diff --git a/cmd/helm/dependency_build_test.go b/cmd/helm/dependency_build_test.go index 58ef3d3a1..eeca12fa6 100644 --- a/cmd/helm/dependency_build_test.go +++ b/cmd/helm/dependency_build_test.go @@ -100,3 +100,16 @@ func TestDependencyBuildCmd(t *testing.T) { t.Errorf("mismatched versions. Expected %q, got %q", "0.1.0", v) } } + +func TestDependencyBuildCmdWithHelmV2Hash(t *testing.T) { + chartName := "testdata/testcharts/issue-7233" + + cmd := fmt.Sprintf("dependency build '%s'", chartName) + _, out, err := executeActionCommand(cmd) + + // Want to make sure the build can verify Helm v2 hash + if err != nil { + t.Logf("Output: %s", out) + t.Fatal(err) + } +} diff --git a/cmd/helm/testdata/testcharts/issue-7233/.helmignore b/cmd/helm/testdata/testcharts/issue-7233/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-7233/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/cmd/helm/testdata/testcharts/issue-7233/Chart.yaml b/cmd/helm/testdata/testcharts/issue-7233/Chart.yaml new file mode 100644 index 000000000..b31997acb --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-7233/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: issue-7233 +version: 0.1.0 diff --git a/cmd/helm/testdata/testcharts/issue-7233/charts/alpine-0.1.0.tgz b/cmd/helm/testdata/testcharts/issue-7233/charts/alpine-0.1.0.tgz new file mode 100644 index 000000000..a64d9ed46 Binary files /dev/null and b/cmd/helm/testdata/testcharts/issue-7233/charts/alpine-0.1.0.tgz differ diff --git a/cmd/helm/testdata/testcharts/issue-7233/requirements.lock b/cmd/helm/testdata/testcharts/issue-7233/requirements.lock new file mode 100644 index 000000000..62744125b --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-7233/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: alpine + repository: file://../alpine + version: 0.1.0 +digest: sha256:7b380b1a826e7be1eecb089f66209d6d3df54be4bf879d4a8e6f8a9e871710e5 +generated: "2020-01-31T11:30:21.911547651Z" diff --git a/cmd/helm/testdata/testcharts/issue-7233/requirements.yaml b/cmd/helm/testdata/testcharts/issue-7233/requirements.yaml new file mode 100644 index 000000000..f0195cb15 --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-7233/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: alpine + version: 0.1.0 + repository: file://../alpine diff --git a/cmd/helm/testdata/testcharts/issue-7233/templates/configmap.yaml b/cmd/helm/testdata/testcharts/issue-7233/templates/configmap.yaml new file mode 100644 index 000000000..53880b25d --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-7233/templates/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-configmap +data: + myvalue: "Hello World" + drink: {{ .Values.favoriteDrink }} diff --git a/cmd/helm/testdata/testcharts/issue-7233/values.yaml b/cmd/helm/testdata/testcharts/issue-7233/values.yaml new file mode 100644 index 000000000..b1aa168d7 --- /dev/null +++ b/cmd/helm/testdata/testcharts/issue-7233/values.yaml @@ -0,0 +1 @@ +favoriteDrink: coffee diff --git a/internal/resolver/resolver.go b/internal/resolver/resolver.go index e4dbab227..cec29c947 100644 --- a/internal/resolver/resolver.go +++ b/internal/resolver/resolver.go @@ -157,6 +157,22 @@ func HashReq(req, lock []*chart.Dependency) (string, error) { return "sha256:" + s, err } +// HashV2Req generates a hash of requirements generated in Helm v2. +// +// This should be used only to compare against another hash generated by the +// Helm v2 hash function. It is to handle issue: +// https://github.com/helm/helm/issues/7233 +func HashV2Req(req []*chart.Dependency) (string, error) { + dep := make(map[string][]*chart.Dependency) + dep["dependencies"] = req + data, err := json.Marshal(dep) + if err != nil { + return "", err + } + s, err := provenance.Digest(bytes.NewBuffer(data)) + return "sha256:" + s, err +} + // GetLocalPath generates absolute local path when use // "file://" in repository of dependencies func GetLocalPath(repo, chartpath string) (string, error) { diff --git a/pkg/downloader/manager.go b/pkg/downloader/manager.go index e46af6944..cb139f824 100644 --- a/pkg/downloader/manager.go +++ b/pkg/downloader/manager.go @@ -19,6 +19,7 @@ import ( "fmt" "io" "io/ioutil" + "log" "net/url" "os" "path" @@ -86,7 +87,17 @@ func (m *Manager) Build() error { } if sum, err := resolver.HashReq(req, lock.Dependencies); err != nil || sum != lock.Digest { - return errors.New("Chart.lock is out of sync with Chart.yaml") + // If lock digest differs and chart is apiVersion v1, it maybe because the lock was built + // with Helm 2 and therefore should be checked with Helm v2 hash + // Fix for: https://github.com/helm/helm/issues/7233 + if c.Metadata.APIVersion == chart.APIVersionV1 { + log.Println("warning: a valid Helm v3 hash was not found. Checking against Helm v2 hash...") + if sum, err := resolver.HashV2Req(req); err != nil || sum != lock.Digest { + return errors.New("the lock file (requirements.lock) is out of sync with the dependencies file (requirements.yaml). Please update the dependencies") + } + } else { + return errors.New("the lock file (Chart.lock) is out of sync with the dependencies file (Chart.yaml). Please update the dependencies") + } } // Check that all of the repos we're dependent on actually exist.