Skip to content

Commit 0b7b414

Browse files
erik-bershelerik-bershel
authored
[Windows] Add checksum validation for Kind (#8384)
1 parent 361127d commit 0b7b414

File tree

1 file changed

+14
-4
lines changed

1 file changed

+14
-4
lines changed

images/win/scripts/Installers/Install-KubernetesTools.ps1

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,25 @@
11
################################################################################
22
## File: Install-KubernetesTools.ps1
33
## Desc: Install tools for K8s.
4+
## Supply chain security: GitHub Kind - checksum validation, Kubectl, Helm, Minikube - by package manager
45
################################################################################
56

67
Write-Host "Install Kind"
78
# Choco installation can't be used because it depends on docker-desktop
8-
$url = 'https://api.github.com/repos/kubernetes-sigs/kind/releases/latest'
9-
[System.String] $kindDownloadLink = (Invoke-RestMethod -Uri $url).assets.browser_download_url -match "kind-windows-amd64$"
9+
$repoUrl = 'https://api.github.com/repos/kubernetes-sigs/kind/releases/latest'
10+
$assets = (Invoke-RestMethod -Uri $repoUrl).assets
11+
[System.String] $kindDownloadLink = $assets.browser_download_url -match "kind-windows-amd64$"
1012
$destFilePath = "C:\ProgramData\kind"
1113
$null = New-Item -Path $destFilePath -ItemType Directory -Force
12-
Start-DownloadWithRetry -Url $kindDownloadLink -Name "kind.exe" -DownloadPath $destFilePath
14+
$packagePath = Start-DownloadWithRetry -Url $kindDownloadLink -Name "kind.exe" -DownloadPath $destFilePath
15+
16+
#region Supply chain security - Kind
17+
$fileHash = (Get-FileHash -Path $packagePath -Algorithm SHA256).Hash
18+
$hashUrl = ($assets.browser_download_url -match "kind-windows-amd64.sha256sum") | Select-Object -First 1
19+
$externalHash = (Invoke-RestMethod -Uri $hashURL).ToString().Split("`n").Where({ $_ -ilike "*kind-windows-amd64*" }).Split(' ')[0]
20+
Use-ChecksumComparison $fileHash $externalHash
21+
#endregion
22+
1323
Add-MachinePathItem $destFilePath
1424

1525
Write-Host "Install Kubectl"
@@ -21,4 +31,4 @@ Choco-Install -PackageName kubernetes-helm
2131
Write-Host "Install Minikube"
2232
Choco-Install -PackageName minikube
2333

24-
Invoke-PesterTests -TestFile "Tools" -TestName "KubernetesTools"
34+
Invoke-PesterTests -TestFile "Tools" -TestName "KubernetesTools"

0 commit comments

Comments
 (0)