&2
+    exit 1
+fi
+
+git commit -e -v "${TARGET}" -m "debian-iso: bump version to $VERSION" -m "This commit was automatically created with bump-debian-iso.sh."

tools/debian-checksum.sh → tools/debian-iso-checksum.sh

@@ -1,9 +1,15 @@
 #!/bin/bash
 set -e -u
 
-VERSION="20190702+deb10u2"
+VERSION="${1:-}"
 RELEASE="buster"
 
+if [ "$VERSION" = "" ]
+then
+    echo "usage: debian-iso-checksum.sh <version>" 1>&2
+    exit 1
+fi
+
 echo "finding hash for release ${RELEASE} version ${VERSION}:" >&2
 
 WORK=$(mktemp -d)
@@ -29,6 +35,6 @@ echo >&2
 echo "new version block:" >&2
 
 echo >&2
-echo "VERSION = '${VERSION}'"
-echo "RELEASE = '${RELEASE}'"
-echo "MINI_ISO_HASH = '$(grep './netboot/mini.iso' SHA256SUMS | cut -d " " -f 1)'"
+echo "VERSION = \"${VERSION}\""
+echo "RELEASE = \"${RELEASE}\""
+echo "MINI_ISO_HASH = \"$(grep './netboot/mini.iso' SHA256SUMS | cut -d " " -f 1)\""

tools/update-defs.py

@@ -0,0 +1,84 @@
+#!/usr/bin/env python3
+"""
+update-defs: change a set of Bazel variable declarations in a particular file.
+
+For example, if a file named `debian-iso/deps.bzl` had the following lines in the middle:
+
+    VERSION = '20190702+deb10u2'
+    RELEASE = 'buster'
+    MINI_ISO_HASH = 'fa713fb9ab7853de6aefe6b83c58bcdba19ef79a0310de84d40dd2754a9539d7'
+
+And you ran the following command with the following input:
+
+    $ ./update-defs.py debian-iso/deps.bzl
+    VERSION = '20190702+deb10u3'
+    RELEASE = 'buster'
+    MINI_ISO_HASH = '26b6f6f6bcb24c4e59b965d4a2a6c44af5d79381b9230d69a7d4db415ddcb4cd'
+
+Then those three lines (and only those lines) would be updated in `deps.bzl`.
+"""
+
+import re
+import sys
+
+
+def is_valid_identifier(text):
+    return bool(re.match("^[A-Z0-9_]+$", text))
+
+
+def get_match(line):
+    if "=" in line:
+        match = line.split("=",1)[0].strip()
+        if is_valid_identifier(match):
+            return match
+
+
+def parse_changes(changes):
+    mapping = {}
+    for line in changes.split("\n"):
+        if not line: continue
+        match = get_match(line)
+        if match is None:
+            raise ValueError("could not parse change line: %s" % repr(line))
+        if match in mapping:
+            raise KeyError("duplicate input mapping: %s" % match)
+        mapping[match] = line
+    return mapping
+
+
+def apply_changes(line, lookup, used):
+    match = get_match(line)
+    if match is not None and match in lookup:
+        used[match] += 1
+        line = lookup[match]
+        print("=>", line)
+    return line
+
+
+def perform_changes(filename, changes):
+    with open(filename, "r") as f:
+        lines = f.read().split("\n")
+    lookup = parse_changes(changes)
+    used = {var: 0 for var in lookup}
+    lines = [apply_changes(line, lookup, used) for line in lines]
+    for var, usedcount in used.items():
+        if usedcount < 1:
+            raise ValueError("did not use requested change: %s was not used" % (repr(var)))
+        elif usedcount > 1:
+            raise ValueError("used requested change multiple times: %s was used %d times" % (repr(var), usedcount))
+    with open(filename, "w") as f:
+        f.write("\n".join(lines))
+    print()
+    print("updated", len(lookup), "entries")
+
+
+def main(argv):
+    if len(argv) != 2:
+        print("usage: %s <target file>", file=sys.stderr)
+        sys.exit(1)
+    changes = sys.stdin.read()
+    perform_changes(sys.argv[1], changes)
+
+
+if __name__ == "__main__":
+    main(sys.argv)