lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity

fix(iso): verify_backend_version uses fixed-string substring match

Browse Source 
Anchored regex was too strict — `strings` concatenates adjacent printable
bytes so the version never sits on its own line. The 1.5.0-alpha binary
DOES contain the version but as part of `1.5.0-alpharpcNot Found`. Fixed
by switching to `grep -qF $VERSION`: substring match is safe because the
version string is specific enough that accidental collisions are
vanishingly unlikely.

Caught mid-build today: check rejected the correct local binary, fell
through to container source-build — ISO still produced correctly but
wasted ~10 min on an unnecessary rebuild.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian 2026-04-19 15:41:48 -04:00
parent fe963a1a8b
commit 361ebea85c
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
image-recipe/build-auto-installer-iso.sh
View File

@ -1024,17 +1024,18 @@ echo " Expected backend version (from Cargo.toml): $EXPECTED_VERSION"
verify_backend_version() { verify_backend_version() {
local bin="$1" local bin="$1"
local embedded # CARGO_PKG_VERSION is compiled into the binary as a string literal.
# CARGO_PKG_VERSION is compiled into the binary as a string literal; # `strings` output concatenates adjacent printable bytes, so the
# the easiest way to recover it without running the daemon is to grep # version rarely sits on its own line — a fixed-string substring
# the binary for an anchored version string. This is cheap and safe. # match is the right tool. The version is specific enough (e.g.
embedded=$(strings "$bin" 2>/dev/null | grep -E "^${EXPECTED_VERSION}$" | head -1) # "1.5.0-alpha") that accidental collisions with unrelated data
if [ -z "$embedded" ]; then # are vanishingly unlikely.
echo " ⚠️ Captured binary does NOT contain expected version $EXPECTED_VERSION — it is stale" if strings "$bin" 2>/dev/null | grep -qF "$EXPECTED_VERSION"; then
return 1 echo " ✅ Version match: binary contains $EXPECTED_VERSION"
return 0
fi fi
echo " ✅ Version match: binary contains $EXPECTED_VERSION" echo " ⚠️ Captured binary does NOT contain expected version $EXPECTED_VERSION — it is stale"
return 0 return 1
} }
# Check for local release binary first (works for both BUILD_FROM_SOURCE and normal mode) # Check for local release binary first (works for both BUILD_FROM_SOURCE and normal mode)