chore: Validate checksums of downloaded files in build chain (#6057)

* chore: Validate checksums of downloaded files in build chain Signed-off-by: jannfis <jann@mistrust.net> * Fix arm install of kustomize Signed-off-by: jannfis <jann@mistrust.net> * Add sudo package to Go builder image Signed-off-by: jannfis <jann@mistrust.net>
2026-04-21 17:07:16 +00:00 · 2021-04-19 18:46:21 +02:00 · 2021-04-19 18:46:21 +02:00 · 66f36ff002
commit 66f36ff002
parent 3e43ecaa2d
25 changed files with 117 additions and 54 deletions
--- a/1
+++ b/1
@ -17,6 +17,7 @@ RUN apt-get update && apt-get install -y \
    make \
    wget \
    gcc \
+    sudo \
    zip && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
--- a/12
+++ b/12
@ -532,16 +532,16 @@ install-tools-local: install-test-tools-local install-codegen-tools-local instal
 # Installs all tools required for running unit & end-to-end tests (Linux packages)
 .PHONY: install-test-tools-local
 install-test-tools-local:
-	sudo ./hack/install.sh packr-linux
-	sudo ./hack/install.sh kustomize-linux
-	sudo ./hack/install.sh ksonnet-linux
-	sudo ./hack/install.sh helm2-linux
-	sudo ./hack/install.sh helm-linux
+	./hack/install.sh packr-linux
+	./hack/install.sh kustomize-linux
+	./hack/install.sh ksonnet-linux
+	./hack/install.sh helm2-linux
+	./hack/install.sh helm-linux

 # Installs all tools required for running codegen (Linux packages)
 .PHONY: install-codegen-tools-local
 install-codegen-tools-local:
-	sudo ./hack/install.sh codegen-tools
+	./hack/install.sh codegen-tools

 # Installs all tools required for running codegen (Go packages)
 .PHONY: install-go-tools-local
--- a/hack/installers/checksums/helm-v2.16.0-linux-amd64.tar.gz.sha256
+++ b/hack/installers/checksums/helm-v2.16.0-linux-amd64.tar.gz.sha256
@ -0,0 +1 @@
+2d9124f582a33b269f48215a00922b3dcf7a03f265499886ba956fbc03ff9892  helm-v2.16.0-linux-amd64.tar.gz
--- a/hack/installers/checksums/helm-v2.17.0-linux-amd64.tar.gz.sha256
+++ b/hack/installers/checksums/helm-v2.17.0-linux-amd64.tar.gz.sha256
@ -0,0 +1 @@
+f3bec3c7c55f6a9eb9e6586b8c503f370af92fe987fcbf741f37707606d70296  helm-v2.17.0-linux-amd64.tar.gz
--- a/hack/installers/checksums/helm-v3.5.1-linux-amd64.tar.gz.sha256
+++ b/hack/installers/checksums/helm-v3.5.1-linux-amd64.tar.gz.sha256
@ -0,0 +1 @@
+cad8f2f55a87cfd4d79312625c6af62c1e22eb1dab750f00aa1d394c601a2e6b  helm-v3.5.1-linux-amd64.tar.gz
--- a/hack/installers/checksums/jq-1.6-linux-amd64.sha256
+++ b/hack/installers/checksums/jq-1.6-linux-amd64.sha256
@ -0,0 +1 @@
+af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44  jq-1.6-linux-amd64
--- a/hack/installers/checksums/ks_0.13.1_linux_amd64.tar.gz.sha256
+++ b/hack/installers/checksums/ks_0.13.1_linux_amd64.tar.gz.sha256
@ -0,0 +1 @@
+fe76e414e5cba3f093e34e1b433f79cd53915e3153b68cff5ba3273cafd8a2a0  ks_0.13.1_linux_amd64.tar.gz
--- a/hack/installers/checksums/kubectl_amd64_1.17.8.sha256
+++ b/hack/installers/checksums/kubectl_amd64_1.17.8.sha256
@ -0,0 +1 @@
+01283cbc2b09555cbf2a71c162097552a62a4fd48a0a4c06e34e9b853b815486  kubectl_amd64_1.17.8
--- a/hack/installers/checksums/kubectx-0.6.3.zip.sha256
+++ b/hack/installers/checksums/kubectx-0.6.3.zip.sha256
@ -0,0 +1 @@
+4e501055d37829d3b3834c5883017a785e56bf9b8b8712040a504a7ead04472d  kubectx-0.6.3.zip
--- a/hack/installers/checksums/kustomize_3.9.4_linux_amd64.tar.gz.sha256
+++ b/hack/installers/checksums/kustomize_3.9.4_linux_amd64.tar.gz.sha256
@ -0,0 +1 @@
+439c6bda9086399477e4f847b16b9b45ee695391b4f5d6e4107374ad149050b0  kustomize_3.9.4_linux_amd64.tar.gz
--- a/hack/installers/checksums/packr_linux_amd64_1.21.9.tar.gz.sha256
+++ b/hack/installers/checksums/packr_linux_amd64_1.21.9.tar.gz.sha256
@ -0,0 +1 @@
+212cf9f6f390c1023f9f5c35ad9fb0ca629bba9484ee2034b97803e09925bf55  packr_linux_amd64_1.21.9.tar.gz
--- a/hack/installers/checksums/protoc_3.7.1_linux_amd64.zip.sha256
+++ b/hack/installers/checksums/protoc_3.7.1_linux_amd64.zip.sha256
@ -0,0 +1 @@
+24ea6924faaf94d4a0c5850fdb278290a326eff9a68f36ee5809654faccd0e10  protoc_3.7.1_linux_amd64.zip
--- a/hack/installers/checksums/swagger_linux_amd64_0.19.0.sha256
+++ b/hack/installers/checksums/swagger_linux_amd64_0.19.0.sha256
@ -0,0 +1 @@
+9a5dd86578a93d0e829f3607e12b8e6567fd0b5dc9ad805e1097978f30e060e2  swagger_linux_amd64_0.19.0
--- a/hack/installers/compare-chksum.sh
+++ b/hack/installers/compare-chksum.sh
@ -0,0 +1,26 @@
+#!/bin/sh
+set -ex
+
+if test "${TARGET_FILE}" = ""; then
+	echo "Need to define \$TARGET_FILE" >&2
+	exit 1
+fi
+
+CHKSUM_FILE=$(cd "$(dirname "$0")" && pwd)/checksums/${TARGET_FILE}.sha256
+
+cd "${DOWNLOADS}" || (
+	echo "Can't change directory to ${DOWNLOAD}" >&2
+	exit 1
+)
+
+if ! test -f "${TARGET_FILE}"; then
+	echo "Archive to be checked (${TARGET_FILE}) does not exist" >&2
+	exit 1
+fi
+
+if ! grep -q "${TARGET_FILE}" ${CHKSUM_FILE}; then
+	echo "No checksum for ${TARGET_FILE} in ${CHKSUM_FILE}" >&2
+	exit 1
+fi
+
+sha256sum -c ${CHKSUM_FILE}
--- a/hack/installers/install-helm-linux.sh
+++ b/hack/installers/install-helm-linux.sh
@ -3,7 +3,10 @@ set -eux -o pipefail

 . $(dirname $0)/../tool-versions.sh

-[ -e $DOWNLOADS/helm.tar.gz ] || curl -sLf --retry 3 -o $DOWNLOADS/helm.tar.gz https://get.helm.sh/helm-v${helm3_version}-linux-$ARCHITECTURE.tar.gz
-mkdir -p /tmp/helm && tar -C /tmp/helm -xf $DOWNLOADS/helm.tar.gz
-cp /tmp/helm/linux-$ARCHITECTURE/helm $BIN/helm
+export TARGET_FILE=helm-v${helm3_version}-linux-${ARCHITECTURE}.tar.gz
+
+[ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} https://get.helm.sh/helm-v${helm3_version}-linux-$ARCHITECTURE.tar.gz
+$(dirname $0)/compare-chksum.sh
+mkdir -p /tmp/helm && tar -C /tmp/helm -xf $DOWNLOADS/${TARGET_FILE}
+sudo install -m 0755 /tmp/helm/linux-$ARCHITECTURE/helm $BIN/helm
 helm version --client
--- a/hack/installers/install-helm2-linux.sh
+++ b/hack/installers/install-helm2-linux.sh
@ -3,7 +3,10 @@ set -eux -o pipefail

 . $(dirname $0)/../tool-versions.sh

-[ -e $DOWNLOADS/helm2.tar.gz ] || curl -sLf --retry 3 -o $DOWNLOADS/helm2.tar.gz https://storage.googleapis.com/kubernetes-helm/helm-v${helm2_version}-linux-$ARCHITECTURE.tar.gz
-mkdir -p /tmp/helm2 && tar -C /tmp/helm2 -xf $DOWNLOADS/helm2.tar.gz
-cp /tmp/helm2/linux-$ARCHITECTURE/helm $BIN/helm2
+export TARGET_FILE=helm-v${helm2_version}-linux-${ARCHITECTURE}.tar.gz
+
+[ -e ${DOWNLOADS}/${TARGET_FILE} ] || curl -sLf --retry 3 -o ${DOWNLOADS}/${TARGET_FILE} https://storage.googleapis.com/kubernetes-helm/helm-v${helm2_version}-linux-$ARCHITECTURE.tar.gz
+$(dirname $0)/compare-chksum.sh
+mkdir -p /tmp/helm2 && tar -C /tmp/helm2 -xf $DOWNLOADS/${TARGET_FILE}
+sudo install -m 0755 /tmp/helm2/linux-$ARCHITECTURE/helm $BIN/helm2
 helm2 version --client
--- a/hack/installers/install-jq-linux.sh
+++ b/hack/installers/install-jq-linux.sh
@ -3,7 +3,9 @@ set -eux -o pipefail

 . $(dirname $0)/../tool-versions.sh

-[ -e $DOWNLOADS/jq ] || curl -sLf --retry 3 -o $DOWNLOADS/jq https://github.com/stedolan/jq/releases/download/jq-${jq_version}/jq-linux64
-cp $DOWNLOADS/jq $BIN/jq
-chmod +x $BIN/jq
+export TARGET_FILE=jq-${jq_version}-linux-amd64
+
+[ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} https://github.com/stedolan/jq/releases/download/jq-${jq_version}/jq-linux64
+$(dirname $0)/compare-chksum.sh
+sudo install -m 0755 $DOWNLOADS/${TARGET_FILE} $BIN/jq
 jq --version
--- a/hack/installers/install-ksonnet-linux.sh
+++ b/hack/installers/install-ksonnet-linux.sh
@ -12,14 +12,15 @@ case $ARCHITECTURE in
    set -o pipefail
    cd $GOPATH/src/github.com/ksonnet/ksonnet && git checkout tags/v$KSONNET_VERSION
    cd $GOPATH/src/github.com/ksonnet/ksonnet && CGO_ENABLED=0 GO_LDFLAGS="-s" make install
-    mv $GOPATH/bin/ks $BIN/ks
+    sudo mv $GOPATH/bin/ks $BIN/ks
    ;;
  *)
-    [ -e $DOWNLOADS/ks.tar.gz ] || curl -sLf --retry 3 -o $DOWNLOADS/ks.tar.gz https://github.com/ksonnet/ksonnet/releases/download/v${KSONNET_VERSION}/ks_${KSONNET_VERSION}_linux_${ARCHITECTURE}.tar.gz
-    tar -C /tmp -xf $DOWNLOADS/ks.tar.gz
-    cp /tmp/ks_${KSONNET_VERSION}_linux_${ARCHITECTURE}/ks $BIN/ks
+    export TARGET_FILE=ks_${ksonnet_version}_linux_${ARCHITECTURE}.tar.gz
+    [ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} https://github.com/ksonnet/ksonnet/releases/download/v${KSONNET_VERSION}/ks_${KSONNET_VERSION}_linux_${ARCHITECTURE}.tar.gz
+    $(dirname $0)/compare-chksum.sh
+    tar -C /tmp -xf $DOWNLOADS/${TARGET_FILE}
+    sudo install -m 0755 /tmp/ks_${KSONNET_VERSION}_linux_${ARCHITECTURE}/ks $BIN/ks
    ;;
 esac

-chmod +x $BIN/ks
 ks version
--- a/hack/installers/install-kubectl-linux.sh
+++ b/hack/installers/install-kubectl-linux.sh
@ -3,7 +3,9 @@ set -eux -o pipefail

 . $(dirname $0)/../tool-versions.sh

+export TARGET_FILE=kubectl_${ARCHITECTURE}_${kubectl_version}
+
 # NOTE: keep the version synced with https://storage.googleapis.com/kubernetes-release/release/stable.txt
-[ -e $DOWNLOADS/kubectl ] || curl -sLf --retry 3 -o $DOWNLOADS/kubectl https://storage.googleapis.com/kubernetes-release/release/v${kubectl_version}/bin/linux/$ARCHITECTURE/kubectl
-cp $DOWNLOADS/kubectl $BIN/
-chmod +x $BIN/kubectl
+[ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o ${DOWNLOADS}/${TARGET_FILE} https://storage.googleapis.com/kubernetes-release/release/v${kubectl_version}/bin/linux/$ARCHITECTURE/kubectl
+$(dirname $0)/compare-chksum.sh
+sudo install -m 0755 ${DOWNLOADS}/${TARGET_FILE} $BIN/kubectl
--- a/hack/installers/install-kubectx-linux.sh
+++ b/hack/installers/install-kubectx-linux.sh
@ -3,10 +3,11 @@ set -eux -o pipefail

 . $(dirname $0)/../tool-versions.sh

-[ -e $DOWNLOADS/kubectx.zip ] || curl -sLf --retry 3 -o $DOWNLOADS/kubectx.zip https://github.com/ahmetb/kubectx/archive/v${kubectx_version}.zip
-unzip $DOWNLOADS/kubectx.zip kubectx-${kubectx_version}/kubectx -d $DOWNLOADS
-unzip $DOWNLOADS/kubectx.zip kubectx-${kubectx_version}/kubens -d $DOWNLOADS
-mv $DOWNLOADS/kubectx-${kubectx_version}/kubectx $BIN/
-mv $DOWNLOADS/kubectx-${kubectx_version}/kubens $BIN/
-chmod +x $BIN/kubectx
-chmod +x $BIN/kubens
+export TARGET_FILE=kubectx-${kubectx_version}.zip
+
+[ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} https://github.com/ahmetb/kubectx/archive/v${kubectx_version}.zip
+$(dirname $0)/compare-chksum.sh
+unzip $DOWNLOADS/${TARGET_FILE} kubectx-${kubectx_version}/kubectx -d $DOWNLOADS
+unzip $DOWNLOADS/${TARGET_FILE} kubectx-${kubectx_version}/kubens -d $DOWNLOADS
+sudo install -m 0755 $DOWNLOADS/kubectx-${kubectx_version}/kubectx $BIN/kubectx
+sudo install -m 0755 $DOWNLOADS/kubectx-${kubectx_version}/kubens $BIN/kubens
--- a/hack/installers/install-kustomize-linux.sh
+++ b/hack/installers/install-kustomize-linux.sh
@ -15,29 +15,29 @@ case $ARCHITECTURE in
  arm|arm64)
    BINNAME=kustomize
    CGO_ENABLED=0 GO111MODULE=on go get -ldflags="-s" sigs.k8s.io/kustomize/kustomize/v3@v${KUSTOMIZE_VERSION}
-    mv $GOPATH/bin/kustomize $BIN/$BINNAME
+    sudo install -m 0755 $GOPATH/bin/kustomize $BIN/$BINNAME
    ;;
  *)
    case $KUSTOMIZE_VERSION in
      2.*)
-        DL=$DOWNLOADS/kustomize-${KUSTOMIZE_VERSION}
+        export TARGET_FILE=kustomize_${KUSTOMIZE_VERSION}_linux_${ARCHITECTURE}
        URL=https://github.com/kubernetes-sigs/kustomize/releases/download/v${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_$ARCHITECTURE
        BINNAME=kustomize2
-        [ -e $DL ] || curl -sLf --retry 3 -o $DL $URL
-        mv $DL $BIN/$BINNAME
+        [ -e ${DOWNLOADS}/${TARGET_FILE} ] || curl -sLf --retry 3 -o ${DOWNLOADS}/${TARGET_FILE} "$URL"
+        $(dirname $0)/compare-chksum.sh
+        sudo install -m 0755 ${DOWNLOADS}/${TARGET_FILE} $BIN/$BINNAME
        ;;
      *)
-        DL=$DOWNLOADS/kustomize-${KUSTOMIZE_VERSION}.tar.gz
+        export TARGET_FILE=kustomize_${KUSTOMIZE_VERSION}_linux_${ARCHITECTURE}.tar.gz
        URL=https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_$ARCHITECTURE.tar.gz
        BINNAME=kustomize
-
-        [ -e $DL ] || curl -sLf --retry 3 -o $DL $URL
-        tar -C /tmp -xf $DL
-        mv /tmp/kustomize $BIN/$BINNAME
+        [ -e ${DOWNLOADS}/${TARGET_FILE} ] || curl -sLf --retry 3 -o ${DOWNLOADS}/${TARGET_FILE} "$URL"
+        $(dirname $0)/compare-chksum.sh
+        tar -C /tmp -xf ${DOWNLOADS}/${TARGET_FILE}
+        sudo install -m 0755 /tmp/kustomize $BIN/$BINNAME
        ;;
    esac
    ;;
 esac

-chmod +x $BIN/$BINNAME
 $BINNAME version
--- a/hack/installers/install-packr-linux.sh
+++ b/hack/installers/install-packr-linux.sh
@ -8,14 +8,16 @@ case $ARCHITECTURE in
  arm|arm64)
    go get -d github.com/gobuffalo/packr@v$PACKR_VERSION
    cd $GOPATH/pkg/mod/github.com/gobuffalo/packr@v$PACKR_VERSION && CGO_ENABLED=0 make install
-    mv $GOPATH/bin/packr $BIN/packr
+    sudo install -m 0755 $GOPATH/bin/packr $BIN/packr
    ;;
  *)
-    [ -e $DOWNLOADS/parkr.tar.gz ] || curl -sLf --retry 3 -o $DOWNLOADS/parkr.tar.gz https://github.com/gobuffalo/packr/releases/download/v${PACKR_VERSION}/packr_${PACKR_VERSION}_linux_$ARCHITECTURE.tar.gz
-    tar -vxf $DOWNLOADS/parkr.tar.gz -C /tmp/
-    cp /tmp/packr $BIN/
+    export TARGET_FILE=packr_linux_${ARCHITECTURE}_${packr_version}.tar.gz
+    [ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} https://github.com/gobuffalo/packr/releases/download/v${PACKR_VERSION}/packr_${PACKR_VERSION}_linux_$ARCHITECTURE.tar.gz
+    $(dirname $0)/compare-chksum.sh
+    mkdir -p /tmp/packr-${packr_version}
+    tar -vxf $DOWNLOADS/${TARGET_FILE} -C /tmp/packr-${packr_version}
+    sudo install -m 0755 /tmp/packr-${packr_version}/packr $BIN/packr
    ;;
 esac

-chmod +x $BIN/packr
 packr version
--- a/hack/installers/install-protoc-linux.sh
+++ b/hack/installers/install-protoc-linux.sh
@ -3,8 +3,11 @@ set -eux -o pipefail

 . $(dirname $0)/../tool-versions.sh

-[ -e $DOWNLOADS/protoc.zip ] || curl -sLf --retry 3 -o $DOWNLOADS/protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v${protoc_version}/protoc-${protoc_version}-linux-x86_64.zip
-unzip $DOWNLOADS/protoc.zip bin/protoc -d /usr/local/
-chmod +x /usr/local/bin/protoc
-unzip $DOWNLOADS/protoc.zip include/* -d /usr/local/
+export TARGET_FILE=protoc_${protoc_version}_linux_${ARCHITECTURE}.zip
+[ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} https://github.com/protocolbuffers/protobuf/releases/download/v${protoc_version}/protoc-${protoc_version}-linux-x86_64.zip
+$(dirname $0)/compare-chksum.sh
+mkdir -p /tmp/protoc-${protoc_version}
+unzip $DOWNLOADS/${TARGET_FILE} -d /tmp/protoc-${protoc_version}
+sudo install -m 0755 /tmp/protoc-${protoc_version}/bin/protoc /usr/local/bin/protoc
+sudo cp -a /tmp/protoc-${protoc_version}/include/* /usr/local/include
 protoc --version
--- a/hack/installers/install-swagger-linux.sh
+++ b/hack/installers/install-swagger-linux.sh
@ -3,7 +3,8 @@ set -eux -o pipefail

 . $(dirname $0)/../tool-versions.sh

-[ -e $DOWNLOADS/swagger ] || curl -sLf --retry 3 -o $DOWNLOADS/swagger https://github.com/go-swagger/go-swagger/releases/download/v${swagger_version}/swagger_linux_$ARCHITECTURE
-cp $DOWNLOADS/swagger $BIN/swagger
-chmod +x $BIN/swagger
+export TARGET_FILE=swagger_linux_${ARCHITECTURE}_${swagger_version}
+[ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} https://github.com/go-swagger/go-swagger/releases/download/v${swagger_version}/swagger_linux_$ARCHITECTURE
+$(dirname $0)/compare-chksum.sh
+sudo install -m 0755 $DOWNLOADS/${TARGET_FILE} $BIN/swagger
 swagger version
--- a/hack/tool-versions.sh
+++ b/hack/tool-versions.sh
@ -1,6 +1,13 @@
 #!/bin/sh
-# The checksum of this file is used as cache key in our integration toolchain
-# 
+###############################################################################
+# This file defines the versions of the tools that are installed in the CI
+# toolchain and the Docker image.
+#
+# Updating a tool's version here is not enough, you will need to create a
+# checksum file in ./hack/installers/checksums matching the name of the
+# downloaded binary with a ".sha256" suffix appended, containing the proper
+# SHA256 sum of the binary.
+###############################################################################
 helm2_version=2.17.0
 helm3_version=3.5.1
 jq_version=1.6
				`@ -0,0 +1 @@`
				`2d9124f582a33b269f48215a00922b3dcf7a03f265499886ba956fbc03ff9892 helm-v2.16.0-linux-amd64.tar.gz`
				`@ -0,0 +1 @@`
				`f3bec3c7c55f6a9eb9e6586b8c503f370af92fe987fcbf741f37707606d70296 helm-v2.17.0-linux-amd64.tar.gz`
				`@ -0,0 +1 @@`
				`cad8f2f55a87cfd4d79312625c6af62c1e22eb1dab750f00aa1d394c601a2e6b helm-v3.5.1-linux-amd64.tar.gz`
				`@ -0,0 +1 @@`
				`af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44 jq-1.6-linux-amd64`
				`@ -0,0 +1 @@`
				`fe76e414e5cba3f093e34e1b433f79cd53915e3153b68cff5ba3273cafd8a2a0 ks_0.13.1_linux_amd64.tar.gz`
				`@ -0,0 +1 @@`
				`01283cbc2b09555cbf2a71c162097552a62a4fd48a0a4c06e34e9b853b815486 kubectl_amd64_1.17.8`
				`@ -0,0 +1 @@`
				`4e501055d37829d3b3834c5883017a785e56bf9b8b8712040a504a7ead04472d kubectx-0.6.3.zip`
				`@ -0,0 +1 @@`
				`439c6bda9086399477e4f847b16b9b45ee695391b4f5d6e4107374ad149050b0 kustomize_3.9.4_linux_amd64.tar.gz`
				`@ -0,0 +1 @@`
				`212cf9f6f390c1023f9f5c35ad9fb0ca629bba9484ee2034b97803e09925bf55 packr_linux_amd64_1.21.9.tar.gz`
				`@ -0,0 +1 @@`
				`24ea6924faaf94d4a0c5850fdb278290a326eff9a68f36ee5809654faccd0e10 protoc_3.7.1_linux_amd64.zip`