Skip to content
This repository has been archived by the owner on Jul 30, 2020. It is now read-only.

Implement collection artifact checksum validation #201

Closed
alikins opened this issue Mar 18, 2019 · 3 comments
Closed

Implement collection artifact checksum validation #201

alikins opened this issue Mar 18, 2019 · 3 comments
Labels
status/new Triage required type/enhancement type/proposal

Comments

@alikins
Copy link
Contributor

alikins commented Mar 18, 2019
edited
Loading

Feature Request

Use Case

Currently, there is no way to verify a downloaded ansible collection artifact is the artifact that was intended, or to verify it hasn't been corrupted or manipulated. There is a detached sha256sum of the artifact calculated and included on 'mazer publish', so that should be exposed in Galaxy API and used by mazer.
@alikins
Copy link
Contributor Author

alikins commented Jun 3, 2019

Partially implemented by #277
#277 implements checking the sha256 of the downloaded artifact against an expected sha256
that was provided by the galaxy REST API.

@alikins alikins mentioned this issue Jun 3, 2019
Open
@alikins alikins changed the title Implement collection artifact signing and validation Implement collection artifact checksum validation Jun 3, 2019
@alikins
Copy link
Contributor Author

alikins commented Jun 3, 2019

Split the checksum and signature aspects of this feature request into this issue and #278

@alikins
Copy link
Contributor Author

alikins commented Jun 3, 2019

This is fixed by #277. Closing.

@alikins alikins closed this as completed Jun 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
status/new Triage required type/enhancement type/proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alikins