ticketmaster · ffortier · Oct 19, 2023 · Oct 19, 2023
diff --git a/opa/private/BUILD.bazel b/opa/private/BUILD.bazel
@@ -1 +0,0 @@
-exports_files(["opa_eval.sh.tpl"])

diff --git a/opa/private/opa_eval_binary.bzl b/opa/private/opa_eval_binary.bzl
@@ -72,10 +72,6 @@ opa_eval_binary = rule(
             allow_single_file = True,
             doc = "input",
         ),
-        "_template": attr.label(
-            default = Label("opa_eval.sh.tpl"),
-            allow_single_file = True,
-        ),
     },
     toolchains = ["//tools:toolchain_type"],
 )
diff --git a/opa/private/opa_rules_dependencies.bzl b/opa/private/opa_rules_dependencies.bzl
@@ -5,7 +5,6 @@ _OPA_SHA256 = {
     "0.54.0": {
         "opa_darwin_amd64": "a33e829306cd2210ed743da7f4f957588ea350a184bb6ecbb7cbfd77ae7ca401",
         "opa_darwin_arm64_static": "74500746e5faf0deb60863f1a3d1e3eed96006ff8183940f1c13f1a47969059d",
-        "opa_linux_amd64": "63c29426db9cf1a2584fcb65c08519cb52077d832933a02c31292555ff6dc3b3",
         "opa_linux_amd64_static": "633829141f8d6706ac24e0b84393d7730a975a17cc4a15790bf7fad959a28ec3",
         "opa_linux_arm64_static": "883e22c082508e2f95ba25333559ba8a5c38c9c5ef667314e132c9d8451450d8",
         "opa_windows_amd64": "25284b69e1dd7feaa17446e49b1085b61dca0b496dc868304153eb64b422c7eb",
@@ -17,7 +16,6 @@ _OPA_SHA256 = {
 _SUPPORTED_PLATFORMS = [
     "opa_darwin_amd64",
     "opa_darwin_arm64_static",
-    "opa_linux_amd64",
     "opa_linux_amd64_static",
     "opa_linux_arm64_static",
     "opa_windows_amd64",
@@ -40,7 +38,7 @@ def opa_rules_dependencies(
             url = "https://github.com/open-policy-agent/opa/releases/download/v%s/%s%s" % (version, bin, extname),
             sha256 = sha256,
             executable = 1,
-            downloaded_file_path = "opa",
+            downloaded_file_path = "opa%s" % extname,
         )
 
     maybe(

diff --git a/tools/opa_ctx.py b/tools/opa_ctx.py
@@ -85,6 +85,7 @@ def main():
     if args.output:
         file, alias = split_once_or_double(args.output, ":")
         copy_file(os.path.join(args.wd, alias), file)
+        os.chmod(file, 0o644)
 
 
 if __name__ == "__main__":

diff --git a/tools/opa_signer.py b/tools/opa_signer.py
@@ -1,11 +1,12 @@
 from argparse import ArgumentParser
 from tarfile import TarFile, TarInfo, open as taropen
-from subprocess import run, PIPE,STDOUT
+from subprocess import run, PIPE, STDOUT
 from dataclasses import dataclass
 from io import BytesIO
 import sys
 import os
 
+
 @dataclass
 class Args:
     bundle: str
@@ -14,8 +15,10 @@ class Args:
     signing_alg: str
     command: list[str]
 
+
 def parse_args() -> Args:
-    parser = ArgumentParser(prog="rules_opa::opa_signer", description="Tool to re-bundle an opa bundle with a signature file")
+    parser = ArgumentParser(prog="rules_opa::opa_signer",
+                            description="Tool to re-bundle an opa bundle with a signature file")
 
     parser.add_argument("-b", "--bundle", required=True)
     parser.add_argument("-o", "--output", required=True)
@@ -33,28 +36,34 @@ def parse_args() -> Args:
         ns.command,
     )
 
+
 def perform_signature(args: Args) -> str:
     expected_file = ".signatures.json"
-    completed_process = run(args.command + ['--signing-key', args.signing_key, "--signing-alg", args.signing_alg, "--bundle", args.bundle], stdout=PIPE, stderr=STDOUT)
+    completed_process = run(args.command + ['--signing-key', args.signing_key, "--signing-alg",
+                            args.signing_alg, "--bundle", args.bundle], stdout=PIPE, stderr=STDOUT)
     returncode = completed_process.returncode
-    
+
     if returncode != 0:
         command = " ".join(completed_process.args)
         stdout = completed_process.stdout.decode()
-        print(f"Command exited with non-zero return code {returncode}.\n{command}\n{stdout}", file=sys.stderr)
+        print(
+            f"Command exited with non-zero return code {returncode}.\n{command}\n{stdout}", file=sys.stderr)
         sys.exit(1)
-    
+
     if not os.path.exists(expected_file):
         command = " ".join(completed_process.args)
-        print(f"File {expected_file} not found after running command:\n{command}", file=sys.stderr)
+        print(
+            f"File {expected_file} not found after running command:\n{command}", file=sys.stderr)
         sys.exit(1)
 
     return expected_file
 
+
 def transfer_files(output: TarFile, bundle: TarFile):
     for member in bundle.getmembers():
         output.addfile(member, bundle.extractfile(member))
 
+
 def addfile(output: TarFile, file_name: str):
     with open(file_name, mode="rb") as f:
         data = f.read()
@@ -74,6 +83,8 @@ def main():
             addfile(output, signature_file)
             transfer_files(output, bundle)
 
+    os.chmod(args.output, 0o644)
+
+
 if __name__ == "__main__":
     main()
-