envoy: add full version (#2287)

* envoy: add full version * remove unused import * get envoy for lint
2025-08-04 01:09:36 +02:00 · 2021-06-14 13:58:12 -06:00 · 2021-06-14 13:58:12 -06:00 · 31fa214983
commit 31fa214983
parent 5dd68f5ff0
15 changed files with 103 additions and 48 deletions
--- a/internal/envoy/embed.go
+++ b/internal/envoy/embed.go
@ -13,8 +13,10 @@ import (
 	"github.com/pomerium/pomerium/internal/log"
 )

-const embeddedEnvoyPermissions fs.FileMode = 0o700
-const embeddedDirectoryPermissions fs.FileMode = 0o755
+const (
+	embeddedEnvoyPermissions     fs.FileMode = 0o700
+	embeddedDirectoryPermissions fs.FileMode = 0o755
+)

 var embeddedFilesBaseDirectory = filepath.Join(os.TempDir(), "pomerium-embedded-files")

--- a/internal/envoy/envoy.go
+++ b/internal/envoy/envoy.go
@ -30,6 +30,8 @@ import (
 	"github.com/shirou/gopsutil/v3/process"
 	"google.golang.org/protobuf/encoding/protojson"

+	"github.com/pomerium/pomerium/internal/envoy/files"
+
 	"github.com/pomerium/pomerium/config"
 	"github.com/pomerium/pomerium/config/envoyconfig"
 	"github.com/pomerium/pomerium/internal/log"
@ -40,9 +42,6 @@ const (
 	configFileName       = "envoy-config.yaml"
 )

-// Checksum is the embedded envoy binary checksum. This value is populated by `make build`.
-var Checksum string
-
 type serverOptions struct {
 	services string
 	logLevel string
@ -83,7 +82,7 @@ func NewServer(ctx context.Context, src config.Source, grpcPort, httpPort string
 	}

 	// Checksum is written at build time, if it's not empty we verify the binary
-	if Checksum != "" {
+	if files.Checksum() != "" {
 		bs, err := ioutil.ReadFile(fullEnvoyPath)
 		if err != nil {
 			return nil, fmt.Errorf("error reading envoy binary for checksum verification: %w", err)
@ -91,8 +90,8 @@ func NewServer(ctx context.Context, src config.Source, grpcPort, httpPort string
 		h := sha256.New()
 		h.Write(bs)
 		s := hex.EncodeToString(h.Sum(nil))
-		if Checksum != s {
-			return nil, fmt.Errorf("invalid envoy binary, expected %s but got %s", Checksum, s)
+		if files.Checksum() != s {
+			return nil, fmt.Errorf("invalid envoy binary, expected %s but got %s", files.Checksum(), s)
 		}
 	} else {
 		log.Info(ctx).Msg("no checksum defined, envoy binary will not be verified!")
@ -114,7 +113,7 @@ func NewServer(ctx context.Context, src config.Source, grpcPort, httpPort string

 	log.Info(ctx).
 		Str("path", envoyPath).
-		Str("checksum", Checksum).
+		Str("checksum", files.Checksum()).
 		Msg("running envoy")

 	return srv, nil
--- a/internal/envoy/files/files.go
+++ b/internal/envoy/files/files.go
@ -0,0 +1,28 @@
+// Package files contains files for use with envoy.
+package files
+
+import (
+	_ "embed" // for embedded files
+	"strings"
+)
+
+//go:embed envoy.sha256
+var rawChecksum string
+
+//go:embed envoy.version
+var rawVersion string
+
+// Checksum returns the checksum for the embedded envoy binary.
+func Checksum() string {
+	return strings.Fields(rawChecksum)[0]
+}
+
+// FullVersion returns the full version string for envoy.
+func FullVersion() string {
+	return Version() + "+" + Checksum()
+}
+
+// Version returns the envoy version.
+func Version() string {
+	return strings.TrimSpace(rawVersion)
+}