Skip to content
/ openssl-source-code-resource Public

A Concourse resource to track and fetch OpenSSL source code tarballs

License

Apache-2.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gstackio/openssl-source-code-resource

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits

.github/workflows

.github/workflows

 
 

ci

ci

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

check

check

 
 

in

in

 
 

Repository files navigation

Docker Stars Docker pulls

dockeri.co

OpenSSL source code Resource

OpenSSL source code is made available via openssl.org/source or the artfiles.org mirror. This Concourse resource allows you to watch for new releases and fetch them.

Using in a Concourse pipeline

You can use the Docker image by defining a resource type in your pipeline YAML definition.

For example:

resource_types:
  - name: openssl-source-code
    type: docker-image
    source:
      repository: gstack/openssl-source-code-resource

resources:
  - name: openssl-tarball
    type: openssl-source-code
    source:
      family: "1.1.1"

To get the latest OpenSSL v1.1.1 tarball, use such following get step in your job's build plan.

jobs:
  - name: compile
    plan:
      - get: openssl-tarball
      # ...

Source Configuration

  • family: Required. The OpenSSL version family, like 3.0 or 1.1.1 (recommended), or the non-recommended 1.1.0, 1.0.2, 1.0.1, 1.0.0, 0.9.8, 0.9.7 and 0.9.6.

Behavior

check Step (check script): Check for new release versions

Get the latest version of OpenSSL source code in the defined version family.

get Step (in script): Fetch release

Downloads the source code tarball for a version.

Also creates these files in the output artifact directory:

  • version file with the current version
  • family file with the version family
  • sha256 file with the SHA256 checksum from OpenSSL site (already verified at download by the resource)

Whenever the sha256 is not provided by the openssl.org download site, then sha1 is tried and checked, then md5. Which fingerprint is checked is detailed in the resource logs, and related files are kept in the output artifact directory. When non is ab-vailable, the resource fails. Whenever the sha256 file is missing, it is computed from the downloaded file, in order to honor the resource contract.

put Step (out script): Not implemented

Uploading a new OpenSSL source code tarball is not possible.

Development

Build docker image

docker_user=gstack
docker build -t "${docker_user}/openssl-source-code-resource" .
docker push ${docker_user}/openssl-source-code-resource

Running the tests

The tests are run by the test job of the concourse pipeline. You may run parts or all of the Bash script defined in ci/settings.yml. Pull requests are welcome for improving this, extracting the Bash script, create some Makefile and have them run locally with make test.

Contributing

Please make all pull requests to the master branch and ensure tests pass locally.

When submitting a Pull Request or pushing new commits, the Concourse CI/CD pipeline provides feedback with building the Dockerfile, which implies running the tests.

Author and license

Copyright © 2021-present, Benjamin Gandon, Gstack

Like Concourse, the OpenSSL source code resource is released under the terms of the Apache 2.0 license.

About

A Concourse resource to track and fetch OpenSSL source code tarballs

Topics

concourse concourse-resource

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 5

OpenSSL tarball Concourse resource v1.3.1 Latest
May 11, 2024
+ 4 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages