From d53542975edd144319986484401a1421a35c4845 Mon Sep 17 00:00:00 2001 From: Alex Gonzalez Date: Mon, 15 May 2023 16:22:02 +0200 Subject: [PATCH 1/5] flowzone: update custom runs to use macos-12 After the flowzone update to use zstd as compression algorithm for sources there is an error on macos-11 as tar does not support it. Change-type: patch Signed-off-by: Alex Gonzalez --- .github/workflows/flowzone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/flowzone.yml b/.github/workflows/flowzone.yml index cb7c2178..b26422fb 100644 --- a/.github/workflows/flowzone.yml +++ b/.github/workflows/flowzone.yml @@ -23,7 +23,7 @@ jobs: ) secrets: inherit with: - custom_runs_on: '[["self-hosted","Linux","distro:focal","X64"],["self-hosted","Linux","distro:focal","ARM64"],["macos-11"],["windows-2019"]]' + custom_runs_on: '[["self-hosted","Linux","distro:focal","X64"],["self-hosted","Linux","distro:focal","ARM64"],["macos-12"],["windows-2019"]]' repo_config: true repo_description: "The official balena CLI tool." github_prerelease: true From ba26d3204db82168133de467035aa5b2dbd506a1 Mon Sep 17 00:00:00 2001 From: Alex Gonzalez Date: Fri, 19 May 2023 11:35:45 +0200 Subject: [PATCH 2/5] package.json: Update balena-sdk to 16.44.2 Update balena-sdk from 16.40.0 to 16.44.2 Change-type: patch Signed-off-by: Alex Gonzalez --- npm-shrinkwrap.json | 93 +++++++++++++++++++++++---------------------- package.json | 2 +- 2 files changed, 49 insertions(+), 46 deletions(-) diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 6a63b9e9..a4a8a512 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -24,7 +24,7 @@ "balena-image-fs": "^7.0.6", "balena-image-manager": "^8.0.0", "balena-preload": "^13.0.0", - "balena-sdk": "^16.40.0", + "balena-sdk": "^16.44.2", "balena-semver": "^2.3.0", "balena-settings-client": "^4.0.7", "balena-settings-storage": "^7.0.0", @@ -2100,6 +2100,26 @@ "@oclif/config": "^1" } }, + "node_modules/@oclif/plugin-help/node_modules/@oclif/command/node_modules/@oclif/plugin-help": { + "version": "3.2.14", + "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-3.2.14.tgz", + "integrity": "sha512-NP5qmE2YfcW3MmXjcrxiqKe9Hf3G0uK/qNc0zAMYKU4crFyIsWj7dBfQVFZSb28YXGioOOpjMzG1I7VMxKF38Q==", + "dependencies": { + "@oclif/command": "^1.8.9", + "@oclif/config": "^1.18.2", + "@oclif/errors": "^1.3.5", + "chalk": "^4.1.2", + "indent-string": "^4.0.0", + "lodash": "^4.17.21", + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "widest-line": "^3.1.0", + "wrap-ansi": "^6.2.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, "node_modules/@oclif/plugin-help/node_modules/@oclif/errors": { "version": "1.3.5", "resolved": "https://registry.npmjs.org/@oclif/errors/-/errors-1.3.5.tgz", @@ -2131,26 +2151,6 @@ "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, - "node_modules/@oclif/plugin-help/node_modules/@oclif/plugin-help": { - "version": "3.2.14", - "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-3.2.14.tgz", - "integrity": "sha512-NP5qmE2YfcW3MmXjcrxiqKe9Hf3G0uK/qNc0zAMYKU4crFyIsWj7dBfQVFZSb28YXGioOOpjMzG1I7VMxKF38Q==", - "dependencies": { - "@oclif/command": "^1.8.9", - "@oclif/config": "^1.18.2", - "@oclif/errors": "^1.3.5", - "chalk": "^4.1.2", - "indent-string": "^4.0.0", - "lodash": "^4.17.21", - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "widest-line": "^3.1.0", - "wrap-ansi": "^6.2.0" - }, - "engines": { - "node": ">=8.0.0" - } - }, "node_modules/@oclif/plugin-help/node_modules/chalk": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", @@ -4148,9 +4148,9 @@ } }, "node_modules/balena-sdk": { - "version": "16.40.0", - "resolved": "https://registry.npmjs.org/balena-sdk/-/balena-sdk-16.40.0.tgz", - "integrity": "sha512-w7oP/oESZnymWtngieQrR3YJAR+CLSnys5RllPZBtZ5vYZsSHdrdRRMamlemy5ydCQN4q66Uw95U20bBXigT5g==", + "version": "16.45.1", + "resolved": "https://registry.npmjs.org/balena-sdk/-/balena-sdk-16.45.1.tgz", + "integrity": "sha512-pY3anTkmEcOp8GEgjkeJl8aj7SZBWifh4DSp8sUnryE0U7IGA3UcKggsfMjYsP1ZKvPlAvweNHQuUujfBOHbXg==", "dependencies": { "@balena/es-version": "^1.0.0", "@types/json-schema": "^7.0.9", @@ -4527,6 +4527,7 @@ "node_modules/bonjour": { "version": "3.5.0", "resolved": "git+ssh://git@github.com/balena-io-modules/bonjour.git#e018851dc823b4b3f670f658f71d0c1c7f3e637c", + "integrity": "sha512-JCw9ygNWGhAngIABMPiBlBlyPYVDFwllFa0Xuory9yatGday0pmSBRJhYMXqIJ4vmqDkPVqTD5JV+YM8ypLRKg==", "license": "MIT", "dependencies": { "array-flatten": "^2.1.0", @@ -13488,6 +13489,7 @@ "node_modules/multicast-dns": { "version": "6.1.1", "resolved": "git+ssh://git@github.com/resin-io-modules/multicast-dns.git#db98d68b79bbefc936b6799de9de1038ba49f85d", + "integrity": "sha512-AYHxmNN71KOfxHElYREhx8LqjIpfc3WFhq+Oht9IOEk82jXXF9qRavowyUvc9JLkPjUzLZmjy14/a1NtBduQoQ==", "license": "MIT", "dependencies": { "dns-packet": "^1.0.1", @@ -24027,6 +24029,25 @@ "@oclif/plugin-help": "3.2.14", "debug": "^4.1.1", "semver": "^7.3.2" + }, + "dependencies": { + "@oclif/plugin-help": { + "version": "3.2.14", + "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-3.2.14.tgz", + "integrity": "sha512-NP5qmE2YfcW3MmXjcrxiqKe9Hf3G0uK/qNc0zAMYKU4crFyIsWj7dBfQVFZSb28YXGioOOpjMzG1I7VMxKF38Q==", + "requires": { + "@oclif/command": "^1.8.9", + "@oclif/config": "^1.18.2", + "@oclif/errors": "^1.3.5", + "chalk": "^4.1.2", + "indent-string": "^4.0.0", + "lodash": "^4.17.21", + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "widest-line": "^3.1.0", + "wrap-ansi": "^6.2.0" + } + } } }, "@oclif/errors": { @@ -24053,23 +24074,6 @@ } } }, - "@oclif/plugin-help": { - "version": "3.2.14", - "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-3.2.14.tgz", - "integrity": "sha512-NP5qmE2YfcW3MmXjcrxiqKe9Hf3G0uK/qNc0zAMYKU4crFyIsWj7dBfQVFZSb28YXGioOOpjMzG1I7VMxKF38Q==", - "requires": { - "@oclif/command": "^1.8.9", - "@oclif/config": "^1.18.2", - "@oclif/errors": "^1.3.5", - "chalk": "^4.1.2", - "indent-string": "^4.0.0", - "lodash": "^4.17.21", - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "widest-line": "^3.1.0", - "wrap-ansi": "^6.2.0" - } - }, "chalk": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", @@ -25814,9 +25818,9 @@ } }, "balena-sdk": { - "version": "16.40.0", - "resolved": "https://registry.npmjs.org/balena-sdk/-/balena-sdk-16.40.0.tgz", - "integrity": "sha512-w7oP/oESZnymWtngieQrR3YJAR+CLSnys5RllPZBtZ5vYZsSHdrdRRMamlemy5ydCQN4q66Uw95U20bBXigT5g==", + "version": "16.45.1", + "resolved": "https://registry.npmjs.org/balena-sdk/-/balena-sdk-16.45.1.tgz", + "integrity": "sha512-pY3anTkmEcOp8GEgjkeJl8aj7SZBWifh4DSp8sUnryE0U7IGA3UcKggsfMjYsP1ZKvPlAvweNHQuUujfBOHbXg==", "requires": { "@balena/es-version": "^1.0.0", "@types/json-schema": "^7.0.9", @@ -38117,7 +38121,6 @@ }, "unbzip2-stream": { "version": "git+ssh://git@github.com/balena-io-modules/unbzip2-stream.git#4a54f56a25b58950f9e4277c56db2912d62242e7", - "integrity": "sha512-brk1qgoQuqWAWifAFEyC7At0CZxuHL90kd3S2Sdmd1GrOcUGl2bey0Bu6MVc25xAXMz7WITNKD8hxyBpNmeOdg==", "from": "unbzip2-stream@github:balena-io-modules/unbzip2-stream#4a54f56a25b58950f9e4277c56db2912d62242e7" }, "union-value": { diff --git a/package.json b/package.json index 60bfea6e..525c7b00 100644 --- a/package.json +++ b/package.json @@ -207,7 +207,7 @@ "balena-image-fs": "^7.0.6", "balena-image-manager": "^8.0.0", "balena-preload": "^13.0.0", - "balena-sdk": "^16.40.0", + "balena-sdk": "^16.44.2", "balena-semver": "^2.3.0", "balena-settings-client": "^4.0.7", "balena-settings-storage": "^7.0.0", From f0c8c370228676313d57b00505c589f1832ec0d4 Mon Sep 17 00:00:00 2001 From: Alex Gonzalez Date: Fri, 12 May 2023 16:02:32 +0200 Subject: [PATCH 3/5] os configure, config generate: Add '--secureBoot' option to opt-in secure boot Allow to generate a config file with `installer.secureboot` set so that a secure boot and disk encrypted system can be installed. Change-type: minor Signed-off-by: Alex Gonzalez --- docs/balena-cli.md | 15 ++++++++ lib/commands/config/generate.ts | 21 ++++++++++- lib/commands/os/configure.ts | 21 ++++++++++- lib/utils/common-flags.ts | 6 +++ lib/utils/config.ts | 66 +++++++++++++++++++++++++++++++++ lib/utils/messages.ts | 4 ++ 6 files changed, 131 insertions(+), 2 deletions(-) diff --git a/docs/balena-cli.md b/docs/balena-cli.md index 3711bd46..65ebcd7b 100644 --- a/docs/balena-cli.md +++ b/docs/balena-cli.md @@ -2160,6 +2160,9 @@ confuse the balenaOS "development mode" with a device's "local mode", the latter being a supervisor feature that allows the "balena push" command to push a user's application directly to a device in the local network. +The '--secureBoot' option is used to configure a balenaOS installer image to opt-in +secure boot and disk encryption. + The --system-connection (-c) option is used to inject NetworkManager connection profiles for additional network interfaces, such as cellular/GSM or additional WiFi or ethernet connections. This option may be passed multiple times in case there @@ -2230,6 +2233,10 @@ WiFi SSID (network name) (non-interactive configuration) Configure balenaOS to operate in development mode +#### --secureBoot + +Configure balenaOS installer to opt-in secure boot and disk encryption + #### -d, --device DEVICE device UUID @@ -2314,6 +2321,9 @@ confuse the balenaOS "development mode" with a device's "local mode", the latter being a supervisor feature that allows the "balena push" command to push a user's application directly to a device in the local network. +The '--secureBoot' option is used to configure a balenaOS installer image to opt-in +secure boot and disk encryption. + To configure an image for a fleet of mixed device types, use the --fleet option alongside the --deviceType option to specify the target device type. @@ -2337,6 +2347,7 @@ Examples: $ balena config generate --device 7cf02a6 --version 2.12.7 --deviceApiKey $ balena config generate --device 7cf02a6 --version 2.12.7 --output config.json $ balena config generate --fleet myorg/fleet --version 2.12.7 --dev + $ balena config generate --fleet myorg/fleet --version 2.12.7 --secureBoot $ balena config generate --fleet myorg/fleet --version 2.12.7 --deviceType fincm3 $ balena config generate --fleet myorg/fleet --version 2.12.7 --output config.json $ balena config generate --fleet myorg/fleet --version 2.12.7 --network wifi --wifiSsid mySsid --wifiKey abcdefgh --appUpdatePollInterval 15 @@ -2355,6 +2366,10 @@ fleet name or slug (preferred) Configure balenaOS to operate in development mode +#### --secureBoot + +Configure balenaOS installer to opt-in secure boot and disk encryption + #### -d, --device DEVICE device UUID diff --git a/lib/commands/config/generate.ts b/lib/commands/config/generate.ts index 2806a26e..cf8524c7 100644 --- a/lib/commands/config/generate.ts +++ b/lib/commands/config/generate.ts @@ -19,13 +19,18 @@ import { flags } from '@oclif/command'; import Command from '../../command'; import * as cf from '../../utils/common-flags'; import { getBalenaSdk, getCliForm, stripIndent } from '../../utils/lazy'; -import { applicationIdInfo, devModeInfo } from '../../utils/messages'; +import { + applicationIdInfo, + devModeInfo, + secureBootInfo, +} from '../../utils/messages'; import type { PineDeferred } from 'balena-sdk'; interface FlagsDef { version: string; // OS version fleet?: string; dev?: boolean; // balenaOS development variant + secureBoot?: boolean; device?: string; deviceApiKey?: string; deviceType?: string; @@ -51,6 +56,8 @@ export default class ConfigGenerateCmd extends Command { ${devModeInfo.split('\n').join('\n\t\t')} + ${secureBootInfo.split('\n').join('\n\t\t')} + To configure an image for a fleet of mixed device types, use the --fleet option alongside the --deviceType option to specify the target device type. @@ -66,6 +73,7 @@ export default class ConfigGenerateCmd extends Command { '$ balena config generate --device 7cf02a6 --version 2.12.7 --deviceApiKey ', '$ balena config generate --device 7cf02a6 --version 2.12.7 --output config.json', '$ balena config generate --fleet myorg/fleet --version 2.12.7 --dev', + '$ balena config generate --fleet myorg/fleet --version 2.12.7 --secureBoot', '$ balena config generate --fleet myorg/fleet --version 2.12.7 --deviceType fincm3', '$ balena config generate --fleet myorg/fleet --version 2.12.7 --output config.json', '$ balena config generate --fleet myorg/fleet --version 2.12.7 --network wifi --wifiSsid mySsid --wifiKey abcdefgh --appUpdatePollInterval 15', @@ -80,6 +88,7 @@ export default class ConfigGenerateCmd extends Command { }), fleet: { ...cf.fleet, exclusive: ['device'] }, dev: cf.dev, + secureBoot: cf.secureBoot, device: { ...cf.device, exclusive: [ @@ -195,6 +204,15 @@ export default class ConfigGenerateCmd extends Command { deviceType, ); + const { validateSecureBootOptionAndWarn } = await import( + '../../utils/config' + ); + await validateSecureBootOptionAndWarn( + options.secureBoot, + deviceType, + options.version, + ); + // Prompt for values // Pass params as an override: if there is any param with exactly the same name as a // required option, that value is used (and the corresponding question is not asked) @@ -203,6 +221,7 @@ export default class ConfigGenerateCmd extends Command { }); answers.version = options.version; answers.developmentMode = options.dev; + answers.secureBoot = options.secureBoot; answers.provisioningKeyName = options['provisioning-key-name']; answers.provisioningKeyExpiryDate = options['provisioning-key-expiry-date']; diff --git a/lib/commands/os/configure.ts b/lib/commands/os/configure.ts index e177f968..e1073858 100644 --- a/lib/commands/os/configure.ts +++ b/lib/commands/os/configure.ts @@ -23,7 +23,11 @@ import Command from '../../command'; import { ExpectedError } from '../../errors'; import * as cf from '../../utils/common-flags'; import { getBalenaSdk, stripIndent, getCliForm } from '../../utils/lazy'; -import { applicationIdInfo, devModeInfo } from '../../utils/messages'; +import { + applicationIdInfo, + devModeInfo, + secureBootInfo, +} from '../../utils/messages'; const CONNECTIONS_FOLDER = '/system-connections'; @@ -36,6 +40,7 @@ interface FlagsDef { 'config-wifi-key'?: string; 'config-wifi-ssid'?: string; dev?: boolean; // balenaOS development variant + secureBoot?: boolean; device?: string; // device UUID 'device-type'?: string; help?: void; @@ -53,6 +58,7 @@ interface ArgsDef { interface Answers { appUpdatePollInterval: number; // in minutes developmentMode?: boolean; // balenaOS development variant + secureBoot?: boolean; deviceType: string; // e.g. "raspberrypi3" network: 'ethernet' | 'wifi'; version: string; // e.g. "2.32.0+rev1" @@ -80,6 +86,8 @@ export default class OsConfigureCmd extends Command { ${devModeInfo.split('\n').join('\n\t\t')} + ${secureBootInfo.split('\n').join('\n\t\t')} + The --system-connection (-c) option is used to inject NetworkManager connection profiles for additional network interfaces, such as cellular/GSM or additional WiFi or ethernet connections. This option may be passed multiple times in case there @@ -140,6 +148,7 @@ export default class OsConfigureCmd extends Command { description: 'WiFi SSID (network name) (non-interactive configuration)', }), dev: cf.dev, + secureBoot: cf.secureBoot, device: { ...cf.device, exclusive: [ @@ -238,6 +247,15 @@ export default class OsConfigureCmd extends Command { const { validateDevOptionAndWarn } = await import('../../utils/config'); await validateDevOptionAndWarn(options.dev, osVersion); + const { validateSecureBootOptionAndWarn } = await import( + '../../utils/config' + ); + await validateSecureBootOptionAndWarn( + options.secureBoot, + deviceTypeSlug, + osVersion, + ); + const answers: Answers = await askQuestionsForDeviceType( deviceTypeManifest, options, @@ -248,6 +266,7 @@ export default class OsConfigureCmd extends Command { } answers.version = osVersion; answers.developmentMode = options.dev; + answers.secureBoot = options.secureBoot; answers.provisioningKeyName = options['provisioning-key-name']; answers.provisioningKeyExpiryDate = options['provisioning-key-expiry-date']; diff --git a/lib/utils/common-flags.ts b/lib/utils/common-flags.ts index 37f0a734..818b03b2 100644 --- a/lib/utils/common-flags.ts +++ b/lib/utils/common-flags.ts @@ -74,6 +74,12 @@ export const dev: IBooleanFlag = flags.boolean({ default: false, }); +export const secureBoot: IBooleanFlag = flags.boolean({ + description: + 'Configure balenaOS installer to opt-in secure boot and disk encryption', + default: false, +}); + export const drive = flags.string({ char: 'd', description: stripIndent` diff --git a/lib/utils/config.ts b/lib/utils/config.ts index 61231afa..cce020f9 100644 --- a/lib/utils/config.ts +++ b/lib/utils/config.ts @@ -52,6 +52,10 @@ export interface ImgConfig { os?: { sshKeys?: string[]; }; + + installer?: { + secureboot?: boolean; + }; } export async function generateApplicationConfig( @@ -63,6 +67,7 @@ export async function generateApplicationConfig( os?: { sshKeys?: string[]; }; + secureBoot?: boolean; }, ): Promise { options = { @@ -84,6 +89,12 @@ export async function generateApplicationConfig( : options.os.sshKeys; } + // configure installer secure boot opt-in if specified + if (options.secureBoot) { + config.installer ??= {}; + config.installer.secureboot = options.secureBoot; + } + return config; } @@ -165,3 +176,58 @@ export async function validateDevOptionAndWarn( and exposes network ports such as 2375 that allows unencrypted access to balenaEngine. Therefore, development mode should only be used in private, trusted local networks.`); } + +/** + * Chech whether the `--secureBoot` option of commands related to OS configuration + * such as `os configure` and `config generate` is compatible with a given + * OS release, and print a warning regarding the consequences of using that + * option. + */ +export async function validateSecureBootOptionAndWarn( + secureBoot?: boolean, + slug?: string, + version?: string, + logger?: import('./logger'), +) { + if (!secureBoot) { + return; + } + const { ExpectedError } = await import('../errors'); + if (!version) { + throw new ExpectedError(`Error: No version provided`); + } + if (!slug) { + throw new ExpectedError(`Error: No device type provided`); + } + const sdk = getBalenaSdk(); + const [OsRelease]: BalenaSdk.OsVersion[] = + await sdk.models.os.getAllOsVersions(`${slug}`, { + $select: 'id', + $filter: { raw_version: `${version.replace(/^v/, '')}` }, + }); + if (!OsRelease) { + throw new ExpectedError(`Error: No ${version} release for ${slug}`); + } + const OsContract = await sdk.models.release.get(OsRelease.id, { + $select: 'contract', + }); + const yaml = require('js-yaml'); + const contract = yaml.load(OsContract['contract']); + if ( + contract.provides.some((entry: Dictionary) => { + return entry.type === 'sw.feature' && entry.slug === 'secureboot'; + }) + ) { + if (!logger) { + const Logger = await import('./logger'); + logger = Logger.getLogger(); + } + logger.logInfo(stripIndent` + The '--secureBoot' option is being used to configure a balenaOS installer image + into secure boot and full disk encryption.`); + } else { + throw new ExpectedError( + `Error: The '--secureBoot' option is not supported for ${slug} in ${version}`, + ); + } +} diff --git a/lib/utils/messages.ts b/lib/utils/messages.ts index ec9f21b8..530bc553 100644 --- a/lib/utils/messages.ts +++ b/lib/utils/messages.ts @@ -169,6 +169,10 @@ confuse the balenaOS "development mode" with a device's "local mode", the latter being a supervisor feature that allows the "balena push" command to push a user's application directly to a device in the local network.`; +export const secureBootInfo = `\ +The '--secureBoot' option is used to configure a balenaOS installer image to opt-in +secure boot and disk encryption.`; + export const jsonInfo = `\ The --json option is recommended when scripting the output of this command, because field names are less likely to change in JSON format and because it From 83a5e7392adc371b8e4c3edfe7efb22b5f3f6eee Mon Sep 17 00:00:00 2001 From: Thodoris Greasidis Date: Fri, 19 May 2023 19:14:31 +0300 Subject: [PATCH 4/5] secureboot: Retrieve the OS release & contract in one request Change-type: patch --- lib/utils/config.ts | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/lib/utils/config.ts b/lib/utils/config.ts index cce020f9..a2a52d5d 100644 --- a/lib/utils/config.ts +++ b/lib/utils/config.ts @@ -200,21 +200,25 @@ export async function validateSecureBootOptionAndWarn( throw new ExpectedError(`Error: No device type provided`); } const sdk = getBalenaSdk(); - const [OsRelease]: BalenaSdk.OsVersion[] = - await sdk.models.os.getAllOsVersions(`${slug}`, { - $select: 'id', - $filter: { raw_version: `${version.replace(/^v/, '')}` }, - }); - if (!OsRelease) { + const releasePineOpts = { + $select: 'contract', + $filter: { raw_version: `${version.replace(/^v/, '')}` }, + } satisfies BalenaSdk.PineOptions; + // TODO: Remove the added type casting when the SDK returns the fully typed result + const [osRelease] = (await sdk.models.os.getAllOsVersions( + slug, + releasePineOpts, + )) as Array< + BalenaSdk.OsVersion & + BalenaSdk.PineTypedResult + >; + if (!osRelease) { throw new ExpectedError(`Error: No ${version} release for ${slug}`); } - const OsContract = await sdk.models.release.get(OsRelease.id, { - $select: 'contract', - }); - const yaml = require('js-yaml'); - const contract = yaml.load(OsContract['contract']); + + const contract = osRelease.contract ? JSON.parse(osRelease.contract) : null; if ( - contract.provides.some((entry: Dictionary) => { + contract?.provides.some((entry: Dictionary) => { return entry.type === 'sw.feature' && entry.slug === 'secureboot'; }) ) { From 0c62b9ef084f449ed303643b20b3b4dd95fc2f2e Mon Sep 17 00:00:00 2001 From: Thodoris Greasidis Date: Fri, 19 May 2023 20:28:12 +0300 Subject: [PATCH 5/5] Deduplicate npm-shrinkwra.json --- npm-shrinkwrap.json | 103 ++++++++++++++++++++++---------------------- 1 file changed, 52 insertions(+), 51 deletions(-) diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index a4a8a512..0d542e43 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -2100,26 +2100,6 @@ "@oclif/config": "^1" } }, - "node_modules/@oclif/plugin-help/node_modules/@oclif/command/node_modules/@oclif/plugin-help": { - "version": "3.2.14", - "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-3.2.14.tgz", - "integrity": "sha512-NP5qmE2YfcW3MmXjcrxiqKe9Hf3G0uK/qNc0zAMYKU4crFyIsWj7dBfQVFZSb28YXGioOOpjMzG1I7VMxKF38Q==", - "dependencies": { - "@oclif/command": "^1.8.9", - "@oclif/config": "^1.18.2", - "@oclif/errors": "^1.3.5", - "chalk": "^4.1.2", - "indent-string": "^4.0.0", - "lodash": "^4.17.21", - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "widest-line": "^3.1.0", - "wrap-ansi": "^6.2.0" - }, - "engines": { - "node": ">=8.0.0" - } - }, "node_modules/@oclif/plugin-help/node_modules/@oclif/errors": { "version": "1.3.5", "resolved": "https://registry.npmjs.org/@oclif/errors/-/errors-1.3.5.tgz", @@ -2151,6 +2131,26 @@ "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, + "node_modules/@oclif/plugin-help/node_modules/@oclif/plugin-help": { + "version": "3.2.14", + "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-3.2.14.tgz", + "integrity": "sha512-NP5qmE2YfcW3MmXjcrxiqKe9Hf3G0uK/qNc0zAMYKU4crFyIsWj7dBfQVFZSb28YXGioOOpjMzG1I7VMxKF38Q==", + "dependencies": { + "@oclif/command": "^1.8.9", + "@oclif/config": "^1.18.2", + "@oclif/errors": "^1.3.5", + "chalk": "^4.1.2", + "indent-string": "^4.0.0", + "lodash": "^4.17.21", + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "widest-line": "^3.1.0", + "wrap-ansi": "^6.2.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, "node_modules/@oclif/plugin-help/node_modules/chalk": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", @@ -3048,9 +3048,9 @@ } }, "node_modules/@types/node": { - "version": "16.18.30", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.30.tgz", - "integrity": "sha512-Kmp/wBZk19Dn7uRiol8kF8agnf8m0+TU9qIwyfPmXglVxMlmiIz0VQSMw5oFgwhmD2aKTlfBIO5FtsVj3y7hKQ==" + "version": "16.18.31", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.31.tgz", + "integrity": "sha512-KPXltf4z4g517OlVJO9XQ2357CYw7fvuJ3ZuBynjXC5Jos9i+K7LvFb7bUIwtJXSZj0vTp9Q6NJBSQpkwwO8Zw==" }, "node_modules/@types/node-cleanup": { "version": "2.1.2", @@ -19437,9 +19437,9 @@ } }, "node_modules/tslib": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz", - "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg==" + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.2.tgz", + "integrity": "sha512-5svOrSA2w3iGFDs1HibEVBGbDrAY82bFQ3HZ3ixB+88nsbsWQoKqDRb5UBYAUPEzbBn6dAp5gRNXglySbx1MlA==" }, "node_modules/tslint": { "version": "6.1.3", @@ -24029,25 +24029,6 @@ "@oclif/plugin-help": "3.2.14", "debug": "^4.1.1", "semver": "^7.3.2" - }, - "dependencies": { - "@oclif/plugin-help": { - "version": "3.2.14", - "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-3.2.14.tgz", - "integrity": "sha512-NP5qmE2YfcW3MmXjcrxiqKe9Hf3G0uK/qNc0zAMYKU4crFyIsWj7dBfQVFZSb28YXGioOOpjMzG1I7VMxKF38Q==", - "requires": { - "@oclif/command": "^1.8.9", - "@oclif/config": "^1.18.2", - "@oclif/errors": "^1.3.5", - "chalk": "^4.1.2", - "indent-string": "^4.0.0", - "lodash": "^4.17.21", - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "widest-line": "^3.1.0", - "wrap-ansi": "^6.2.0" - } - } } }, "@oclif/errors": { @@ -24074,6 +24055,23 @@ } } }, + "@oclif/plugin-help": { + "version": "3.2.14", + "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-3.2.14.tgz", + "integrity": "sha512-NP5qmE2YfcW3MmXjcrxiqKe9Hf3G0uK/qNc0zAMYKU4crFyIsWj7dBfQVFZSb28YXGioOOpjMzG1I7VMxKF38Q==", + "requires": { + "@oclif/command": "^1.8.9", + "@oclif/config": "^1.18.2", + "@oclif/errors": "^1.3.5", + "chalk": "^4.1.2", + "indent-string": "^4.0.0", + "lodash": "^4.17.21", + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "widest-line": "^3.1.0", + "wrap-ansi": "^6.2.0" + } + }, "chalk": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", @@ -24894,9 +24892,9 @@ } }, "@types/node": { - "version": "16.18.30", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.30.tgz", - "integrity": "sha512-Kmp/wBZk19Dn7uRiol8kF8agnf8m0+TU9qIwyfPmXglVxMlmiIz0VQSMw5oFgwhmD2aKTlfBIO5FtsVj3y7hKQ==" + "version": "16.18.31", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.31.tgz", + "integrity": "sha512-KPXltf4z4g517OlVJO9XQ2357CYw7fvuJ3ZuBynjXC5Jos9i+K7LvFb7bUIwtJXSZj0vTp9Q6NJBSQpkwwO8Zw==" }, "@types/node-cleanup": { "version": "2.1.2", @@ -26153,6 +26151,7 @@ }, "bonjour": { "version": "git+ssh://git@github.com/balena-io-modules/bonjour.git#e018851dc823b4b3f670f658f71d0c1c7f3e637c", + "integrity": "sha512-JCw9ygNWGhAngIABMPiBlBlyPYVDFwllFa0Xuory9yatGday0pmSBRJhYMXqIJ4vmqDkPVqTD5JV+YM8ypLRKg==", "from": "bonjour@git+https://github.com/balena-io-modules/bonjour.git#fixed-mdns", "requires": { "array-flatten": "^2.1.0", @@ -33194,6 +33193,7 @@ }, "multicast-dns": { "version": "git+ssh://git@github.com/resin-io-modules/multicast-dns.git#db98d68b79bbefc936b6799de9de1038ba49f85d", + "integrity": "sha512-AYHxmNN71KOfxHElYREhx8LqjIpfc3WFhq+Oht9IOEk82jXXF9qRavowyUvc9JLkPjUzLZmjy14/a1NtBduQoQ==", "from": "multicast-dns@git+https://github.com/resin-io-modules/multicast-dns#listen-on-all-interfaces", "requires": { "dns-packet": "^1.0.1", @@ -37867,9 +37867,9 @@ } }, "tslib": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz", - "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg==" + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.2.tgz", + "integrity": "sha512-5svOrSA2w3iGFDs1HibEVBGbDrAY82bFQ3HZ3ixB+88nsbsWQoKqDRb5UBYAUPEzbBn6dAp5gRNXglySbx1MlA==" }, "tslint": { "version": "6.1.3", @@ -38121,6 +38121,7 @@ }, "unbzip2-stream": { "version": "git+ssh://git@github.com/balena-io-modules/unbzip2-stream.git#4a54f56a25b58950f9e4277c56db2912d62242e7", + "integrity": "sha512-brk1qgoQuqWAWifAFEyC7At0CZxuHL90kd3S2Sdmd1GrOcUGl2bey0Bu6MVc25xAXMz7WITNKD8hxyBpNmeOdg==", "from": "unbzip2-stream@github:balena-io-modules/unbzip2-stream#4a54f56a25b58950f9e4277c56db2912d62242e7" }, "union-value": {