*: don't build with Go versions with known security vulnerabilities

2016-03-09 14:01:18 -08:00 · 2016-03-09 14:01:18 -08:00 · a391ba0584
commit a391ba0584
parent 4a830ddcc3
1 changed files with 15 additions and 3 deletions
--- a/18
+++ b/18
@ -1,10 +1,22 @@
-GOVERSION=$( go version | grep -o 'go1\.[0-9]')
+MAJOR_GOVERSION=$( go version | grep -o 'go1\.[0-9]')
+FULL_GOVERSION=$( go version| grep -o 'go1\.[0-9|\.]*' )

+# The list of unsupported major go versions.
 UNSUPPORTED=( "go1.0" "go1.1" "go1.2" "go1.3" "go1.4" )

+# Minor go verisons which have known security vulnerabilities. Refuse to build with these.
+KNOWN_INSECURE=( "go1.5" "go1.5.1" "go1.5.2" )
+
 for V in "${UNSUPPORTED[@]}"; do
-    if [ "$V" = "$GOVERSION" ]; then
-        echo "dex requires go version 1.5+. Please update your go version."
+    if [ "$V" = "$MAJOR_GOVERSION" ]; then
+        echo "dex requires Go version 1.5.3+. Please update your Go version."
+        exit 2
+    fi
+done
+
+for V in "${KNOWN_INSECURE[@]}"; do
+    if [ "$V" = "$FULL_GOVERSION" ]; then
+        echo "Go version ${V} has known security vulnerabilities which impact dex. Plesae update your Go verison."
        exit 2
    fi
 done