Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate checkshum for downloaded files excluding git files #9

Merged
merged 5 commits into from
Nov 13, 2023
Merged

Validate checkshum for downloaded files excluding git files #9

merged 5 commits into from
Nov 13, 2023

Conversation

arejula27
Copy link
Contributor

Modified the Source struct by adding a new field named Checksum of type string. This field will be validated using the sha256sum algorithm, provided it exists in the Source struct. If the checksum does not match, the DownloadTarSource function will now return an error.

@arejula27
feat: [Vanilla-OS#2] Add checksum for downloaded archives
0634985 
Add checksum validation for downloaded archives. New field added to the
`Source` struct. The checksum is calculated using the `sha256` algorithm and compared.
@axtloss
Copy link
Member

axtloss commented Nov 9, 2023

I know that this is still a draft, but why isn't the go hash package being used? It would work more reliable than using the host sha256.

@arejula27
feat: [Vanilla-OS#2] Add checksum for downloaded archives
d894859 
Modified the resolver to calculate the checksum of the downloaded. Instead
of using the sha256sum command, the checksum is calculated in Go using the
crypto/sha256 package.
@arejula27
Copy link
Contributor Author

Agree, I didn't know about the package but have used the command several times 😅. Shall I create a test for the function? In that case, do any recommendations for the URL I should use in the test?

@axtloss
Copy link
Member

axtloss commented Nov 9, 2023

There is no reason to use the command line tool if the library works, it provides better portability and reduces the chance for issues to occur

@arejula27
Copy link
Contributor Author

Yes, totally. Changes have been made, now it uses the standard library

@axtloss
Copy link
Member

axtloss commented Nov 9, 2023

oh I did not see the commit adding that, sorry about that
as for the test, I suppose using the url to this repository would work

@arejula27
Copy link
Contributor Author

The url: https://github.com/Vanilla-OS/Vib/archive/refs/tags/v0.3.1.tar.gz is ok?

@arejula27
feat: [Vanilla-OS#2] Add checksum for downloaded archives
16f38a2 
Add checksum validation for tar source downloads
@arejula27
Copy link
Contributor Author

I need to verify the checksum after closing the file because when I attempted to do so within the same function, the obtained checksum was incorrect

@arejula27 arejula27 marked this pull request as ready for review November 10, 2023 21:08
axtloss
axtloss reviewed Nov 10, 2023
View reviewed changes
core/resolver.go Outdated Show resolved Hide resolved
core/resolver.go Outdated Show resolved Hide resolved
core/resolver.go Outdated Show resolved Hide resolved
@arejula27 arejula27 requested a review from axtloss November 10, 2023 22:24
@axtloss
Copy link
Member

axtloss commented Nov 10, 2023

Seems like I do not have permission to merge this pull request, cc @mirkobrombin for review and merge

@mirkobrombin mirkobrombin merged commit 46df2be into Vanilla-OS:main Nov 13, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@axtloss axtloss axtloss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arejula27 @axtloss @mirkobrombin