Skip to content

verify checksums against sha256sum files when available #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gfelbing wants to merge 2 commits into
base: master
Choose a base branch
from
Open

verify checksums against sha256sum files when available #80

gfelbing wants to merge 2 commits into from

Conversation

@gfelbing
Copy link

@gfelbing gfelbing commented Sep 12, 2023

Many projects offer a single asset in form of a sha256sum file, e.g. k9s. This PR checks the asset list for such files and verifies a checksum against it.

@zyedidia
Copy link
Owner

zyedidia commented Oct 21, 2023

How is this different than the existing functionality that verifies checksums?

@gfelbing
Copy link
Author

gfelbing commented Oct 21, 2023
edited
Loading

The current functionality only uses single-file checksums, e.g. when there is a binaryname.sha256 next to binaryname.
Many projects offer their checksums in a single sha256 file format, e.g. the checksums.txt in k9s.
This PR adds the functionality for checking against such files.

@hhromic
Copy link
Contributor

hhromic commented Oct 29, 2023

+1 for this feature.

GoReleaser is used by many Go projects nowadays and it generates single checksum files by default as well.
Their own releases page is an example.

@gfelbing
verify checksums against sha256sum files when available
6026805 
Many projects offer a single asset in form of a sha256sum file, e.g. [k9s](https://github.com/derailed/k9s/releases).
This PR checks the asset list for such files and verifies a checksum against it.
@gfelbing
use exact match in sha256fileverifier
ed06b85
@gfelbing gfelbing force-pushed the feature/sha256sum_files branch from 87d8589 to ed06b85 Compare February 27, 2024 21:01
@gfelbing
Copy link
Author

gfelbing commented Feb 27, 2024

@zyedidia I rebased the PR against your latest master and simplified the match for sha256files.
Is there anything you are missing from the PR?
If you need more examples for the usefulness of the feature: e.g. kubebuilder uses a single checksums file as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gfelbing @zyedidia @hhromic