fix(packaging): update fpm version from 1.15.1 to 1.17.0

Leiyks · Leiyks · commit 13fc8f5d4076 · 2026-01-13T11:37:19.000+01:00
Signed-off-by: Alexandre Rulleau &lt;alexandre.rulleau@datadoghq.com&gt;
diff --git a/dockerfiles/packaging/fpm_packaging/Dockerfile b/dockerfiles/packaging/fpm_packaging/Dockerfile
@@ -14,8 +14,12 @@ RUN (cd tar-1.35 && FORCE_UNSAFE_CONFIGURE=1 ./configure --prefix=/usr && make i
 
 FROM base as final
 ADD fpm_apk_pax_header.patch /tmp
-RUN sudo gem install fpm -v 1.15.1
-RUN (cd /usr/local/lib/ruby/gems/3.3.0/gems/fpm-1.15.1; patch -p 1 < /tmp/fpm_apk_pax_header.patch ) && rm -f /tmp/fpm_apk_pax_header.patch
+ADD fpm_apk_alpine323.patch /tmp
+RUN sudo gem install fpm -v 1.17.0
+RUN (cd /usr/local/lib/ruby/gems/3.3.0/gems/fpm-1.17.0 && \
+     patch -p1 < /tmp/fpm_apk_pax_header.patch && \
+     patch -p0 < /tmp/fpm_apk_alpine323.patch) && \
+    rm -f /tmp/fpm_apk_pax_header.patch /tmp/fpm_apk_alpine323.patch
 
 COPY --from=compile-tar /usr/bin/tar /usr/bin/tar
 
diff --git a/dockerfiles/packaging/fpm_packaging/fpm_apk_alpine323.patch b/dockerfiles/packaging/fpm_packaging/fpm_apk_alpine323.patch
@@ -0,0 +1,75 @@
+--- lib/fpm/package/apk.rb.original	2026-01-05 14:10:00.000000000 +0000
++++ lib/fpm/package/apk.rb	2026-01-05 14:10:00.000000000 +0000
+@@ -91,6 +91,19 @@
+     # data tar.
+     tar_path(staging_path(""), datatar_path)
+
++    # Add PAX headers with file checksums
++    hash_datatar(datatar_path)
++
++    # Calculate datahash (SHA256 of gzipped data.tar) - required for Alpine 3.23+
++    require "zlib"
++    temp_gz = datatar_path + ".gz~"
++    Zlib::GzipWriter.open(temp_gz) do |gz|
++      gz.mtime = 0  # Reproducible gzip
++      open(datatar_path, "rb") { |f| gz.write(f.read(4096)) until f.eof? }
++    end
++    @datahash = calculate_file_sha256(temp_gz)
++    File.unlink(temp_gz)
++
+     # control tar.
+     begin
+       write_pkginfo(control_path)
+@@ -107,7 +120,7 @@
+       cut_tar_record(controltar_path)
+
+       # calculate/rewrite sha1 hashes for data tar
+-      hash_datatar(datatar_path)
++      # hash_datatar(datatar_path)  # Already done before datahash calculation
+
+       # concatenate the two into the final apk
+       concat_zip_tars(controltar_path, datatar_path, output_path)
+@@ -117,8 +130,16 @@
+     logger.warn("It's recommended that your package be installed with '--allow-untrusted'")
+   end
+
++
++  def calculate_file_sha256(file_path)
++    digest = Digest::SHA256.new
++    File.open(file_path, 'rb') { |f| digest.update(f.read) }
++    digest.hexdigest
++  end
++
+   def write_pkginfo(base_path)
+
++
+     pkginfo = ""
+
+     pkginfo << "# Generated by fpm\n"
+@@ -129,6 +150,10 @@
+     pkginfo << "url = #{url()}\n"
+     pkginfo << "size = 102400\n" # totally magic, not sure what it's used for.
+
++
++    if @datahash
++      pkginfo << "datahash = #{@datahash}\n"
++    end
+     # write depends lines
+     for dependency in dependencies()
+       pkginfo << "depend = #{dependency}\n"
+@@ -300,6 +325,7 @@
+
+     # zip each path separately
+     Zlib::GzipWriter.open(temp_apath) do |target_writer|
++      target_writer.mtime = 0  # Reproducible gzip
+       open(apath, "rb") do |file|
+         until(file.eof?())
+           target_writer.write(file.read(4096))
+@@ -308,6 +334,7 @@
+     end
+
+     Zlib::GzipWriter.open(temp_bpath) do |target_writer|
++      target_writer.mtime = 0  # Reproducible gzip
+       open(bpath, "rb") do |file|
+         until(file.eof?())
+           target_writer.write(file.read(4096))
