script/setup: use git clone instead of go get -d

`go get -d` uses go modules by default in Go 1.16 and up, which results
in modules being fetched for the "latest" module version, after which we
tried to "git checkout" to `<VERSION>`.

For runc, this means that (possibly incorrectly), `go get` will download
runc `v0.1.1` (most recent non-"pre-release", which caused failures (e.g
the old `Sirupsen/logrus` being downloaded).

In addition, some of the dependencies we're installing use vendoring, and
thus would not require the modules to be downloaded (and vendored files
will be ignored when using `go get` with modules).

This patch switches several uses `go get -d` to use a regular
git clone, after which the desired version is checked out,
and the binaries are built.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Phil Estes <estesp@amazon.com>

script/setup/install-runc

@@ -23,21 +23,23 @@ set -eu -o pipefail
 function install_runc() {
 	RUNC_COMMIT=$(grep opencontainers/runc "$GOPATH"/src/github.com/containerd/containerd/go.mod | awk '{print $2}')
 
-	cd "$GOPATH"
-	go get -d github.com/opencontainers/runc
-	cd "$GOPATH"/src/github.com/opencontainers/runc
-	git checkout $RUNC_COMMIT
+	TMPROOT=$(mktemp -d)
+	git clone https://github.com/opencontainers/runc.git "${TMPROOT}"/runc
+	pushd "${TMPROOT}"/runc
+	git checkout "${RUNC_COMMIT}"
 	make BUILDTAGS='apparmor seccomp selinux' runc
 	make install
+	popd
+	rm -fR "${TMPROOT}"
 }
 
 function install_crun() {
 	CRUN_VERSION=0.17
-	curl -o /usr/local/sbin/runc -L https://github.com/containers/crun/releases/download/${CRUN_VERSION}/crun-${CRUN_VERSION}-linux-$(go env GOARCH)
+	curl -o /usr/local/sbin/runc -L https://github.com/containers/crun/releases/download/"${CRUN_VERSION}"/crun-"${CRUN_VERSION}"-linux-"$(go env GOARCH)"
 	chmod +x /usr/local/sbin/runc
 }
 
-: ${RUNC_FLAVOR:=runc}
+: "${RUNC_FLAVOR:=runc}"
 case ${RUNC_FLAVOR} in
 runc) install_runc ;;
 crun) install_crun ;;