Skip to content

Commit

Permalink
tools: use latest upstream commit for zlib updates
Browse files Browse the repository at this point in the history
Zlib rarely gets new tags or releases, so now we use the latest commit
on the upstream default branch to check if an update is available.

Refs: nodejs/security-wg#973
PR-URL: nodejs#48054
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
  • Loading branch information
fasenderos authored and Ceres6 committed Aug 14, 2023
1 parent 0224e14 commit 19d2231
Showing 1 changed file with 29 additions and 6 deletions.
35 changes: 29 additions & 6 deletions tools/dep_updaters/update-zlib.sh
Original file line number Diff line number Diff line change
@@ -1,23 +1,46 @@
#!/bin/sh
set -e
# Shell script to update zlib in the source tree to a specific version
# Shell script to update zlib in the source tree to the most recent version.
# Zlib rarely creates tags or releases, so we use the latest commit on the main branch.
# See: https://github.com/nodejs/node/pull/47417

BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd)
DEPS_DIR="$BASE_DIR/deps"

CURRENT_VERSION=$(grep "#define ZLIB_VERSION" "$DEPS_DIR/zlib/zlib.h" | sed -n "s/^.*VERSION \"\(.*\)\"/\1/p")
echo "Comparing latest upstream with current revision"

NEW_VERSION_ZLIB_H=$(curl -s "https://chromium.googlesource.com/chromium/src/+/refs/heads/main/third_party/zlib/zlib.h?format=TEXT" | base64 --decode)
git fetch https://chromium.googlesource.com/chromium/src/third_party/zlib.git HEAD

NEW_VERSION=$(printf '%s' "$NEW_VERSION_ZLIB_H" | grep "#define ZLIB_VERSION" | sed -n "s/^.*VERSION \"\(.*\)\"/\1/p")
# Revert zconf.h changes before checking diff
perl -i -pe 's|^//#include "chromeconf.h"|#include "chromeconf.h"|' "$DEPS_DIR/zlib/zconf.h"
git stash -- "$DEPS_DIR/zlib/zconf.h"

echo "Comparing $NEW_VERSION with $CURRENT_VERSION"
DIFF_TREE=$(git diff --diff-filter=d 'stash@{0}:deps/zlib' FETCH_HEAD)

if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then
git stash drop

if [ -z "$DIFF_TREE" ]; then
echo "Skipped because zlib is on the latest version."
exit 0
fi

# This is a rather arbitrary restriction. This script is assumed to run on
# Sunday, shortly after midnight UTC. This check thus prevents pulling in the
# most recent commits if any changes were made on Friday or Saturday (UTC).
# We don't want to pull in a commit that was just pushed, and instead rather
# wait for the next week's update. If no commits have been pushed in the last
# two days, we assume that the most recent commit is stable enough to be
# pulled in.
LAST_CHANGE_DATE=$(git log -1 --format=%ct FETCH_HEAD)
TWO_DAYS_AGO=$(date -d 'now - 2 days' '+%s')

if [ "$LAST_CHANGE_DATE" -gt "$TWO_DAYS_AGO" ]; then
echo "Skipped because the latest version is too recent."
exit 0
fi

NEW_VERSION=$(git rev-parse --short=7 FETCH_HEAD)

echo "Making temporary workspace..."

WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp')
Expand Down

0 comments on commit 19d2231

Please sign in to comment.