*: don't build with Go versions with known security vulnerabilities

a391ba05 · Eric Chiang · 4a830ddc · a391ba05
Commit a391ba05 authored Mar 09, 2016 by Eric Chiang
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 3 deletions

env env +15 -3

No files found.
--- a/env
+++ b/env
-GOVERSION=$( go version | grep -o 'go1\.[0-9]')
+MAJOR_GOVERSION=$( go version | grep -o 'go1\.[0-9]')
+FULL_GOVERSION=$( go version| grep -o 'go1\.[0-9|\.]*' )

+# The list of unsupported major go versions.
 UNSUPPORTED=( "go1.0" "go1.1" "go1.2" "go1.3" "go1.4" )

+# Minor go verisons which have known security vulnerabilities. Refuse to build with these.
+KNOWN_INSECURE=( "go1.5" "go1.5.1" "go1.5.2" )
+
 for V in "${UNSUPPORTED[@]}"; do
-    if [ "$V" = "$GOVERSION" ]; then
-        echo "dex requires go version 1.5+. Please update your go version."
+    if [ "$V" = "$MAJOR_GOVERSION" ]; then
+        echo "dex requires Go version 1.5.3+. Please update your Go version."
+        exit 2
+    fi
+done
+
+for V in "${KNOWN_INSECURE[@]}"; do
+    if [ "$V" = "$FULL_GOVERSION" ]; then
+        echo "Go version ${V} has known security vulnerabilities which impact dex. Plesae update your Go verison."
        exit 2
    fi
 done