From d9ae9b98dcd62f5961bb4d919eaaa4c1cca26213 Mon Sep 17 00:00:00 2001
From: Nicholas Dille <nicholas.dille@mailbox.org>
Date: Wed, 26 Jun 2024 10:24:03 +0200
Subject: [PATCH 1/2] Fixed hardcoded versions

---
 tools/axel/Dockerfile.template     |  2 +-
 tools/cosign/Dockerfile.template   |  2 +-
 tools/git/Dockerfile.template      | 14 --------
 tools/kubeadm/Dockerfile.template  | 28 +++++++--------
 tools/kubectl/Dockerfile.template  | 58 ++++++++++++++----------------
 tools/kubelet/Dockerfile.template  | 28 +++++++--------
 tools/musl/Dockerfile.template     |  2 +-
 tools/nvm/Dockerfile.template      |  2 +-
 tools/tailspin/Dockerfile.template |  6 ++--
 9 files changed, 59 insertions(+), 83 deletions(-)

diff --git a/tools/axel/Dockerfile.template b/tools/axel/Dockerfile.template
index 6f7c93fce3..adca248a75 100644
--- a/tools/axel/Dockerfile.template
+++ b/tools/axel/Dockerfile.template
@@ -17,7 +17,7 @@ WORKDIR /tmp/axel
 ARG name
 ARG version
 RUN <<EOF
-curl --silent --show-error --location --fail https://github.com/axel-download-accelerator/axel/releases/download/v2.17.11/axel-2.17.11.tar.gz \
+curl --silent --show-error --location --fail https://github.com/axel-download-accelerator/axel/releases/download/v${version}/axel-${version}.tar.gz \
 | tar --extract --gzip --strip-components=1
 ./configure --prefix="${prefix}"
 make LDFLAGS=-static -j$(nproc)
diff --git a/tools/cosign/Dockerfile.template b/tools/cosign/Dockerfile.template
index f75f95f1ed..fbdf9a27fc 100644
--- a/tools/cosign/Dockerfile.template
+++ b/tools/cosign/Dockerfile.template
@@ -6,7 +6,7 @@ COPY --from=ghcr.io/uniget-org/tools/uniget-build:latest \
     /etc/profile.d/
 SHELL [ "bash", "-clo", "errexit" ]
 ARG TARGETPLATFORM
-# renovate: datasource=github-releases depName=sigstore/cosign
+# renovate: datasource=github-releases depName=sigstore/cosign extractVersion=^v(?<version>.+?)$
 ARG COSIGN_VERSION=2.2.3
 COPY checksums.txt .
 RUN <<EOF
diff --git a/tools/git/Dockerfile.template b/tools/git/Dockerfile.template
index 0a5f3e8ec6..e54d133521 100644
--- a/tools/git/Dockerfile.template
+++ b/tools/git/Dockerfile.template
@@ -24,20 +24,6 @@ ARG name
 ARG version
 RUN <<EOF
 git clone -q --config advice.detachedHead=false --depth 1 --branch "v${version}" https://github.com/git/git .
-if test "${version}" == "2.43.1"; then
-    cat <<EOP | patch -p0
---- imap-send.c.orig
-+++ imap-send.c
-@@ -28,6 +28,7 @@
- #include "run-command.h"
- #include "parse-options.h"
- #include "setup.h"
-+#include "strbuf.h"
- #if defined(NO_OPENSSL) && !defined(HAVE_OPENSSL_CSPRNG)
- typedef void *SSL;
- #endif
-EOP
-fi
 export CFLAGS="${CFLAGS} -static"
 make configure
 ./configure --prefix="${prefix}"
diff --git a/tools/kubeadm/Dockerfile.template b/tools/kubeadm/Dockerfile.template
index 7311e677c1..8d5661652b 100644
--- a/tools/kubeadm/Dockerfile.template
+++ b/tools/kubeadm/Dockerfile.template
@@ -16,21 +16,19 @@ curl --silent --show-error --location --fail --output "${prefix}/bin/kubeadm" \
     "https://storage.googleapis.com/kubernetes-release/release/v${version}/bin/linux/${alt_arch}/kubeadm"
 chmod +x "${prefix}/bin/kubeadm"
 
-if test "$(echo -e "1.26.0-beta.0\n${version}" | sort -V | head -n 1)" == "1.26.0-beta.0"; then
-    echo "Verifying keyless signature for kubeadm"
-    curl --silent --show-error --location --fail --output "/tmp/kubeadm.sig" \
-        "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubeadm.sig"
-    curl --silent --show-error --location --fail --output "/tmp/kubeadm.cert" \
-        "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubeadm.cert"
-    COSIGN_EXPERIMENTAL=1 cosign verify-blob "${prefix}/bin/kubeadm" \
-        --signature "/tmp/kubeadm.sig" \
-        --certificate "/tmp/kubeadm.cert" \
-        --certificate-oidc-issuer https://accounts.google.com \
-        --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com
-    rm -f \
-        "/tmp/kubeadm.sig" \
-        "/tmp/kubeadm.cert"
-fi
+echo "Verifying keyless signature for kubeadm"
+curl --silent --show-error --location --fail --output "/tmp/kubeadm.sig" \
+    "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubeadm.sig"
+curl --silent --show-error --location --fail --output "/tmp/kubeadm.cert" \
+    "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubeadm.cert"
+COSIGN_EXPERIMENTAL=1 cosign verify-blob "${prefix}/bin/kubeadm" \
+    --signature "/tmp/kubeadm.sig" \
+    --certificate "/tmp/kubeadm.cert" \
+    --certificate-oidc-issuer https://accounts.google.com \
+    --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com
+rm -f \
+    "/tmp/kubeadm.sig" \
+    "/tmp/kubeadm.cert"
 
 "${prefix}/bin/kubeadm" completion bash >"${prefix}/share/bash-completion/completions/kubeadm"
 "${prefix}/bin/kubeadm" completion zsh >"${prefix}/share/zsh/vendor-completions/_kubeadm"
diff --git a/tools/kubectl/Dockerfile.template b/tools/kubectl/Dockerfile.template
index cf750236a3..de59c30534 100644
--- a/tools/kubectl/Dockerfile.template
+++ b/tools/kubectl/Dockerfile.template
@@ -15,42 +15,36 @@ RUN <<EOF
 curl --silent --show-error --location --fail --output "${prefix}/bin/kubectl" \
     "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl"
 chmod +x "${prefix}/bin/kubectl"
-
-if test "$(echo -e "1.26.0-beta.0\n${version}" | sort -V | head -n 1)" == "1.26.0-beta.0"; then
-    echo "Verifying keyless signature for kubectl"
-    curl --silent --show-error --location --fail --output "/tmp/kubectl.sig" \
-        "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl.sig"
-    curl --silent --show-error --location --fail --output "/tmp/kubectl.cert" \
-        "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl.cert"
-    COSIGN_EXPERIMENTAL=1 cosign verify-blob "${prefix}/bin/kubectl" \
-        --signature "/tmp/kubectl.sig" \
-        --certificate "/tmp/kubectl.cert" \
-        --certificate-oidc-issuer https://accounts.google.com \
-        --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com
-    rm -f \
-        "/tmp/kubectl.sig" \
-        "/tmp/kubectl.cert"
-fi
+echo "Verifying keyless signature for kubectl"
+curl --silent --show-error --location --fail --output "/tmp/kubectl.sig" \
+    "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl.sig"
+curl --silent --show-error --location --fail --output "/tmp/kubectl.cert" \
+    "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl.cert"
+COSIGN_EXPERIMENTAL=1 cosign verify-blob "${prefix}/bin/kubectl" \
+    --signature "/tmp/kubectl.sig" \
+    --certificate "/tmp/kubectl.cert" \
+    --certificate-oidc-issuer https://accounts.google.com \
+    --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com
+rm -f \
+    "/tmp/kubectl.sig" \
+    "/tmp/kubectl.cert"
 
 curl --silent --show-error --location --fail --output "${prefix}/bin/kubectl-convert" \
     "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl-convert"
 chmod +x "${prefix}/bin/kubectl-convert"
-
-if test "$(echo -e "1.26.0-beta.0\n${version}" | sort -V | head -n 1)" == "1.26.0-beta.0"; then
-    echo "Verifying keyless signature for kubectl-convert"
-    curl --silent --show-error --location --fail --output "/tmp/kubectl-convert.sig" \
-        "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl-convert.sig"
-    curl --silent --show-error --location --fail --output "/tmp/kubectl-convert.cert" \
-        "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl-convert.cert"
-    COSIGN_EXPERIMENTAL=1 cosign verify-blob "${prefix}/bin/kubectl-convert" \
-        --signature "/tmp/kubectl-convert.sig" \
-        --certificate "/tmp/kubectl-convert.cert" \
-        --certificate-oidc-issuer https://accounts.google.com \
-        --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com
-    rm -f \
-        "/tmp/kubectl-convert.sig" \
-        "/tmp/kubectl-convert.cert"
-fi
+echo "Verifying keyless signature for kubectl-convert"
+curl --silent --show-error --location --fail --output "/tmp/kubectl-convert.sig" \
+    "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl-convert.sig"
+curl --silent --show-error --location --fail --output "/tmp/kubectl-convert.cert" \
+    "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubectl-convert.cert"
+COSIGN_EXPERIMENTAL=1 cosign verify-blob "${prefix}/bin/kubectl-convert" \
+    --signature "/tmp/kubectl-convert.sig" \
+    --certificate "/tmp/kubectl-convert.cert" \
+    --certificate-oidc-issuer https://accounts.google.com \
+    --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com
+rm -f \
+    "/tmp/kubectl-convert.sig" \
+    "/tmp/kubectl-convert.cert"
 
 "${prefix}/bin/kubectl" completion bash >"${prefix}/share/bash-completion/completions/kubectl"
 "${prefix}/bin/kubectl" completion zsh >"${prefix}/share/zsh/vendor-completions/_kubectl"
diff --git a/tools/kubelet/Dockerfile.template b/tools/kubelet/Dockerfile.template
index a2e4cbb79b..b30e9257bb 100644
--- a/tools/kubelet/Dockerfile.template
+++ b/tools/kubelet/Dockerfile.template
@@ -16,19 +16,17 @@ curl --silent --show-error --location --fail --output "${prefix}/bin/kubelet" \
     "https://storage.googleapis.com/kubernetes-release/release/v${version}/bin/linux/${alt_arch}/kubelet"
 chmod +x "${prefix}/bin/kubelet"
 
-if test "$(echo -e "1.26.0-beta.0\n${version}" | sort -V | head -n 1)" == "1.26.0-beta.0"; then
-    echo "Verifying keyless signature for kubelet"
-    curl --silent --show-error --location --fail --output "/tmp/kubelet.sig" \
-        "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubelet.sig"
-    curl --silent --show-error --location --fail --output "/tmp/kubelet.cert" \
-        "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubelet.cert"
-    COSIGN_EXPERIMENTAL=1 cosign verify-blob "${prefix}/bin/kubelet" \
-        --signature "/tmp/kubelet.sig" \
-        --certificate "/tmp/kubelet.cert" \
-        --certificate-oidc-issuer https://accounts.google.com \
-        --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com
-    rm -f \
-        "/tmp/kubelet.sig" \
-        "/tmp/kubelet.cert"
-fi
+echo "Verifying keyless signature for kubelet"
+curl --silent --show-error --location --fail --output "/tmp/kubelet.sig" \
+    "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubelet.sig"
+curl --silent --show-error --location --fail --output "/tmp/kubelet.cert" \
+    "https://dl.k8s.io/release/v${version}/bin/linux/${alt_arch}/kubelet.cert"
+COSIGN_EXPERIMENTAL=1 cosign verify-blob "${prefix}/bin/kubelet" \
+    --signature "/tmp/kubelet.sig" \
+    --certificate "/tmp/kubelet.cert" \
+    --certificate-oidc-issuer https://accounts.google.com \
+    --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com
+rm -f \
+    "/tmp/kubelet.sig" \
+    "/tmp/kubelet.cert"
 EOF
\ No newline at end of file
diff --git a/tools/musl/Dockerfile.template b/tools/musl/Dockerfile.template
index 5ea8dfedda..2dd3732c7d 100644
--- a/tools/musl/Dockerfile.template
+++ b/tools/musl/Dockerfile.template
@@ -12,7 +12,7 @@ WORKDIR /tmp/musl
 ARG name
 ARG version
 RUN <<EOF
-curl --silent --show-error --location --fail https://musl.libc.org/releases/musl-1.2.5.tar.gz \
+curl --silent --show-error --location --fail https://musl.libc.org/releases/musl-${version}.tar.gz \
 | tar --extract --gzip --strip-components=1 --no-same-owner
 # install to lib/x86_64-linux-musl?
 ./configure --prefix="${prefix}"
diff --git a/tools/nvm/Dockerfile.template b/tools/nvm/Dockerfile.template
index a3db3fe198..03451e4561 100644
--- a/tools/nvm/Dockerfile.template
+++ b/tools/nvm/Dockerfile.template
@@ -10,5 +10,5 @@ ARG version
 RUN <<EOF
 export NVM_DIR="${prefix}/opt/nvm"
 mkdir -p "${NVM_DIR}"
-curl --silent --show-error --location --fail https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
+curl --silent --show-error --location --fail https://raw.githubusercontent.com/nvm-sh/nvm/v${version}/install.sh | bash
 EOF
\ No newline at end of file
diff --git a/tools/tailspin/Dockerfile.template b/tools/tailspin/Dockerfile.template
index cc405ccb90..9cccd0a15c 100644
--- a/tools/tailspin/Dockerfile.template
+++ b/tools/tailspin/Dockerfile.template
@@ -20,9 +20,9 @@ cargo build --release --target "${arch}-unknown-linux-gnu"
 cp "target/${arch}-unknown-linux-gnu/release/tspin" "${prefix}/bin/"
 
 curl --silent --show-error --location --fail --output "${prefix}/share/bash-completion/completions/tspin" \
-    --url "https://github.com/bensadeh/tailspin/raw/2.1.0/completions/tspin.bash"
+    --url "https://github.com/bensadeh/tailspin/raw/${version}/completions/tspin.bash"
 curl --silent --show-error --location --fail --output "${prefix}/share/fish/vendor_completions.d/tspin.fish" \
-    --url "https://github.com/bensadeh/tailspin/raw/2.1.0/completions/tspin.fish"
+    --url "https://github.com/bensadeh/tailspin/raw/${version}/completions/tspin.fish"
 curl --silent --show-error --location --fail --output "${prefix}/share/zsh/vendor-completions/_tspin" \
-    --url "https://github.com/bensadeh/tailspin/raw/2.1.0/completions/tspin.zsh"
+    --url "https://github.com/bensadeh/tailspin/raw/${version}/completions/tspin.zsh"
 EOF
\ No newline at end of file

From a95f1c2006dd259210221afdb44b543fb08cb66a Mon Sep 17 00:00:00 2001
From: Nicholas Dille <nicholas.dille@mailbox.org>
Date: Wed, 26 Jun 2024 12:50:20 +0200
Subject: [PATCH 2/2] No proper binary

---
 tools/nvm/manifest.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/nvm/manifest.yaml b/tools/nvm/manifest.yaml
index 6d23d9ddc3..fe9b47cd25 100644
--- a/tools/nvm/manifest.yaml
+++ b/tools/nvm/manifest.yaml
@@ -1,6 +1,7 @@
 # yaml-language-server: $schema=https://tools.uniget.dev/schema.yaml
 name: nvm
 version: "0.39.7"
+binary: "false"
 check: "" # No version parameter
 platforms:
 - linux/amd64